binary vulnerable
stack overflow
Overwrite return address
Override the SEH structure
Overrides virtual table pointer
Heap Spray
offset by one 部分覆盖
heap overflow
DWORD SHOOT
Use After Free
Double Free
Fast bin attack
House of Spirit
unsorted bin leak
Overwrite Topchunk
Classical&Modern Unlink Attack
General exploit techniques
heap fengshui
heap spray
Exploit mmap chunk
Use-After-Free (UAF)
未初始化
Denial Of Service (DOS)
Remote Denial Service
Location Denial Service
Remote Code Execute (RCE)
- CVE-2018-8453
Elevated privileges
Memory Decay
Format String
off-by-one
double shoot
dangling poniter
Race Condition
Out-of-Bound(OOB)
Double free
The integer overflow
- CVE-2017-7529
资源未释放漏洞
Array Access Violations
type obfuscation
- CVE-11826
Null pointer dereference
Sandbox escape
破坏堆内存管理的相关数据结构
arena、bin、chunk
破坏堆内存中的用户数据:
覆盖变量指针、函数指针、数据等
一般情况下都是为了构造任意内存读写以及控制流劫持
Heap Canary
CFI
Vtable protect
safe unlink
heap cookie
双重释放、释放重引用、数组访问越界、内核级、类型混淆、沙盒逃逸以及PRC等。整数溢出
版权声明:本文采用知识共享署名 - 非商业性使用4.0国际许可协议进行许可
dlmalloc和jemalloc 内存管理器
ptmalloc
解析堆空间分配
