http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Bug_Classes%2FHeap_overflow 2026-05-07T12:04:21Z Revision history for this page on the wiki MediaWiki 1.36.1 http://kernsec.org/wiki/index.php?title=Bug_Classes/Heap_overflow&diff=3729&oldid=prev 2015-11-04T22:11:53Z

<p>Created page with &quot;= Details = Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata...&quot;</p> <p><b>New page</b></p><div>= Details =<br /> Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.<br /> <br /> = Examples =<br /> <br /> * [http://blog.includesecurity.com/2014/06/exploit-walkthrough-cve-2014-0196-pty-kernel-race-condition.html pty race condition]<br /> <br /> = Mitigations =<br /> <br /> * runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)<br /> * guard pages<br /> * metadata validation (e.g. glibc's heap protections)</div>

KeesCook