Heap overflow

A is a type of [[]] that occurs in the heap data area. Heap overflows

An accidental overflow may result in data corruption or unexpected behavior by any process which uses the affected memory area. On operating systems without memory protection, this could be any process on the system.

A deliberate exploit may result in data at a specific location being altered in an arbitrary way, or in arbitrary code being executed.

The Microsoft JPEG GDI+ vulnerability MS04-028 is an example of the danger a heap overflow can represent to a computer user.

Jailbreak often uses Heap overflows to gain arbitrary code, usually for kernel exploits to achieve the ability to replace the kernel with the one jailbreak provides.

Since version 2.3.6 the GNU libc includes protections that can detect heap overflows after the fact, for example by checking pointer consistency when calling unlink. While those protections protect against old-style exploits, they are not perfect, as described in The Malloc Maleficarum, further described in Malloc Des-Maleficarum.

Microsoft Windows operating systems implement protections against heap overflows since Windows XP SP2 such as safe unlinking and cookies. It also can mitigate these threats through the use of Data Execution Prevention (DEP) and ASLR.

• http://doc.bughunter.net/buffer-overflow/heap-corruption.html
• Heap Overflow article at Heise Security
• Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass

• Buffer overflow
• Stack overflow
• Stack buffer overflow
• Exploit
• Shellcode