Heap Exploitation: Use-After-Free and Heap Spraying
Understand glibc malloc internals, use-after-free conditions, and heap spray techniques.
The Heap
The heap is dynamic memory allocated at runtime via malloc()/free()/new/delete. Unlike the stack, heap layout is determined by allocation/deallocation patterns, not the call stack. Heap vulnerabilities are common in browsers, parsers, and network daemons.
Use-After-Free (UAF)
A Use-After-Free vulnerability occurs when a program continues to use a memory region after freeing it. If the freed region is reallocated with attacker-controlled data, the program now operates on attacker data using the stale pointer.
All lessons in this course
- Stack Buffer Overflows
- Return-Oriented Programming (ROP)
- Format String Vulnerabilities
- Heap Exploitation: Use-After-Free and Heap Spraying