conference logo

Playlist "27C3: We Come In Peace"

Zero-sized heap allocations vulnerability analysis

Julien Vanegue

The dynamic memory allocator is a fundamental component of modern operating systems, and one of the most important sources of security vulnerabilities. In this presentation, we emphasize on a particular weakness of the heap management that has proven to be the root cause of many escalation of privilege bugs in the windows kernel and other critical remote vulnerabilities in user-land applications.