Vulnerabilities
Heap Overflow
Also known as: Heap buffer overflow
Definition
A buffer overflow that occurs in dynamically allocated memory, often corrupting allocator metadata, function pointers, or object virtual tables.
Examples
- CVE-2018-4407 — XNU kernel TCP heap overflow.
- Numerous Chrome JavaScript engine heap overflows exploited at Pwn2Own.
Related terms
Buffer Overflow
A memory-safety flaw where a program writes past the end of an allocated buffer, corrupting adjacent memory and often enabling code execution.
Stack Overflow Vulnerability
A buffer overflow that occurs on the program stack, typically overwriting the saved return address or local function pointers to redirect execution.
Memory Corruption
An umbrella term for vulnerabilities where a program writes outside the bounds of intended memory, undermining type-safety, control flow, or data integrity.
Use-After-Free
A memory-safety bug where a program continues to use memory after it has been freed, often allowing attackers to control object state and hijack execution.
Double Free
A memory-safety bug where the same heap chunk is freed twice, corrupting allocator metadata and often enabling arbitrary code execution.
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.