Heap Overflow
What is Heap Overflow?
Heap OverflowA buffer overflow that occurs in dynamically allocated memory, often corrupting allocator metadata, function pointers, or object virtual tables.
A heap overflow writes past the end of a heap-allocated buffer, smashing adjacent chunks or allocator metadata managed by malloc/free, jemalloc, mimalloc, or other allocators. Because heap layouts are non-deterministic, exploitation typically involves heap-grooming or feng-shui to position useful targets next to the vulnerable buffer — function pointers, vtables, smart-pointer control blocks, or critical state. Modern allocators harden metadata, isolate chunks, and add guard pages, while ASLR, CFI, sandboxing, and memory-safe languages reduce impact. Heap overflows are central to browser, kernel, and document-parser exploitation, including many Pwn2Own winning entries.
● Examples
- 01
CVE-2018-4407 — XNU kernel TCP heap overflow.
- 02
Numerous Chrome JavaScript engine heap overflows exploited at Pwn2Own.
● Frequently asked questions
What is Heap Overflow?
A buffer overflow that occurs in dynamically allocated memory, often corrupting allocator metadata, function pointers, or object virtual tables. It belongs to the Vulnerabilities category of cybersecurity.
What does Heap Overflow mean?
A buffer overflow that occurs in dynamically allocated memory, often corrupting allocator metadata, function pointers, or object virtual tables.
How do you defend against Heap Overflow?
Defences for Heap Overflow typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Heap Overflow?
Common alternative names include: Heap buffer overflow.