Memory Corruption
What is Memory Corruption?
Memory CorruptionAn umbrella term for vulnerabilities where a program writes outside the bounds of intended memory, undermining type-safety, control flow, or data integrity.
Memory corruption groups together flaws such as buffer overflows, use-after-free, double frees, type confusions, integer overflows that produce bad sizes, and uninitialised memory reads. The common thread is that an attacker can force a program to read or write memory it should not, then leverage that primitive to leak data, corrupt critical state, or hijack execution. Memory-corruption vulnerabilities historically dominate browser, kernel, hypervisor, and document-parser exploitation. Mitigations span compile-time (CFI, stack canaries, FORTIFY_SOURCE), runtime (ASLR, DEP/NX, sandboxing, MTE), and language (Rust, Swift, managed runtimes) layers. Industry data shows that adopting memory-safe languages eliminates most new vulnerabilities of this class.
● Examples
- 01
Browser renderer compromises chained from heap overflow → ROP → sandbox escape.
- 02
Kernel privilege escalation through a use-after-free in a device driver.
● Frequently asked questions
What is Memory Corruption?
An umbrella term for vulnerabilities where a program writes outside the bounds of intended memory, undermining type-safety, control flow, or data integrity. It belongs to the Vulnerabilities category of cybersecurity.
What does Memory Corruption mean?
An umbrella term for vulnerabilities where a program writes outside the bounds of intended memory, undermining type-safety, control flow, or data integrity.
How do you defend against Memory Corruption?
Defences for Memory Corruption typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Memory Corruption?
Common alternative names include: Memory safety bug.