Exploiting a heap buffer overflow in linux
Thilan Dissanayaka Exploit development Apr 12, 2026

Exploiting a heap buffer overflow in linux

In the previous article, we dissected glibc's malloc — chunks, bins, tcache, coalescing, and the metadata that holds it all together. Now we break it.

Heap exploitation is fundamentally different from stack exploitation. On the stack, the goal is clear: overwrite the return address, control EIP. On the heap, there's no return address to overwrite. Instead, we corrupt the allocator's metadata to trick malloc() into returning a pointer to memory we want to control — a function pointer, a GOT entry, a vtable, or any other target.

ALSO READ
Out of Band SQL Injection
Feb 14 Application Security
Out of Band SQL Injection

Out of Band SQL Injection (OOB SQLi) is an advanced SQL injection technique where the attacker cannot retrieve data directly through the same communication channel used to send the injection payload....

Access Control Models
Apr 08 Identity & Access Management
Access Control Models

Access control is one of the most fundamental concepts in security. Every time you set file permissions, assign user roles, or restrict access to a resource, you're implementing some form of access control. But not all access control is created equal...

Exploiting a Stack Buffer Overflow on Windows
Apr 12 Exploit development
Exploiting a Stack Buffer Overflow on Windows

In a previous tutorial we discusses how we can exploit a buffer overflow vulnerability on a Linux machine. I wen through all theories in depth and explained each step. Now today we are going to jump...

Basic concepts of Cryptography
Mar 01 Cryptography
Basic concepts of Cryptography

Ever notice that little padlock icon in your browser's address bar? That's cryptography working silently in the background, protecting everything you do online. Whether you're sending an email,...

Exploiting a Stack Buffer Overflow on Linux
Apr 01 Exploit development
Exploiting a Stack Buffer Overflow on Linux

Have you ever wondered how attackers gain control over remote servers? How do they just run some exploit and compromise a computer? If we dive into the actual context, there is no magic happening....

Identity and Access Management (IAM)
May 11 Identity & Access Management
Identity and Access Management (IAM)

Who are you — and what are you allowed to do? That's the fundamental question every secure system must answer. And it's exactly what Identity and Access Management (IAM) is built to solve.

AUTHOR
Thilan Dissanayaka

Thilan Dissanayaka

Security Engineer at WSO2. Passionate about clean code and cybersecurity. Building secure, scalable applications with modern technologies.

CATEGORIES