Exploiting a heap buffer overflow in linux
Thilan Dissanayaka Exploit development Apr 12, 2026

Exploiting a heap buffer overflow in linux

In the previous article, we dissected glibc's malloc — chunks, bins, tcache, coalescing, and the metadata that holds it all together. Now we break it.

Heap exploitation is fundamentally different from stack exploitation. On the stack, the goal is clear: overwrite the return address, control EIP. On the heap, there's no return address to overwrite. Instead, we corrupt the allocator's metadata to trick malloc() into returning a pointer to memory we want to control — a function pointer, a GOT entry, a vtable, or any other target.

ALSO READ
OWASP Top 10 explained - 2021
Feb 11 Application Security
OWASP Top 10 explained - 2021

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation focused on improving the security of software. It provides free, vendor neutral tools, resources, and standards that...

Understanding the Heap Internals
Apr 12 Exploit development
Understanding the Heap Internals

So far in this series, we've exploited the **stack** buffer overflows, ROP chains, format strings. The stack is predictable: local variables go in, function returns pop them out, everything follows a...

Exploiting a Stack Buffer Overflow on Windows
Apr 12 Exploit development
Exploiting a Stack Buffer Overflow on Windows

In a previous tutorial we discusses how we can exploit a buffer overflow vulnerability on a Linux machine. I wen through all theories in depth and explained each step. Now today we are going to jump...

Bypassing DEP with Return-to-libc
Apr 05 Exploit development
Bypassing DEP with Return-to-libc

DEP makes the stack non-executable — our shellcode can't run. The simplest bypass? Don't inject code at all. Instead, call functions that already exist in libc. In this post, we exploit a stack overflow to call system('/bin/sh') without writing a single byte of shellcode.

Exploiting a Stack Buffer Overflow on Linux
Apr 01 Exploit development
Exploiting a Stack Buffer Overflow on Linux

Have you ever wondered how attackers gain control over remote servers? How do they just run some exploit and compromise a computer? If we dive into the actual context, there is no magic happening....

Access Control Models
Apr 08 Identity & Access Management
Access Control Models

Access control is one of the most fundamental concepts in security. Every time you set file permissions, assign user roles, or restrict access to a resource, you're implementing some form of access control. But not all access control is created equal...

AUTHOR
Thilan Dissanayaka

Thilan Dissanayaka

Security Engineer at WSO2. Passionate about clean code and cybersecurity. Building secure, scalable applications with modern technologies.

CATEGORIES