if you think about it all exploitable memory corruption is a special class of type confusion. UaF -> type confusion with free chunk, overflow -> lets you write data of one kind into data of another, and double free -> uaf -> type confusion
-
-
Classifying in terms of memory safety flaws and memory safety violations is another way to think about it, e.g. a flaw gives rise to an initial violation which can then give rise to other violations. Some past taxonomy musings here starting on slide 8ish, https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2012_10_Breakpoint/BreakPoint2012_Miller_Modeling_the_exploitation_and_mitigation_of_memory_safety_vulnerabilities.pdf …
-
UAF can also be conceptualized as an instance of uninitialized use, where the first step in exploitation is transitioning to an initialized state before the use (whether by directly controlling memory content or not)
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.