You are viewing a single comment's thread from:

RE: LeoThread 2024-11-16 03:13

in LeoFinance7 hours ago

Part 2/4:

The vulnerability lies in a heap buffer overwrite, where a destination buffer called "buff" is allocated using the "Malo" function, and a source buffer called "p" is derived from the "H+1" value, where "H" is the header. The issue arises when the value of "P[1]" is not checked against the length value, allowing an attacker to copy an arbitrary length of data from the network into the heap.

This seemingly simple bug has far-reaching consequences. By controlling the allocation of the "Malo" function and the data that is copied into the heap, the attackers can influence the bin in the heap allocator, allowing them to trigger a copy from a larger "mbff" to a smaller "buff," resulting in an overwrite of adjacent allocations.

[...]

7 hours ago in LeoFinance by
$0.00
  • Payout Declined
Reply 0
Sort:  
  • Trending