A heap overflow is another name for a buffer overflow occurring in the heap data area. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data.

Heap overflows are sometimes used by crackers to exploit poorly written software. The technique is quite simple: if an application copies data without first checking to see it fits into the target destination, the cracker could supply the application with piece of data that is too large, overwriting variables near the destination. This allows an attacker to overwrite an arbitrary memory location with a small amount of data. In most environments, this may allow the attacker control over the program execution.

The Microsoft JPEG GDI+ vulnerability MS04-028 is a recent example of the danger a heap overflow can represent to a computer user.

See also

• shellcode
• Buffer overflow
• Exploit

Heap Overflow | Security exploits