This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Here is the writeup for CVE-2021-40647. | |
A specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort: | |
The user craft a file containing the string containing the bytes "\x27" * 1 ; '\x53'*2 ; '\x42'*19984' ; '\xff'*16. This will cause a segmentation abort because the user would have overwritten the size parameter of the top chunk but misaligned the value causing glibc to output "corrupted size vs. prev_size". Example of the top_chunk is below. | |
Top chunk | IS_MMAPED | |
Addr: 0x555555779680 | |
prev_size: 0x4242424242424242 <== User Data | |
size: 0xffffffffffffff42 <== User Data |