Ranljivosti v programih zaradi dvojnega sproščanja pomnilnika

Marin Gazvoda de Reggi; Matevž Pesek

doi:10.31449/upinf.233

Authors

Marin Gazvoda de Reggi University of Ljubljana, Faculty of Computer and Information Science
Matevž Pesek University of Ljubljana, Faculty of Computer and Information Science https://orcid.org/0000-0001-9101-0471

DOI:

https://doi.org/10.31449/upinf.233

Keywords:

double free, attack, memory management, security vulnerabilities

Abstract

In computing, effective memory management is vital for software performance and security. Poor memory management can lead to significant vulnerabilities, which attackers may exploit to execute arbitrary code or access sensitive data. One prevalent issue in memory management is the double-free error. This article explores the mechanics of a double-free attack and outlines the prerequisites for a successful exploit. We provide a detailed example of a vulnerability in a program that simulates a basic database manager, illustrating how an attacker can leverage this vulnerability to obtain administrative privileges without needing the password.

Author Biographies

Marin Gazvoda de Reggi, University of Ljubljana, Faculty of Computer and Information Science

Marin Gazvoda de Reggi is a student at the Faculty of Computer and Information Science, University of Ljubljana. He is interested in the fields of software development, cybersecurity, and artificial intelligence. His research interests include the theory of programming languages and their security.

Matevž Pesek, University of Ljubljana, Faculty of Computer and Information Science

Matevž Pesek is an assistant professor and researcher at the Faculty of Computer and Information Science, University of Ljubljana, where he obtained his bachelor's degree (2012) and Ph.D. (2018). Since 2009, he has been a member of the Laboratory for Computer Graphics and Multimedia. Since 2024, he has been teaching the course on Software Security.