tags:allocatorlinuxlearning_resource original link: Pumping Iron on the Musl Heap: Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap newsletter link: exploits.club Weekly Newsletter 25
Exploits Club Summary:
A new post of NCC Group this week, walking through the exploitation of CVE-2022-24834, a heap overflow affecting the Lua cjson module in Redis Servers. The team decided to target Alpine 13.8, which uses musl libc, rendering exploits targeting Ubuntu and other, similar distros based on GNU libc useless. The post dives into muslâs allocator (mallocng) before walking through the exploit. The blog is highly in-depth and leaves no stone unturned, so read it.