The vulnerabilities described in this book have one thing in common: They all lead to exploitable memory errors. Such memory errors occur when a process, a thread, or the kernel is
Using memory it does not own (e.g., NULL pointer dereferences, as described in Section A.2)
Using more memory than has been allocated (e.g., buffer overflows, as described in Section A.1)
Using uninitialized memory (e.g., uninitialized variables)[2]
Using faulty heap-memory management (e.g., double frees)[3]
Memory errors typically happen when powerful C/C++ features like explicit memory management or pointer arithmetic are used incorrectly.
A subcategory of memory errors, called memory corruption, happens when a process, a thread, or the kernel modifies a memory location that it doesn’t own or when the modification corrupts the state of the memory location.
If you’re not familiar with such memory errors, I suggest you have a look at Sections A.1, A.2, and A.3. These sections describe the basics of the programming errors and vulnerabilities discussed in this book.
In addition to exploitable memory errors, dozens of other vulnerability classes exist. These include logical errors and web-specific vulnerabilities like cross-site scripting, cross-site request forgery, and SQL injection, to name just a few. However, these other vulnerability classes are not the subject of this book. All the bugs discussed in this book were the result of exploitable memory errors.