CISSP · Question #1381
Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?
The correct answer is D. Heap overflow. ASLR is a memory-protection technique that randomizes the base addresses of loaded executables, libraries, heap, and stack in memory, making it harder for attackers to reliably exploit memory-corruption vulnerabilities like heap overflows.
Question
Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?
Options
- ASQL injection (SQLi)
- BMan-in-the-middle (MITM)
- CCross-Site Scripting (XSS)
- DHeap overflow
How the community answered
(25 responses)- B4% (1)
- C8% (2)
- D88% (22)
Why each option
ASLR is a memory-protection technique that randomizes the base addresses of loaded executables, libraries, heap, and stack in memory, making it harder for attackers to reliably exploit memory-corruption vulnerabilities like heap overflows.
SQL injection is an input-validation attack targeting database query logic, which operates at the application/database layer and is completely unrelated to process memory address layout.
Man-in-the-middle attacks involve intercepting network communications between two parties, a network-layer threat that ASLR's memory-randomization mechanism has no bearing on.
Cross-Site Scripting is a web application vulnerability involving injection of malicious scripts into web pages viewed by other users, which is a client-side code injection issue unaffected by memory address randomization.
Heap overflow attacks rely on the attacker knowing or predicting the memory addresses of target data structures or executable code so they can redirect execution flow. ASLR randomizes the memory layout each time a process runs, meaning the attacker cannot reliably predict heap addresses, effectively mitigating exploitation of heap overflow vulnerabilities by invalidating hardcoded or guessed address payloads.
Concept tested: ASLR memory protection against memory corruption exploits
Source: https://learn.microsoft.com/en-us/windows/win32/memory/address-space-layout-randomization
Topics
Community Discussion
No community discussion yet for this question.