Nick Dunn, IOActive Senior Security Consulting, will be presenting at this year’s BSides Prishtina 2025, taking place April 12 – 13 in Prishtina, Kosova. Nick’s presentation, ‘Double Fetch Vulnerabilities in C and C++,’ will take place Sunday, April 13, at 10:25 AM GMT. You can find the abstract to Nick’s talk below and on the BSides Prishtina 2025 registration website.
ABSTRACT:
A discussion of double fetch vulnerabilities in C and C++, showing the ways in which they occur, how to detect them and how to mitigate against them. This talk will be of interest from a code review perspective and an SDLC perspective, as well as having some exploit development interest.
Double fetch vulnerabilities have been known for some time, but this work gathers the known information into a single place and adds some clarifying information. Unlike previous discussions this work discusses the issue across all platforms and categorizes the issue into two distinct types, with two distinct fixes.
The talk will show how the two types arise, their presence on Windows and Linux, and will discuss detection and mitigation.