Safeguard
Tag

memory-safety

Safeguard articles tagged "memory-safety" — guides, analysis, and best practices for software supply chain and application security.

39 articles

Vulnerability Analysis

Type confusion vulnerabilities explained

Type confusion bugs let attackers corrupt memory by exploiting mismatched type assumptions. See real CVEs, how JIT engines fail, and how to catch it early.

Dec 11, 20256 min read
Application Security

Out-of-Bounds Read Vulnerabilities (CWE-125) Explained

How out-of-bounds read vulnerabilities (CWE-125) leak memory instead of crashing programs, why Heartbleed and Cloudbleed happened, and how to catch them in your dependencies.

Nov 12, 20257 min read
Application Security

Out-of-Bounds Write Vulnerabilities (CWE-787) Explained

CWE-787 out-of-bounds write bugs let attackers corrupt memory past a buffer's limit, causing crashes or code execution. Here's how they work.

Nov 12, 20258 min read
Application Security

Improper Restriction of Operations Within Memory Bounds

CWE-119 has topped MITRE's vulnerability rankings for years, from Heartbleed to WannaCry to the 2023 libwebp zero-day. Here's why it persists and how to catch it early.

Nov 11, 20257 min read
Open Source Security

Unsafe Rust code vulnerability patterns

RustSec advisories tied to unsafe code keep climbing. Here's how unsound FFI, transmute misuse, and unchecked indexing become real exploits.

Nov 11, 20257 min read
Application Security

Double-Free Vulnerabilities in C and C++

Double-free bugs let attackers corrupt heap memory and hijack control flow. Here's how they happen in C/C++, real CVEs, and how to catch them early.

Nov 11, 20258 min read
Open Source Security

Rust Memory Safety: A CVE Trend Analysis

Analysis of CVE data across Rust crates and std releases, measuring how memory safety affects vulnerability shape, density, and unsafe-block concentration.

Jul 30, 20255 min read
AppSec

Buffer Overflow Exploits: A Practical Example

A buffer overflow exploit example, walked through step by step, showing exactly how writing past the end of a fixed-size buffer can turn a simple C function into arbitrary code execution.

May 27, 20257 min read
AppSec

Use-After-Free Vulnerabilities: How They're Exploited

A use-after-free exploit turns a dangling pointer into arbitrary code execution — here's how the bug class works, why it still dominates browser and kernel CVEs, and how to catch it before release.

Mar 18, 20256 min read
Language Security

Zig's Memory Safety Model: A Security Analysis for Systems Programmers

Zig offers memory safety features that C lacks but does not go as far as Rust. For security-critical code, understanding where Zig sits on the safety spectrum matters.

Aug 22, 20246 min read
Concepts

What is Fuzzing

Fuzzing feeds programs malformed input at machine speed to trigger crashes and expose memory-safety bugs. Here's how fuzz testing works and why it matters.

Apr 18, 20246 min read
Compliance & Frameworks

CISA's Memory-Safe Languages Roadmap: What It Means for Software Development

CISA publishes a roadmap urging the industry to transition to memory-safe programming languages, targeting the root cause of roughly 70% of critical vulnerabilities.

Feb 26, 20246 min read
memory-safety (Page 3) — Safeguard Blog