{"id":23447573,"url":"https://github.com/retr0kr0dy/malloc-bomb","last_synced_at":"2026-06-18T21:31:03.668Z","repository":{"id":228847348,"uuid":"775049646","full_name":"Retr0Kr0dy/malloc-bomb","owner":"Retr0Kr0dy","description":"Presenting the latest Linux bomb exploit: not a fork but a malloc-based threat. Delve into the intricacies of this novel vulnerability.","archived":false,"fork":false,"pushed_at":"2024-03-21T10:09:20.000Z","size":101,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-23T21:48:02.314Z","etag":null,"topics":["coding","cybersecurity","denial-of-service","dos","exploit","forkbomb","hacking","infosec","linux","malloc","pentesting","security","system-exploitation","vulnerability"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Retr0Kr0dy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-20T17:05:26.000Z","updated_at":"2025-05-15T17:37:52.000Z","dependencies_parsed_at":"2024-03-20T19:51:08.788Z","dependency_job_id":"a588a48c-e842-40ac-a09c-3b14acc2b82d","html_url":"https://github.com/Retr0Kr0dy/malloc-bomb","commit_stats":null,"previous_names":["retr0kr0dy/malloc-bomb"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Retr0Kr0dy/malloc-bomb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Retr0Kr0dy%2Fmalloc-bomb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Retr0Kr0dy%2Fmalloc-bomb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Retr0Kr0dy%2Fmalloc-bomb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Retr0Kr0dy%2Fmalloc-bomb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Retr0Kr0dy","download_url":"https://codeload.github.com/Retr0Kr0dy/malloc-bomb/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Retr0Kr0dy%2Fmalloc-bomb/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34508860,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-18T02:00:06.871Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coding","cybersecurity","denial-of-service","dos","exploit","forkbomb","hacking","infosec","linux","malloc","pentesting","security","system-exploitation","vulnerability"],"created_at":"2024-12-23T21:18:16.593Z","updated_at":"2026-06-18T21:31:03.643Z","avatar_url":"https://github.com/Retr0Kr0dy.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# malloc-bomb\n\n![](mehh.jpg)\n\n# Summary\n\n- [What is this?](#What-is-this?)\n- [Why?](#Why?)\n- [How?](#How?)\n- [Remediation](#Remediation)\n- [Usecases](#Usecases)\n\n# What-is-this?\n\nDo you remember `:(){ :|:\u0026 };:` forkbomb?  funny indeed but  not as much as what we could do.\n\nThis forkbomb defines a shell function that recursively calls itself creating an exponential number of child processes until system resources are exhausted.\n\nWhat if we used the following malloc bomb instead?\n\n```sh\nwhile true; do echo $(\u003c/dev/zero) \u0026 done\n```\n\nIf you check your cpu and memory usage (*memory usage, not allocation*) you should see that they are not much affected by the malloc bomb.\n\nHowever if you check your **load** you should see it rise to infinity, and beyond!\n\nBut what does it mean ?\n\nLinux load is calculated as the average number of processes in a runnable or uninterruptible state over a certain period of time.\n\nCreating an enormous malloc forces the kernel to allocate all available memory, thus, causing a stall in the creation of any new tasks. ([see How ? for more explanation](#How))\n\n# Why?\n\nCause it's way funnier like this.\n\n# How?\n\nThis malloc bomb looks simple, and it is.\n\nFirst the **while** loop.\n\n```sh\nwhile true; do ... \u0026 done\n```\n\nThis is a simple infinite loop, but, the `\u0026 done` means that the loop is not waiting for the function (content of `...`) to finish, instead, it simply ends the loop (with the function still running in a background process) and repeat while `true` is ...true.\n\nThen the interesting part.\n\n```sh\necho $(\u003c/dev/zero)\n```\n\nFirst, some syntax ;\n\n| Name or function | Description                                                                         | Example                 | Example result                                         |\n| ---------------- | ----------------------------------------------------------------------------------- | ----------------------- | ------------------------------------------------------ |\n| *echo*           | Display content on terminal.                                                        | `echo \"Hello world!!!\"` | `Hello world!!!`                                       |\n| *$(...)*         | Return the result of `...` command execution.                                       | `echo \"r=$(uname)\"`     | `r=Linux`                                              |\n| *\u003c  \\\u003cfile\\\u003e*    | Return content of file.                                                             | `echo \u003c a.txt`          | `AAA`                                                  |\n| */dev/zero*      | Kernel special device file that provides an endless stream of null bytes when read. | `cat /dev/zero`         | no output (only `\\00` so it's not printed in terminal) |\n\nNow that we are good with what each individual command does we can now try to understand the malloc bomb and why it's a malloc bomb.\n\nWhen the `\u003c...` try to read the `/dev/zero` content to return it to the `$(...)` statement it first needs to allocate memory before reading it.\n\nWhen the kernel tries to allocate memory it comes to a point where no more memory can be allocated, therefore, stalling any new process attempting to be created.\n\nIf you are a player you can still kill the process that initiate the bomb, it will also stop every child process thus ending the denial of service. \n\n\u003e [!NOTE]\nTechnical explanation could be either partially wrong or not fully accurate, if you want to rephrase and/or improve it, feel free to **PR**.\n\n# Remediation\n\nBlocking this bomb on your system is pretty easy and straight forward.\n\nSimply use `ulimit` command to block the maximum virtual memory allocated by a process and the maximum number of processes that a user can create.\n\n```sh\nulimit -v 1048576 # Limit virtual memory alloation for each process to 1GB\nulimit -u 10000 # Limit user created processes to 10,000\n```\n\nOr\n\nRemoving read permission on `/dev/zero` (not advisable). But, if something other than root needs `\\00` to be returned, it **WILL** cause issues. It should be funny to see.\n\n\u003e [!WARNING]\nThis is a really bad fix. Do this only if you are dumb.\n\n# Usecases\n\n#### Whenever you have access to linux shell\n\nJust slap the command in the prompt no permission needed, no weird bin needed, only linux shell syntax abuse.\n\n#### Boot?\n\nYou could modify the init script of a system to execute this malloc bomb during the boot sequence, thus, stalling the system without easy/verbose debug axis (beside viewing diff in init script...) and never breaking a the same moment.\n\n---\n*Discovered with fun by akpalanaza*\n\n##### References :\n\n- https://docs.kernel.org/admin-guide/cpu-load.html\n- https://docs.kernel.org/admin-guide/device-mapper/zero.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fretr0kr0dy%2Fmalloc-bomb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fretr0kr0dy%2Fmalloc-bomb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fretr0kr0dy%2Fmalloc-bomb/lists"}