Thinking Outside The Box [dusted off draft from 2017]

This post describes a vulnerability in VirtualBox's NAT (network address translation, a mode that makes VM traffic look like it comes from the host computer) networking code, specifically in how it manages memory for packet data using a custom zone allocator. The vulnerability exists because safety checks that verify memory integrity use Assert() statements, which are disabled in the standard release builds of VirtualBox that users download, allowing potential exploitation.