A code-reuse attack named coroutine frame-oriented programming (CFOP) is capable of exploiting C++ coroutines across three major compilers, namely Clang/LLVM, GCC and MSVC. CFOP even succeeds in environments that are protected by control flow integrity (CFI), exposing relevant gaps in 15 of these defense schemes.
This post was originally published on this website.