ALSR was never meant to be the only line of defense against buffer overflow attacks; it’s a mitigation and not a solution. It makes it so a single exploit is not enough to achieve full control.