0% found this document useful (0 votes)
39 views1 page

Print Me

Buffer overflow occurs when buffers receive more data than they have allocated memory for, overflowing the extra data into nearby buffers and potentially corrupting or overwriting other data. Attackers can exploit buffer overflows by intentionally passing more data than the buffer can hold in order to execute malicious commands. There are two main types of buffer overflow attacks: stack-based, which target data buffers, and heap-based, which target the program memory. Languages like C and C++ are most vulnerable because they do not automatically check buffer boundaries or allocate excess buffer space. Possible mitigations include allocating more memory to buffers than needed, checking that data will fit within allocated limits, and restricting exploitable user input.

Uploaded by

J
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
39 views1 page

Print Me

Buffer overflow occurs when buffers receive more data than they have allocated memory for, overflowing the extra data into nearby buffers and potentially corrupting or overwriting other data. Attackers can exploit buffer overflows by intentionally passing more data than the buffer can hold in order to execute malicious commands. There are two main types of buffer overflow attacks: stack-based, which target data buffers, and heap-based, which target the program memory. Languages like C and C++ are most vulnerable because they do not automatically check buffer boundaries or allocate excess buffer space. Possible mitigations include allocating more memory to buffers than needed, checking that data will fit within allocated limits, and restricting exploitable user input.

Uploaded by

J
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Jordan Lowrance

Assignment 4

Buffer overflow occurs when buffers, which are essentially variables that contain a

temporary value, receive and record more data than they have allocated memory for, and the

extra data overflows into other nearby buffers. This potentially corrupts or overwrites other data

with garbage or malicious instructions. Buffers can be potentially be exploited in situations

where there is user input. When attackers use this property of buffers to try to penetrate a

system, they are either hoping for a corruption that provides favorable results, or are intentionally

passing data that can be executed as a command in the extra data. There are two different kinds

of buffer overflow attacks: those which target the heap, where the program is stored in memory,

and those that target the stack, where data such as the buffers is stored. The commonly used

languages most vulnerable to buffer overflow attacks are C and C++, with some of the leading

causes for the vulnerabilities being not allocating enough space for buffers, and not checking

bounds on read information. Possible solutions to avoid buffer overflow attacks could be

allocating more space to a buffer than needed, and or checking to make sure that the information

to be stored will actually fit in the buffer, or by refusing to accept user input information that

exceeds the limit of the buffer’s memory allocation. In C and C++, the commands gets, strcpy,

and scanf are especially vulnerable to buffer overflow due to not checking the bounds on the

values that they retreive. Changing the fundamental structure of sections of the program with

user input where possible can also avoid the issue of an overflow. Certain programming

languages other than C and C++ have measures built in to check and prevent buffer overflow.

https://www.geeksforgeeks.org/buffer-overflow-attack-with-example/
https://www.veracode.com/security/buffer-overflow

You might also like