buffer overflow

Share This
Categories: Storage

Buffer overflow is what happens when a program or process attempts to write too much data to the buffer, a segment of computer memory reserved for temporary data storage. The extra data will overwrite data values in memory addresses adjacent to the destination buffer unless the application is written to flag or discard overflow.

Buffer overflow is categorized according to the location of the buffer in the process memory; the two main types are stack-based and heap-based. The stack is a continuous space in memory used to organize data associated with function calls, including function parameters, function local variables and management information, such as frame and instruction pointers. The heap is a memory structure used to manage dynamic memory. Programmers often use the heap to allocate memory whose size is not known at compile time, where the amount of memory required is too large to fit on the stack or where the memory is intended to be used across function calls.

Buffer overflow ranks high in the Common Weakness Enumeration/SANS Top 25 Most Dangerous Software Errors and is specified as CWE-120 under the Common Weakness Enumeration dictionary of weakness types. Techniques to exploit buffer vulnerabilities vary based on the operating system and programming language, but the goal is always to manipulate a computer’s memory to subvert or control program execution.

The most common reason why buffer overflow attacks work is because applications fail to manage memory allocations and validate input from the client or other processes. Applications developed in C or C++ should avoid dangerous standard library functions that are not bounds-checked, such as gets, scanf and strcpy, and instead use libraries or classes explicitly created to perform string and other memory operations securely. User input and data from untrusted sources should always be validated to ensure that they are within the bounds of what’s expected.