Buffer Overflow

A buffer overflow is a special type of attack on a computer system. The attacker tries to write specific data into a particular part of the memory in an application or infrastructure.  A fixed length of memory is known as a “buffer” and without proper precautions, extra data may overflow and provide access to other parts of the application, allowing the system to be compromised.

Terms related to Buffer Overflow: Zero-day vulnerability, web application firewall, SQL injection, vulnerability scanning, penetration testing

Buffer overflow vulnerabilities are one of the most common types of security flaws. An attacker will often try multiple attempts to write data to specific memory blocks, and success can allow them to crash a system, gain unauthorized access, or to modify internal variables or data.

The main reasons for the success of buffer overflow attacks are because applications do not properly manage memory allocation or input, and allow data that is longer than the memory block to be written to the buffer.

Organizations can defend against buffer overflow attacks by using good programming hygiene and best practices to flag and discard extraneous data that’s written to a buffer. Additionally, vulnerability scanning and penetration testing can help to identify buffer overflow risks across applications. As vendors discover buffer overflow exploits in their software, they will distribute patches that will resolve the issue — these patches should be applied immediately.

Note that buffer overflows can be taken advantage of as a “zero-day vulnerability” — in other words, an attack is carried out before a vendor is aware of the issue and has developed a patch to resolve it. For this reason, it’s best to rely on good programming practices and penetration testing to identify and prevent overflow risks.

Buffer Overflow Resources from Crossmatch