Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Assignment 4
Buffer overflow occurs when buffers, which are essentially variables that contain a
temporary value, receive and record more data than they have allocated memory for, and the
extra data overflows into other nearby buffers. This potentially corrupts or overwrites other data
where there is user input. When attackers use this property of buffers to try to penetrate a
system, they are either hoping for a corruption that provides favorable results, or are intentionally
passing data that can be executed as a command in the extra data. There are two different kinds
of buffer overflow attacks: those which target the heap, where the program is stored in memory,
and those that target the stack, where data such as the buffers is stored. The commonly used
languages most vulnerable to buffer overflow attacks are C and C++, with some of the leading
causes for the vulnerabilities being not allocating enough space for buffers, and not checking
bounds on read information. Possible solutions to avoid buffer overflow attacks could be
allocating more space to a buffer than needed, and or checking to make sure that the information
to be stored will actually fit in the buffer, or by refusing to accept user input information that
exceeds the limit of the buffer’s memory allocation. In C and C++, the commands gets, strcpy,
and scanf are especially vulnerable to buffer overflow due to not checking the bounds on the
values that they retreive. Changing the fundamental structure of sections of the program with
user input where possible can also avoid the issue of an overflow. Certain programming
languages other than C and C++ have measures built in to check and prevent buffer overflow.
https://www.geeksforgeeks.org/buffer-overflow-attack-with-example/
https://www.veracode.com/security/buffer-overflow