Jordan Lowrance

Assignment 4

Buffer overflow occurs when buffers, which are essentially variables that contain a

temporary value, receive and record more data than they have allocated memory for, and the

extra data overflows into other nearby buffers. This potentially corrupts or overwrites other data

with garbage or malicious instructions. Buffers can be potentially be exploited in situations

where there is user input. When attackers use this property of buffers to try to penetrate a

system, they are either hoping for a corruption that provides favorable results, or are intentionally

passing data that can be executed as a command in the extra data. There are two different kinds

of buffer overflow attacks: those which target the heap, where the program is stored in memory,

and those that target the stack, where data such as the buffers is stored. The commonly used

languages most vulnerable to buffer overflow attacks are C and C++, with some of the leading

causes for the vulnerabilities being not allocating enough space for buffers, and not checking

bounds on read information. Possible solutions to avoid buffer overflow attacks could be

allocating more space to a buffer than needed, and or checking to make sure that the information

to be stored will actually fit in the buffer, or by refusing to accept user input information that

exceeds the limit of the buffer’s memory allocation. In C and C++, the commands gets, strcpy,

and scanf are especially vulnerable to buffer overflow due to not checking the bounds on the

values that they retreive. Changing the fundamental structure of sections of the program with

user input where possible can also avoid the issue of an overflow. Certain programming

languages other than C and C++ have measures built in to check and prevent buffer overflow.

https://www.geeksforgeeks.org/buffer-overflow-attack-with-example/
https://www.veracode.com/security/buffer-overflow