In programming and information security, a buffer overflow or buffer overrun is an anomaly whereby a program writes data to a buffer beyond the buffer's allocated memory, overwriting adjacent memory locations.
Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs; if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, then an anomalous transaction that produces more data could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes.
Exploiting the behavior of a buffer overflow is a well-known security exploit. On many systems, the memory layout of a program, or the system as a whole, is well defined. By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold executable code and replace it with malicious code, or to selectively overwrite data pertaining to the program's state, therefore causing behavior that was not intended by the original programmer. Buffers are widespread in operating system (OS) code, so it is possible to make attacks that perform privilege escalation and gain unlimited access to the computer's resources. The famed Morris worm in 1988 used this as one of its attack techniques.
Programming languages commonly associated with buffer overflows include C and C++, which provide no built-in protection against accessing or overwriting data in any part of memory and do not automatically check that data written to an array (the built-in buffer type) is within the boundaries of that array. Bounds checking can prevent buffer overflows, but requires additional code and processing time. Modern operating systems use a variety of techniques to combat malicious buffer overflows, notably by randomizing the layout of memory, or deliberately leaving space between buffers and looking for actions that write into those areas ("canaries").
information security, a bufferoverflow or buffer overrun is an anomaly whereby a program writes data to a buffer beyond the buffer's allocated memory, overwriting...
Bufferoverflow protection is any of various techniques used during software development to enhance the security of executable programs by detecting buffer...
In software, a stack bufferoverflow or stack buffer overrun occurs when a program writes to a memory address on the program's call stack outside of the...
A heap overflow, heap overrun, or heap smashing is a type of bufferoverflow that occurs in the heap data area. Heap overflows are exploitable in a different...
essentially a bufferoverflow), the stack is said to overflow, typically resulting in a program crash. The most-common cause of stack overflow is excessively...
security. Bufferoverflows, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. For example...
represent Bufferoverflow, a situation whereby the incoming data size exceeds that which can be accommodated by a buffer. Heap overflow, a type of buffer overflow...
directly mapped shadow memory to detect memory corruption such as bufferoverflows or accesses to a dangling pointer (use-after-free). Google's ASan,...
points to memory that has been freed/deallocated/deleted) A bufferoverflow A stack overflow Attempting to execute a program that does not compile correctly...
computer. BufferoverflowBuffer underrun Circular buffer Disk buffer Streaming media Frame buffer for use in graphical display Double buffering and Triple...
before the bufferoverflows. A larger buffer size simply means that the decoder will tolerate high bitrates for longer periods of time, but no buffer is infinite...
read from it. The term is distinct from bufferoverflow, a condition where a portion of memory forms a buffer of a fixed size yet is filled with more...
possible bufferoverflows if the bounds are not checked manually; string routines in general, for side-effects, encouraging irresponsible buffer usage,...
to be marked as non-executable, working alongside ASLR to prevent bufferoverflow attacks including return-to-libc attacks. As mentioned above, one use...
feature for VMware CVE-2008-1943 Xen Para Virtualized Frame Buffer backend bufferoverflow. CVE-2009-1244 Cloudburst: VM display function in VMware CVE-2011-1751...
inputs in an exploit. In a classical attack taking advantage of a stack bufferoverflow, the input given to a vulnerable program is crafted and delivered so...
Corporation, Bufferoverflow in crypto.signText() Archived 2014-06-04 at the Wayback Machine Festa, Paul (19 August 1998). "Buffer-overflow bug in IE"....
information and security vulnerabilities. In addition to pioneering bufferoverflow work, the security advisories he released contained early examples...
"CA-2003-25 BufferOverflow in Sendmail". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005. "CA-2003-12 BufferOverflow in...
including: A hole in the debug mode of the Unix sendmail program A bufferoverflow or overrun hole in the finger network service The transitive trust...