EDUCBA

EDUCBA

MENUMENU
  • Free Tutorials
  • Free Courses
  • Certification Courses
  • 600+ Courses All in One Bundle
  • Login
Home Software Development Software Development Tutorials Software Development Basics What is Buffer Overflow?
Secondary Sidebar
Software Development Basics
  • Basics
    • Microsoft Expression Web
    • IDE
    • Microsoft Flow
    • Unity Dashboard
    • Servlet Dispatcher
    • Types of Algorithms
    • Vue.js? nextTick
    • Vue.js Transition
    • Page Replacement Algorithms
    • What is CLI
    • Open Source Software
    • Solve Problems With Technology (Simple)
    • What is Application Software & Types
    • Microsoft Word Alternative
    • ADDIE Model
    • V-model advantages and disadvantages
    • Gatsby Plugins
    • Putty version
    • Xampp versions
    • Avro converter
    • Avro Data Types
    • Avro Schema Evolution
    • Avro Serialization
    • Cloudera Impala
    • Cloudera Careers
    • Entity Framework Core
    • Gulp File Include
    • Gulp Autoprefixer
    • Gulp File
    • Gulp Terser
    • System Software Tools
    • System Software Components
    • Typography App
    • Software as a Service (Saas)
    • Icon Font Pack
    • Interpret Results Using ANOVA Test
    • Blogging Insights Your Analytics
    • Increase Productivity Technology
    • Free Multimedia Software
    • Information Technology Benefits
    • What is SPSS and How Does It Work
    • Learn to Code For Beginners (Advance)
    • Uses of Coding
    • Uses Of Raspberry Pi
    • What Is System Design
    • Introduction to NLP
    • What is MapReduce
    • What is SoapUI
    • What is MVC
    • What is Multithreading
    • What is Neural Networks
    • What is Swift
    • What is PLC
    • What is Open Cart
    • What is Mainframe
    • What is JMS
    • What is Cognos
    • What is Open Source
    • What is Bot
    • What is SOAP
    • What is COBOL
    • What is GraphQL
    • What is Microcontroller
    • What is Open-Source License
    • What is Visual Studio Code
    • What is Pandas
    • What is Hypervisor
    • What is Common Gateway Interface
    • What is IDE?
    • What is MVC Design Pattern
    • What is Application Server
    • What is GPS
    • What is Botnet
    • What is Assembly Language
    • System Analysis And Design
    • HTTP Caching
    • What is Buffer Overflow
    • What is Ajax
    • What is Appium
    • What is SVN
    • What is SPSS
    • What is WCF
    • What is Groovy
    • What is Clickbait
    • What is SOA
    • What is GUI
    • What is FreeBSD
    • What is WebSocket
    • What is WordPress
    • What is OSPF
    • What is Coding
    • What is Raspberry Pi
    • HTTP Cookies
    • What is Hub?
    • What is Bridge
    • What is Switch
    • What is Internet Application
    • What is Sensors
    • What is Proximity Sensors
    • What is Full Stack
    • System Design Interview Questions
    • What is Salesforce technology
    • What is Salesforce Sales Cloud
    • What is OOP
    • What is CMD
    • What is React
    • React Redux Typescript
    • What is DSS
    • What is SVG
    • SVG File
    • Bash Sleep Command
    • What is MTU
    • What is Apex
    • What is Desktop Software
    • Tor Browser, Anonymity and Other Browsers
    • Avoid Pitfalls of Shadow IT
    • Freelance Web Graphic Designer
    • What is Storage Virtualization
    • What is Web Services?
    • What is Social Networking?
    • What is Microservices Architecture?
    • Microservices Tools
    • Advantages of Microservices
    • Uses of Internet
    • Software Platforms
    • Uses of Internet for Business
    • Architecture of Web Services
    • Web Application Testing
    • Advantages of Web Service
    • CPU Virtualization
    • Types of Web Services
    • Web Services Testing
    • What is RabbitMQ?
    • RabbitMQ Architecture
    • Advantages of Bitcoin
    • LINQ foreach
    • Penetration Testing Services
    • Puppet Alternatives
    • What is Memcached?
    • What is Browser?
    • Types of Satellites
    • Model Driven Architecture
    • Types of Variables in Statistics
    • Best Statistics Certifications
    • Integration Architecture
    • What is API Integration?
    • What is Grid Computing?
    • Asus File Manager
    • What is GPRS?
    • What is Gradle?
    • What is Basecamp?
    • Software System Architecture
    • GSM Architecture
    • What is Nagios?
    • AppDynamics Tool
    • Logical Architecture
    • What is Microsoft Planner
    • What is Circuit Switching
    • What is ARM?
    • Embedded Control Systems
    • Embedded System Programming
    • Embedded System Development
    • Embedded Systems Software
    • Embedded System Project
    • Types of Embedded Systems
    • Requirement Engineering
    • Types of Engineering
    • What is WAP
    • What is Registry?
    • What is Dynatrace?
    • What is Digital Forensics?
    • Hardware Virtualization
    • AppDynamics Careers
    • Bandwidth Monitoring Tools
    • Ping Monitor Tools
    • Dynatrace Tools
    • What is Trello?
    • What is AppDynamics?
    • What is Remote Desktop?
    • What is Extranet?
    • What is LTE Network?
    • What is Firebase?
    • Website Monitoring Tool
    • Number Systems
    • Service Desk Manager
    • Static Website
    • Dynamic Website
    • What is Email?
    • What is URL Link?
    • What is Program?
    • What is Lock Screen?
    • What is Grafana
    • Unguided Media Transmission
    • IT Governance
    • IT Governance Framework
    • Remote Support Softwares
    • What is Unification?
    • Topological Map
    • What is LAMP?
    • USB Flash Drive
    • Software Development Models
    • Digital Circuit
    • What is Webpack?
    • Fault Tolerance
    • What is DSL Modem?
    • What is Mozilla Firefox?
    • What is Vagrant?
    • Types of Research Methodology
    • Grafana Plugins
    • Ionic Components
    • Nginx Error_page
    • Nginx Include
    • Nginx Version
    • Nginx Force HTTPS
    • Nginx Environment Variables
    • Nginx Container
    • RabbitMQ Routing Key
    • CakePHP
    • Telegram Features
    • What is CDN
    • RethinkDB
    • Symfony Version
    • UWP
    • cPanel version
    • What is assembly?
    • Seed7
    • Switching Techniques
    • OCaml
    • Pseudocode?Algorithm
    • Quality Control Methods
    • What is OneNote?
    • Workstation Uses
    • Soft Computing Techniques
    • Remote Access Software
    • Remote Desktop Tools
    • OneNote Shortcuts
    • Software Review
    • What is Qubit?
    • Static Analysis Tools
    • Register in Microprocessor
    • What is VDI?
    • What is Svelte?
    • RabbitMQ Version
    • Groovy Version
    • Code Walkthrough
    • What is Telegram?
    • Gradle Version
    • What is Recycle Bin?
    • What is Cordova?
    • Swagger version
    • Doxygen
    • Phalcon
    • Metasploit Framework
    • Microsoft Word Shortcut Keys
    • Wordpad shortcut keys
    • Burp Suite
    • Google Docs Shortcuts
    • Install VPN
    • Frontend Challenges
    • CodeIgniter Version
    • VMware Tools
    • CDMA Advantages
    • CDMA Uses
    • Servlet Session Management
    • ServletConfig
    • Servlet Class
    • Log4j Version
    • Remote Desktop Softwares
    • Soapui Load Test
    • Scikit Learn Version
    • VMware Benefits
    • Google Slides Shortcuts
    • What is XAMPP?
    • What is PyGTK?
    • VMware Fusion
    • What is cPanel?
    • Ubuntu Version
    • Server Types
    • App Analytics Tools
    • DNS Types
    • Evernote Features
    • Restful architecture
    • GNOME Keyboard Shortcuts
    • AngelScript
    • NativeScript Layouts
    • PowerPoint Version
    • setInterval Function
    • Shopify Apps
    • TypeScript foreach loop
    • Socio Technical System
    • PowerPoint Shortcut Keys
    • Civil Engineering Tools
    • OpenLayers vs Leaflet
    • Circuit Switching Advantages and Disadvantages
    • LotusScript
    • Multiplexer
    • Multiple Access Protocol
    • Types of Broadband
    • What is Standardization
    • Methods of Development
    • Software Requirement Specification
    • CentOS restart network
    • Bouncy numbers
    • Burp suite proxy
    • Redshift window functions
    • Mesh Topology Advantages and Disadvantages
    • What is Zabbix?
    • Test Techniques
    • Test Development
    • What is PyCharm
    • What is REST
    • JDBC version
    • System software features
    • Ableton versions
    • Unreal engine version
    • RAD advantage disadvantage
    • Incremental Model Advantage and Disadvantage
    • Disadvantages of Internet
    • What is VoIP
    • WAP Architecture
    • CentOS unzip
    • Cubase Shortcuts
    • Cubase Versions
    • Libreoffice shortcut keys
    • Archiving Software
    • Layered Architecture
    • Coverage Types
    • What is Kivy?
    • Types of Methodology
    • Swift JSON
    • JSON Serialize
    • TypeScript?boolean
    • TypeScript keyof object
    • TypeScript RegEx
    • TypeScript?date
    • TypeScript object
    • CentOS Version
    • XSLT if else
    • Binary Search JavaScript
    • Binary search with recursion
    • PLSQL Replace
    • Evernote Notes
    • Rust vs Python
    • Test Scenario
    • Deadlock in Operating System
    • MVVM Architecture
    • MVVM Flutter
    • What is Keyboard
    • WordPress Hosting
    • Software requirement
    • CentOS Add User to Group
    • Backup Types
    • Firewall Rules
    • Microprocessor Features
    • Maven Versions
    • OneNote features
    • Binary search tree insertion
    • Quick sort algorithm
    • B+ tree insertion
    • What is Automation?
    • What is Digital Electronics?
    • Wireless Transmission Media
    • Border Gateway Protocol
    • Email Encryption Software
    • Endpoint Encryption
    • Outlook Alternative
    • What is Abacus
    • Encapsulation Benefits
    • FL Studio Keyboard Shortcuts
    • NordVPN Features
    • Statsmodels API
    • Statsmodels Linear Regression
    • Buzz number
    • Krishnamurthy Number
    • What is Compact Disc?
    • Bucket Sort Algorithm
    • Insertion Sort Algorithm
    • Redis Version
    • Chatbot Benefits
    • Full Stack Technologies
    • Civil Engineering Types
    • Tomcat Web Server
    • Tomcat Native
    • Tkinter Scrolledtext
    • Anaconda Navigator
    • UML Class Diagram
    • System Monitoring Tool
    • Drupal Features
    • Drupal Free Themes
    • Drupal Modules
    • Drupal 9
    • Drupal Developer
    • Drupal Webform
    • Drupal 8
    • Drupal 8 Themes
    • Drupal Views
    • System Software Functions
    • What is Linker?
    • What is K Map?
    • Website Testing Tool
    • TypeScript map
    • TypeScript enum
    • TypeScript class
    • Hill Climbing Algorithm
    • Hashmap and Hashtable
    • Nexus Plugin
    • Entity Framework Delete by ID
    • What is NumPy?
    • What is NLP?
    • Vishing Attack
    • Test Plan in Software Testing
    • Guest Mode
    • What is Mockito?
    • Advantage of the Internet
    • SVG Creator
    • Rails Logger
    • Intellij Plugins
    • Intellij Shortcuts
    • IntelliJ Maven
    • IntelliJ JavaFX
    • IntelliJ Lombok Plugin
    • IntelliJ Format Code
    • IntelliJ gitignore
    • IntelliJ Find and Replace
    • RESTEasy

Related Courses

Software Testing Training

Selenium Training Certification

Appium Training

JMeter Certification Training

What is Buffer Overflow?

By Priya PedamkarPriya Pedamkar

What is Buffer Overflow?

Introduction to Buffer Overflow

Buffer overflow is also known as Buffer overrun, is a state of the computer where an application tries to store more data in the buffer memory than the size of the memory. This leads to data being stored into adjacent storage, which may sometimes overwrite the existing data, causing potential data loss and sometimes a system crash as well. It is a common programming mistake that most developers commit unknowingly. Hackers are most often exploiting this to gain access to unsolicited data.

What’s Buffer Memory?

Excellent question. A buffer memory, or buffer, is simply a sequential portion of the RAM set aside to hold data temporarily while it is being transferred from one place to another – the place usually being an input or output device. This is done to compensate for the difference in the speeds at which the devices operate.

For e.g., when you give some documents for print, your latest i7 processor is fast enough to execute the print command in nanoseconds, while the poor old printer is not equipped with that fast processor. So, the documents are held onto the buffer memory and passed onto the printer at a speed that the printer accepts. This frees your CPU’s RAM for other tasks.

Buffer Overflow Attack

Now that a vulnerability has been identified with the computers, hackers are bound to exploit it and try to attack various systems through buffer overflow attacks. Now the question arises, how does a hacker execute such an attack, and what are the consequences?

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

In a buffer overflow attack, the extra data includes instructions that are intended to trigger damaging activities such as corrupting files, changing data, sending private information across the internet, etc. An attacker would simply take advantage of any program which is waiting for certain user input and inject surplus data into the buffer.

Buffer overflow attacks can be primarily classified into two types:

  • Stack-based: When the attack is on stack-based memory allocation. This is simpler to exploit and is thus more prone to attacks.
  • Heap-based: When the attack is on heap-based memory allocation. This is not so easy to exploit and is thus far less frequent.

The languages most vulnerable to buffer overflow attacks are C, C++, Fortran, and Assembly, as they use stack-based memory allocation techniques.

The Cure

Once data is corrupt, there is simply no cure to restore the original data. Moreover, the intensity of the attack largely determines the cure. If the attack is meager and affects only a part of an isolated machine’s memory, a simple system format can be the cure. Whereas, if the attack is widespread and has compromised the data over several machines, formatting the entire network would not help unless the program that injects the malicious code is fixed.

All in One Software Development Bundle(600+ Courses, 50+ projects)
Python TutorialC SharpJavaJavaScript
C Plus PlusSoftware TestingSQLKali Linux
Price
View Courses
600+ Online Courses | 50+ projects | 3000+ Hours | Verifiable Certificates | Lifetime Access
4.6 (86,818 ratings)

Prevention is Better than Cure

As developers, it is our responsibility to check for buffer overflows in our code. If buffer overflows are handled in the code itself, the security of the system is not hampered through buffer-overflow attacks.

Following are some simple precautionary steps that can help prevent buffer overflows:

  • Exception handling must be leveraged to detect buffer overflows and prevent code execution in the event of it.
  • Allocate large enough size to buffer so that un-intended large volumes of data are dealt with properly.
  • Avoid using library functions or third-party methods that are not bound-checked for buffer overflows. Common examples of such functions to avoid are gets(), scanf(), strcpy() These are primarily in C/C++ language.
  • Code testing should account for such vulnerabilities and rigorously test the code and fix bugs that may lead to overflow.
  • Modern programming languages, operating systems, and code compilers have evolved to stop the command execution in case of a buffer overflow. This has become the most reliable way to automatically detect buffer overflows.

Try it Yourself

I have understood so much about Buffer Overflow and Buffer Attacks; why not try to code something malicious yourself?

Disclaimer – The following program is for illustration purposes only and should not be used to cause harm of any sort. Any resemblance to malicious code is merely coincidental. Moreover, the operating systems nowadays are smart enough to have buffer-attack-preventive checks in place.

Below is the C program that can cause a potential buffer overrun. Why the choice of language C? This is because the more advanced programming languages were developed to deal with buffer overruns during compile time only. Although, nowadays, the compilers of C also have certain checks to avoid detecting buffer overflow. So, you would only be seeing an error message indicating that a buffer overrun was detected.

Code:

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
char mybuffer[8];
// copy the user input to mybuffer, without any bound checking
printf("Storing user input to mybuffer...\n");
strcpy(mybuffer, argv[1]);
printf("mybuffer content= %s\n", mybuffer);
return 0;
}

Output:

output of buffer overflow

What happened when 123456789 was given as the command-line argument to the program? The program generated an error that is thrown when the compiler detects the buffer overflow. The compilers and operating systems nowadays have an added protection layer. This layer is nothing but variables called the Canaries, which are initiated to certain values at the compile time. These variables are then stored in adjacent memory units to the buffer. So, whenever the buffer overflows, the extra data flows into the adjacent memory and corrupts the value of the Canaries. As soon as any corrupt canary is detected, the system aborts the execution.

Another example in C++ language:

Code:

#include <iostream>
using namespace std;
int main()
{
char buf[8];
cin>>buf;
return 0;
}

Input: 123456789

Output:

c# example

Conclusion – What is Buffer Overflow?

So, by now, we are sure you would have understood the importance of buffer handling in your program. Include this practice to check for buffer bounds while writing as well as testing your code. This will help you write secure code.

Recommended Articles

This has been a guide to What is Buffer Overflow? Here we discussed the definition, prevention, memory, attack in Buffer Overflow. You can also go through our other suggested articles to learn more –

  1. What is JavaScript?
  2. What Is Django?
  3. What is SQL Developer?
  4. What Is Azure?
Popular Course in this category
All in One Software Development Bundle (600+ Courses, 50+ projects)
  600+ Online Courses |  3000+ Hours |  Verifiable Certificates |  Lifetime Access
4.6
Price

View Course

Related Courses

Software Testing Training (11 Courses, 2 Projects)4.9
Selenium Automation Testing Training (11 Courses, 4+ Projects, 4 Quizzes)4.8
Appium Training (2 Courses)4.7
JMeter Testing Training (3 Courses)4.7
0 Shares
Share
Tweet
Share
Primary Sidebar
Footer
About Us
  • Blog
  • Who is EDUCBA?
  • Sign Up
  • Live Classes
  • Corporate Training
  • Certificate from Top Institutions
  • Contact Us
  • Verifiable Certificate
  • Reviews
  • Terms and Conditions
  • Privacy Policy
  •  
Apps
  • iPhone & iPad
  • Android
Resources
  • Free Courses
  • Java Tutorials
  • Python Tutorials
  • All Tutorials
Certification Courses
  • All Courses
  • Software Development Course - All in One Bundle
  • Become a Python Developer
  • Java Course
  • Become a Selenium Automation Tester
  • Become an IoT Developer
  • ASP.NET Course
  • VB.NET Course
  • PHP Course

ISO 10004:2018 & ISO 9001:2015 Certified

© 2022 - EDUCBA. ALL RIGHTS RESERVED. THE CERTIFICATION NAMES ARE THE TRADEMARKS OF THEIR RESPECTIVE OWNERS.

EDUCBA
Free Software Development Course

C# Programming, Conditional Constructs, Loops, Arrays, OOPS Concept

*Please provide your correct email id. Login details for this Free course will be emailed to you

By signing up, you agree to our Terms of Use and Privacy Policy.

EDUCBA Login

Forgot Password?

By signing up, you agree to our Terms of Use and Privacy Policy.

EDUCBA
Free Software Development Course

Web development, programming languages, Software testing & others

*Please provide your correct email id. Login details for this Free course will be emailed to you

By signing up, you agree to our Terms of Use and Privacy Policy.

EDUCBA

*Please provide your correct email id. Login details for this Free course will be emailed to you

By signing up, you agree to our Terms of Use and Privacy Policy.

Let’s Get Started

By signing up, you agree to our Terms of Use and Privacy Policy.

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy. By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to our Privacy Policy

Loading . . .
Quiz
Question:

Answer:

Quiz Result
Total QuestionsCorrect AnswersWrong AnswersPercentage

Explore 1000+ varieties of Mock tests View more