Buffers are memory storage areas that are used to temporarily hold data until it is processed or transferred from one location to another. A buffer overflow occurs when the amount of data provided or entered exceeds the storage capacity of the memory buffer. As a result of this excess data, the program will attempt to write the data. In this case, buffer overwrites adjacent memory locations.
For example, a buffer may be used to enter password credentials on the computer. The buffer expects an input of 9 bytes for which it has allocated necessary space. However, if the input is made of 11 bytes, which is 2 bytes greater than expected, the program will write in the next location. However, this location is not allocated to the buffer itself. If there is any other data written, it will be overwritten.
Buffer overflows affect all types of software. Malformed inputs and inadequate space allocated to the buffer will result in a buffer overflow. If any previous data or executable code is overwritten, there will be memory and data errors, which may give rise to incorrect results and program crashes.
Many attackers exploit program vulnerabilities and overflow issues by overwriting the memory of applications. This may include adding extra code or newer instruction to the program. The attacker can damage and cause harm to existing files, and some private information may be exposed.
Attackers can also find out the size of the buffer and feed in input that the buffer cannot store to cause buffer overflows. They may then overwrite the executable part of the program and replace it with their own code, which creates high risk and can cause high damage to security.
C and C++ are two languages that are highly susceptible to buffer overflow attacks.
Stack-based buffer overflows are the most common. They use stack memory, which exists during the execution time of a function.
Heap-based attacks involve flooding the memory space allocated for a program beyond the memory used for current runtime operations. These attacks are harder to carry out than stack-based.
For a buffer overflow attack to occur, an attacker needs to know the address of executable code.
Structured exception handler overwrite protection (SEHOP) helps stop malicious code from attacking
Stack canaries can be used to detect that a stack buffer overflow has occurred. Buffer overflows mostly overwrite memory from lower to higher memory addresses. For the attacker to take control, the canary value must also be overwritten. This value is then checked to make sure it has not changed before a routine uses the return pointer on the stack.
View all Courses