Lesson 17 of18
In Progress

Buffer Overflows

cover6 December 6, 2019

A buffer overflow can occur when a buffer (aka a defined area of memory) is overwritten and data overflows into an adjacent area. This normally happens because the program was written without precautions against the creation of unbounded memory areas so that an errant end user or a malicious attacker can input data that is too large for the buffer.

The advantage of a buffer overflow to an attacker is potentially significant in that they can either crash the program and/or cause a DoS condition, or perhaps they can exfiltrate useful data from the target. For example, if a password is stored in a memory area adjacent to the buffer that stores a username, there is the possibility that an attacker can capture this data through the use of an overflow attack on the username input field.

Although it is common today to implement protective measures against the threat of a buffer overflow (the use of address space randomization for example), new buffer overflow vulnerabilities are constantly being discovered and exploited. Legacy software is also an ongoing concern, as older software frequently remains unpatched and subject to attack.

The subject of buffer overflow attacks is complex and requires a understanding of computer memory and how to access and manipulate it. There are many good tutorials and resources available; consider starting with the TryHackMe room on buffer overflows listed below. Knowledge of overflows and how to exploit them and protect against them will be especially helpful if you are considering pursuing advanced certifications such as the Offensive Security Certified Professional (OSCP).