Scribd
Upload
3 views11 pages

Buffer Overflow

A buffer overflow occurs when a program writes more data to a buffer than it can hold, leading to potential crashes and security vulnerabilities. Attackers exploit these vulnerabilities to execute arbitrary code or gain unauthorized access, making buffer overflow attacks a significant security risk. Preventative measures include validating user inputs, using safer programming languages, and implementing various protective techniques.

Uploaded by

ioanemotunui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
3 views11 pages

Buffer Overflow

A buffer overflow occurs when a program writes more data to a buffer than it can hold, leading to potential crashes and security vulnerabilities. Attackers exploit these vulnerabilities to execute arbitrary code or gain unauthorized access, making buffer overflow attacks a significant security risk. Preventative measures include validating user inputs, using safer programming languages, and implementing various protective techniques.

Uploaded by

ioanemotunui
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

BSIT3A

BUFFER
OVERFLOW
Exploring the the definition and different types of overflow
attacks.
BSIT3A

WHAT IS A A buffer overflow occurs when a program


writes more data to a buffer than it can hold,

BUFFER causing excess data to overwrite adjacent


memory. This can lead to crashes, erratic
behavior, or security vulnerabilities.
OVERFLOW? Attackers exploit buffer overflows to inject
malicious code or gain unauthorized access.
Despite being well-known, they remain a
serious security concern. Preventative
measures include bounds checking and using
safer programming languages that handle
memory management automatically.

www.techtarget.com/searchsecurity/definition/buffer-
overflow
BSIT3A

WHAT IS A BUFFER OVERFLOW ATTACK AND


HOW DOES ONE WORK?
A buffer overflow attack occurs when an attacker deliberately sends more
data than a program's buffer can handle, causing it to overwrite adjacent
memory. This can lead to crashes, corruption, or, in severe cases, allow
attackers to execute arbitrary code by overwriting function return
addresses. By injecting malicious code and redirecting execution to it,
attackers can gain control over the system. Buffer overflow vulnerabilities
are among the top security risks (CWE-120, SANS Top 25) and are
commonly exploited in networked applications.
TYPES OF BUFFER OVERFLOW ATTACKS

1. 5.
3.
Stack-based
buffer Integer Unicode
overflow or overflow overflow
stack buffer attack attacks
overrun
attack

2. 4.
Heap-based Format
buffer strings
overflow attack
attack
BSIT3A
BSIT3A

STACK-BASED BUFFER OVERFLOW OR STACK


BUFFER OVERRUN ATTACK

It is a continuous space in
memory used to organize data
associated with function calls,
including function parameters,
function local variables and
management information, such
as frame and instruction
pointers. Normally, the stack is
empty until the targeted
program requires user input,
like a username or password.
BSIT3A

HEAP-BASED BUFFER OVERFLOW ATTACK

a memory structure used to


manage dynamic memory.
Programmers often use the heap
to allocate memory whose size
is not known at compile time,
where the amount of memory
required is too large to fi t on the
stack or the memory is intended
to be used across function calls.
BSIT3A

INTEGER OVERFLOW ATTACK

a memory structure used to


manage dynamic memory.
Programmers often use the heap
to allocate memory whose size
is not known at compile time,
where the amount of memory
required is too large to fi t on the
stack or the memory is intended
to be used across function calls.
BSIT3A

FORMAT STRINGS ATTACK

A format string attack is a type


of cyberattack that exploits
vulnerabilities in the format
string operations of software
programs. These attacks occur
when an application improperly
handles input data, allowing
attackers to manipulate the
format string functions.
BSIT3A

UNICODE OVERFLOW ATTACKS

These attacks exploit the


greater memory required to
store a string in Unicode format
than in American Standard Code
for Information Interchange (
ASCII) characters. They can be
used against programs that are
expecting all input to be ASCII
characters.
BSIT3A

Best practice to prevent buffer overflow

Incorporate Enable
1. Always 3. fuzzing into 5. protection
Validate at
User your quality
assurance operating
Inputs system
roadmap
runtime

Use OS Install a Adapt


2. features to 4. compiler 6. pointer
protect with a protectio
executable canary n
spaces extension
BSIT3A

THANK YOU!

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy