What is a buffer overflow? And how hackers exploit these vulnerabilities

What is a buffer overflow? And how hackers exploit these vulnerabilities

Software that writes more data to a memory buffer than it can hold creates vulnerabilities that attackers can exploit. Good software development practices can stop buffer overflows from happening.

Credit: Photo by Elevate on Unsplash

Buffer overflow definition

A buffer overflow or overrun is a memory safety issue where a program does not properly check the boundaries of an allocated fixed-length memory buffer and writes more data than it can hold. This causes data to overflow to adjacent memory space, overwriting the information there, which often leads to crashes and exploitable conditions.

Buffer overflows are one of the oldest and most common causes for arbitrary code execution vulnerabilities, and applications written in programming languages like C and C++ are more prone to such coding mistakes than other languages. To avoid them, the developer community has developed secure coding practices and major software vendors have adopted them as part of their secure development life cycles.

Buffer overflow vulnerabilities on the rise

In September 2019, The MITRE Corporation, which maintains the Common Weakness Enumeration (CWE) catalog, published a list of the top 25 types of software vulnerabilities. The top rank went to CWE-119 or "Improper Restriction of Operations within the Bounds of a Memory Buffer," a larger class of buffer handling errors that includes buffer overflows and out-of-bound reads.

The fact that buffer overflows still rank at the top after many years of efforts to eliminate them from computer software is somewhat surprising. However, this is the first time MITRE updated the top 25 weaknesses list since 2011 and the ranking is based on a new scoring formula that combines the frequency of vulnerabilities in the National Vulnerabilities Database (NVD) observed over 2017 and 2018 with their average severity scores. So, the list reflects the overall risk associated with certain types of weaknesses based on both prevalence and the danger they pose.

Another reason why buffer overflows are back in the spotlight might be the rise of internet-of-things (IoT) devices, which, based on research over the past few years, have exhibited poor code quality compared to modern desktop applications from established vendors. The firmware of embedded systems has historically been riddled with buffer overflow issues and that hasn't improved much over the years because those obscure code bases don't typically get major overhauls. What has changed is the growing number of such devices on the internet, on business networks and inside households.

Buffer overflow attack examples

Buffer overflows typically have a high severity ranking because they can lead to unauthorized code execution in cases where attackers can control the overwritten memory space outside the targeted buffer and can redirect a function pointer to their malicious code.

Even when arbitrary code execution is not possible, a buffer overflow often results in a crash, leading to a denial of service (DoS) condition that affects the availability of the application and the processes it handles. This is particularly bad on server deployments where continuous availability is needed and expected.

In certain cases, attackers can also use buffer overflows to overwrite critical settings in an application's memory, for example a flag indicating whether the user is an administrator or not. This can lead to privilege escalation in the context of the application and potentially the system itself.

Finally, improper handling of buffer boundaries can allow attackers to read data outside the buffer instead of overwriting it, leading to sensitive information disclosure. This is known as an out-of-bounds read. While it's different from a classic buffer overflow, an out-of-bounds read falls in the same category of coding mistakes.

Out-of-bound reads can also be used to obtain information that can help attackers exploit other vulnerabilities. For example, they can be used to disclose memory addresses that are protected by kernel anti-exploitation technologies such as address space layout randomization (ASLR).

How to prevent buffer overflows

Since buffer overflows are the result of programming errors, the best way to prevent them is to train developers to avoid making those errors. Many secure coding guides and books address buffer overflows, as do secure coding certification programs. The CERT Coordination Center and Carnegie Mellon University's Software Engineering Institute have developed coding standards for several programming languages, including C and C++.

Automated ways to prevent buffer overflows include using memory-safe programming languages or frameworks and libraries that provide safe versions of functions that are prone to cause buffer overflows. Developers should also create applications that use features like ASLR and position-independent executables (PIE) to limit the potential impact of buffer overflows. They should also use compiler flags and extensions that detect such errors like the /GS flag in Microsoft Visual Studio, the FORTIFY_SOURCE GCC flag added by Red Hat, StackGuard and ProPolice.

Unfortunately, none of these solutions provide complete protection, so it's important to perform periodic code reviews and application security testing with both internal and external security teams, as well as integrating tools such as fuzzers into the automated testing workflows.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags security



Reseller News Platinum Club celebrates leading partners in 2019

Reseller News Platinum Club celebrates leading partners in 2019

The leading players of the New Zealand channel came together to celebrate a year of achievement at the annual Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months.

Reseller News Platinum Club celebrates leading partners in 2019
Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosted its second annual alumnae breakfast for the Women in ICT Awards in New Zealand, designed to showcase the leading female leaders in the industry. Held at The Cordis in Auckland, attendees came together to hear inspiring keynotes and panel discussions, alongside high-level networking among peers. Photos by Gino Demeer.

Reseller News hosts alumnae breakfast for Women in ICT Awards
Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Show Comments