Skip to content

Buffer Overflow

A buffer overflow occurs when a buffer (i.e., an array) is filled with more data than it can hold. The excess bytes of data are written directly into memory, often causing a segfault and crashing the program.

Vulnerable programs can be explioted to redirect the instruction pointer to point to malicious code or shell code.

Buffer overflows are common in compiled langauges like C and C++, where array boundaries are not checked.

Vulnerable Functions

The table below shows several C and C++ functions vulnerable to buffer overflows and their safe alternative:

Vulnerable Safe
strcpy strncpy
strcat strncat
sprintf snprintf
gets fgets

Real World Examples

Real world examples of buffer overflow exploits: * Morris Worm * Code Red Worm * Twilight Princess Exploit

More

CTF 101 - Binary Exploitation Wikipedia