Buffer overflows occur when software attempts to write data outside of its allocated memory block. There are five forms of buffer overflow, each with different causes and results, but most forms are potential security threats to a computer system connected to a network; as hackers can (and often do) use the side-effects of the overflow to attempt to take control of the system. Understanding buffer overflows is essential to maintaining security on a computer network.
Stack Buffer Overflow
The stack is where the computer declares and initializes the variables used in a computer program. In a stack buffer overflow, more data is written to the stack than it can legitimately allocate, causing the stack to be overwritten, including the "return pointer" that tells the computer where to go once it finishes processing the stack. Hackers can therefore use a stack overflow to rewrite the return pointer and direct the computer to malicious code.
Heap Buffer Overflow
A heap buffer overflow occurs when too much data is written to the portion of memory allocated to software for storing the software's data while it is running. Heap buffer overflows will often lead to a system crash due to data corruption, as the software is overwritten while it is running, or to the execution of malicious code which is written into the heap buffer during the overflow and has thereby bypassed the computer's standard security system.
An off-by-one error is a specific type of buffer overflow that occurs when a value is one iteration off what it is expected to be. This can often be due to miscounting the number of times a program should call a specific loop of code. The error may result in rewriting of one digit in the return pointer in the stack, which allows a hacker to direct the pointer to an address containing malicious code.
A buffer overrun occurs when too much data is sent to the small block of buffer memory used by CD and DVD burners. These buffers exist to provide a steady flow of information from the computer to the device. Data is read from the buffer at a specific speed and must be fed into the buffer at the same speed, otherwise data is overwritten before it is used. This results in file corruption and unsuccessful burning.
Format String Attack
A format string attack occurs when a program reads input from the user, or other software, and processes the input as a string of one or more commands. If the command that is received differs from that which is expected, such as being longer or shorter than the allocated data space, the program may crash, quit or make up for the missing information by reading extra data from the stack; allowing the execution of malicious code.
- Photo Credit Ryan McVay/Photodisc/Getty Images
Use of Buffers
Buffers are used to polish metal and other materials in many products, including jewelry, cutlery and firearms. Buffing uses a specific grit...
How to Resolve a Java Language Stack Overflow Error
A Java Language stack overflow occurs when the size of memory required by the stack of the Java program is greater than...
Methods for Degassing Buffers
Whether or not you need to degas, or deaerate, your buffer solution will depend on its application. If the presence of excess...
Tools to Detect Problems on a Computer
There are various issues or problems regarding computer hardware, software and networking from time to time. It is useful to understand and...