Buffer overflow vulnerability

Febna V M
Published on
24 Jun 2018
1 min read

In data security and programming, a buffer overflow or buffer overrun is an anomaly found an application due to which a program while writing information to a buffer, overruns the buffer’s boundary. The buffer is the temporary storage allocated to an application to store data. The application overwrites the adjacent memory locations. There are many web application, the programs are stored in an undersized stack buffer. The attacker can send data to the programs and he can overwrite the information on the stack, including the function’s return pointer. An attacker uses the buffer overflow attack to corrupt the execution stack of the victim server. The applications that use the graphics library to render images are vulnerable to this vulnerability. The applications that use interpreters like Java and python are immune to buffer overflow attack.

There are two types of buffer overflow attack:-

  • Heap-based buffer overflow
  • Stack-based buffer overflow

In heap-based buffer overflow attack, the attacker floods the server’s memory to hang the execution of the programs. This type of buffer overflow is least used among attacks. The stack-based buffer overflow is commonly used among attacks to attack a server. In this type of buffer overflow attack, the application calls the stack outside the intended data structure. This cause the program to use more memory than the allocated space. Using stack-based buffer overflow attack, the attacker can also perform stack smashing attack.


Using this vulnerability, an attacker can:-

  • crash the application by overloading the buffering.
  • explicitly execute any malicious code outside the application’s scope.
  • execute denial of service attack.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Try to keep up with the latest bug reports for the web application server products and other products in the Internet infrastructure.
  • Periodically scan the web application for buffer overflow vulnerability.
  • Apply the latest patches to all the products in the server.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Febna V M
Febna V M
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.