0 / 8 flipped
What is a buffer overflow?
Writing more data into a buffer than it was allocated to hold. The first bytes fill the buffer as designed. The excess bytes overflow and spill into adjacent memory β overwriting whatever is stored there. The developer did not intend this; the program has no protection against it when bounds checking is absent.
What is a buffer?
A fixed area of memory reserved by a program to hold data temporarily while it is being processed. The developer decides the buffer's size at design time. The program is written assuming no input will ever exceed that size. When that assumption is violated and there is no bounds check, an overflow occurs.
What is bounds checking?
The developer technique that prevents buffer overflows. Before writing data into a buffer, the program checks: does the incoming data fit? If the data is smaller than or equal to the buffer size β proceed. If the data is larger β reject it. Proper bounds checking everywhere data is written into memory means buffer overflows cannot occur.
Why are buffer overflows difficult to exploit?
Because overflowing memory often causes the application to crash rather than produce a useful result. Adjacent memory may hold values the program needs to run β corrupting them causes a crash. Attackers need to find the specific overflow that changes adjacent memory in a controlled, predictable way. The gap between "found an overflow" and "working exploit" is often enormous.
What is repeatability, and why does it matter for buffer overflow exploits?
Repeatability means the overflow produces exactly the same outcome every single time the specific input is sent. Not sometimes β every time. A repeatable overflow can be turned into a reliable tool, automated, and deployed against every machine running the vulnerable software. Without repeatability, an overflow is only a curiosity or a denial-of-service at best.
What are the three conditions required for a dangerous buffer overflow?
(1) A buffer with no bounds checking β data is written without verifying it fits. (2) Something valuable in adjacent memory β a variable, permission flag, or control value worth overwriting. (3) Repeatability β the overflow consistently produces the desired outcome every time. Proper bounds checking by the developer eliminates condition 1 β without it, the rest cannot happen.
Describe the variable A/B buffer overflow example.
Variable A (8 bytes) and variable B (2 bytes, value 1,979) sit adjacent in memory. Variable B controls access rights: below 2,000 = guest; above 24,000 = admin. The attacker sends "excessive" (9 characters) into variable A. The first 8 characters fill variable A. The 9th character β E (hex 65) β overflows into variable B, changing its value to 25,856. 25,856 is above 24,000, so the attacker gains administrator rights with no credentials.
What does the variable A/B example demonstrate about adjacent memory?
Adjacent memory can hold anything β and whatever it holds becomes a potential target when a buffer sits nearby without bounds checking. In this case, variable B controlled administrative access. The developer never intended it to be reachable from user input. But without bounds checking on variable A, it was reachable through the overflow. The attacker changed a value the developer considered protected β using a single 9-character word.