Chapter 27 Β· Glossary

Buffer Overflows β€” Glossary

6 key terms covering how buffer overflows work, what makes them dangerous, and how developers prevent them.

Buffer
A fixed area of memory reserved by a program to hold data temporarily while it is being processed. Every program that runs on a computer uses memory to store data. The buffer is the specific, allocated region set aside for incoming data β€” for example, an 8-byte buffer designed to receive user input. The developer decides how large the buffer is when writing the program. That size is fixed at design time.
Buffer Overflow
A vulnerability that occurs when a program writes more data into a buffer than the buffer was allocated to hold. The first bytes fill the buffer exactly as designed. The excess bytes overflow β€” they spill into whatever memory sits directly adjacent to the buffer. That adjacent memory is overwritten with the overflow data, regardless of what was stored there. The developer did not intend this; the program has no protection against it when bounds checking is absent.
Adjacent Memory
Memory that sits directly next to a buffer in the program's allocated memory space. When a buffer overflow occurs, the excess data does not disappear β€” it lands in adjacent memory, overwriting whatever was stored there. Adjacent memory can hold anything: another variable, a permission flag, a value that controls what the program does next. The content of adjacent memory determines what damage or what opportunity the overflow creates for the attacker.
Bounds Checking
The developer technique that prevents buffer overflows. Before writing data into a buffer, the program checks whether the incoming data actually fits β€” is the data smaller than or equal to the buffer's allocated size? If yes, the write proceeds. If no, the write is rejected. Bounds checking is the developer's responsibility. If performed correctly everywhere data is written into memory, buffer overflows cannot occur. Most overflows exist because a developer forgot to check, checked the wrong size, or used a function that does not check at all.
Repeatability
The key requirement that separates a dangerous buffer overflow exploit from an unimportant one. A repeatable overflow produces exactly the same outcome β€” in the same place, changing memory in the same way β€” every single time the attacker sends the specific input. Not sometimes. Not most of the time. Every time. When an attacker achieves repeatability, the overflow can be turned into a reliable tool, automated, and deployed against every machine running the vulnerable software. Without repeatability, an overflow may only crash the application β€” a denial of service, not a useful exploit.
Privilege Escalation
Gaining a higher level of system access than the attacker was originally permitted. A classic consequence of a successfully exploited buffer overflow β€” when the overflow changes a value in adjacent memory that controls access rights or permissions, the attacker may gain administrator or elevated access without ever providing a valid credential. In the variable A/B demonstration, overflowing the word "excessive" into variable B raises its value above the administrator threshold of 24,000 β€” granting admin rights without any username or password.