Jump to content

Buffer overflow

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 193.158.163.xxx (talk) at 22:29, 5 October 2001 (create: buffer overflow (definition, security impact, small history)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

A buffer overflow is a special type of bug in a computer program. When the length limitation of a space reserved for data - a so called buffer - is not properly enforced, a buffer overflow may happen. The buffer is filled with the input data and, in case the input data is longer than the buffer size, the end of the buffer and the space behind it is overwritten.

A buffer overflow can result in a security vulnerability, in which an attacker can overflow the space behind the buffer with special crafted content which redirects the execution path of the program. A program which can take advantage of a security vulnerability, and a buffer overflow in particular is called 'exploit'. Determining the actual exploitability of a buffer overflow can be very difficult even to experienced programmers, since it involves a lot of high and low level knowledge of the architecture internals and the target program.

In 1989, the Morris Internet worm used a buffer overflow, exploited remotely over the network, to propagate itself. Even after this incident, buffer overflows were virtually ignored as security issue by the public. Later, in 1995, Thomas Lopatic independently reinvented the buffer overflow and published his findings on the Bugtraq security mailing list, which caused a wave of new security relevant buffer overflows to be found.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Buffer_overflow&oldid=355106446"