Buffer overflow

A type of attack aimed at a common flaw in the way software is written (particularly in the very common programming language C).

Buffer overflows are best explained by way of an example. Let's say a given application includes an input field - it asks each visitor to your website to type in their password. The application sets aside a certain amount of memory (a buffer) to hold that visitor's answer. If the application isn't written correctly, the visitor might be able to input a bunch of gibberish that would fill up the available buffer space, and then "spill over" outside the buffer. Clever attackers include system commands in that spill-over, and the computer may execute those commands since the input is no longer going into the password buffer.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.