• Occurs when a process stores data outside the memory range allocated by the developer
• Common initial attack vector in data breaches
  • 85% of data breaches used buffer overflow as the initial vector
• Attackers exploit the excess data written beyond buffer boundaries to manipulate program execution

Buffers

• Temporary storage areas used by programs to hold data
• They have a defined memory capacity, just like a glass holding a limited amount of water
• Overflowing a buffer results in data spilling into adjacent memory locations, causing unintended consequences

Technical Aspects

• Stack — Programs have a reserved memory area called a stack to store data during processing
• The stack uses a “first in, last out” organization
• Stack contains return addresses when a function call instruction is received
• Attackers aim to overwrite the return address with their malicious code’s address

Smashing the Stack

• Attackers aim to overwrite the return address with a pointer to their malicious code
• When the non-malicious program hits the modified return address, it runs the attacker’s code
• This gives attackers a command prompt on the victim’s system for remote code execution

NOP Slide

• Attackers fill the buffer with NOP (No-Operation) instructions
• The return address slides down the NOP instructions until it reaches the attacker’s code

Mitigations against Buffer Overflow Attack