Prevent Buffer Overflow Attacks with Kiuwan

Buffer overflow is one of the best-known forms of software security vulnerability. Learn how buffer overflow occurs, how it can be exploited, and strategies to prevent buffer overflow attacks in your application.

REQUEST A TRIAL   LEARN WHY BUSINESSES NEED APPSEC

buffer overflow attack

 

 

What is a buffer overflow?

 

buffer overflow

Like a flooding river, a buffer overflow has the potential to cause significant damage. To understand why, let’s begin at the source of the problem. In low-level languages that access and write memory, a part of this memory stays allocated for temporary data that needs to be saved during run-time. This part of memory is called a buffer. A buffer overflow happens when the data that needs to be saved exceeds the allocated memory space in the buffer. 

A buffer overflow can happen when developers predict wrongly how much space is required, or if some of the allocated memory is already occupied. If the buffer is not large enough to store the needed data, this information leaks into other parts of the program. An overflow can have several consequences: the program may slow down or crash, bad data may be returned, or a an attacker could even run other programs or commands in the overflow, causing unintended behaviors.
Let’s look at it into more detail with an example:  


Buffer Overflow Example

 

buffer overflow example

 

As you can see in the image above, memory is made of different parts. Between the stack and the heap, there is a buffer area, which allows both to grow during run time. 
If we look at a stack in detail, we can see different sections: 
  • Function: the calling function written by the developer
  • Parameters: the parameters needed by the function 
  • Return: it tells the program what to do after it has executed the function 
  • Basepointer: marks the start of a function stack frame
  • Buffer: the allocated space for data 

In this example, we have a program that allocated 20 bits of buffer. If we inject more than that amount, say 30 bits, the data will overflow.
Because of the nature of the memory, the data will overflow upwards towards the function. Once it gets to the return section, that is where the problems start. 
If an attacker injects data in the return that points to the address of malicious code, the program will run it, causing severe consequences.

 

 

 

 

Scan your application for vulnerabilities with Kiuwan Code Security

secure your entire SDLC

Identify buffer overflow vulnerabilities in your code

Scan your code in just minutes. Check for compliance with major security standards including CWE/SANS-25, OWASP Top 10, PCI-DSS, and more. 

licensing options

Integrate with your DevOps environment

Add Kiuwan Code Security to your IDE for instant analysis and with your CI/CD tools to scan during the build.

fast vulnerability detection

Reach your security goals with action plans

Calculate your risk index and the hours of effort required to reach your target security level. Generate a custom plan with the What-If simulator.

 

REQUEST A TRIAL   LEARN WHY BUSINESSES NEED APPSEC

 

 

What types of buffer overflow are there?

 

Here are the most well-known types of buffer overflow, beginning with the most common:

Stack overflow

This involves overflowing a buffer on the call stack, as described above. 

Heap overflow

Same as stack overflow, but it takes place in an open memory pool.

Integer overflow

An arithmetic operation results in an integer that is too large for the integer type meant to store it.

Unicode overflow

Unicode characters are inserted into an input that expects ASCII characters.

 

How can buffer overflow be exploited by attackers?

 

Buffer overflow issues are exploited by attackers by overwriting the memory of an application. 
An attacker can act in various ways: 
  • Intentionally feed input that the buffer cannot store and overwrite areas that hold executable code, replacing it with their own malicious code. 
  • Change the execution path of a program to trigger a response that may expose private information.
  • Introduce extra code to gain access to IT systems.
  • Overwrite a pointer to gain control over the program. 
Buffer overflow attacks against both legacy and newly-developed applications are still quite common, in part due to the wide variety of ways that buffer overflows can occur. Many popular apps have had buffer overflow vulnerabilities, including Whatsapp, macOs Catalina, and NVIDIA Shield TV.

Here are some of the most famous buffer overflow attacks: 
  • The Morris Worm: In 1988, over 60,000 machines were infected by a worm planted in a buffer overflow with the ability to self-propagate. Although the creator of this bug stated that he did not mean any harm with it and only wanted to highlight security flaws, he was the first to be convicted under the Computer Fraud and Abuse Act
  • Heartbleed: This weakness exposed information that is normally protected under SSL/TLS encryption. Hackers could manipulate the heartbeat request on a website that uses OpenSSL and then receive as an answer a lot of information, including confidential information. View a video about how it works here
  • SQL Slammer: the SQL Slammer was a bug implanted in 2003 in a version of Microsoft SQL that spread like wildfire: doubling in size every 8.5 seconds. This caused internet outages and loss of cell phone coverage all over the world. 

 

REQUEST A KIUWAN TRIAL

 

 

Trusted by 12000+ users worldwide

LEARN MORE

‘The components of Kiuwan help us dig into our source code and discover hidden flaws that may compromise its security and maintenance.
They are easily configurable, providing ready-to-use information.’ 
Jaime G, Technical Manager in IT Directorate

Read full review

gartner reviewcapterra ratingg2crowd

 

 

How Can You Prevent Buffer Overflow Attacks?

Avoid C/C++

C and C++ are programming languages prone to buffer overflow. If possible, use another language like COBOL, Java, and Python that do not allow direct memory access. Consider safety versus performance costs when deciding which language and compiler setting to use.

Address space layout randomization

ASLR randomly arranges the locations of different parts of the program in memory, working together with virtual memory management. This prevents attackers from learning where their target is.

Buffer overflow protection

Enhance the security of executable programs by detecting buffer overflows on stack-allocated variables and preventing them from causing program misbehavior or from becoming serious security vulnerabilities.

Executable space protection

Mark memory regions as non-executable. This will prevent executing machine code in these regions. Any attempts will cause an exception.

Bounds checking

Avoid standard library functions that are not bounds checked, such as gets, scanf and strcpy. Bounds checking in abstract data type libraries can reduce the occurrence and impact of buffer overflows.

Static code analysis

Scan your code for buffer overflow vulnerabilities with a Static Application Analysis Tool like Kiuwan and get tips on how to prevent them from being exploited. 

 

REQUEST A KIUWAN TRIAL

 

Make Buffer Overflow Prevention Part of your DevOps Process

 

  • Kiuwan Code Security integrates with leading CI/CD tools so that you can take a DevOps approach to buffer overflow prevention.
  • Scan your code securely on your own local server as part of your build process.
  • Upload scan results to the cloud and share them with the development team.
  • Generate an automatic action plan and calculate the effort required to remediate vulnerabilities.
  • Apply what-if analysis and customize the plan to fit your team’s needs, then track the progress toward your goals.

 

On the right: Kiuwan Action Plans

action plans

Multilingual

30+ technologies & growing – see all

 

technologies

Integrates with

 your DevOps environment

 

integrations


 

 

Experience Kiuwan

Enjoy a comprehensive Kiuwan trial today!

REQUEST A KIUWAN TRIAL