What is a buffer overflow?
Like a flooding river, a buffer overflow has the potential to cause significant damage. To understand why, let’s begin at the source of the problem. In low-level languages that access and write memory, a part of this memory stays allocated for temporary data that needs to be saved during run-time. This part of memory is called a buffer. A buffer overflow happens when the data that needs to be saved exceeds the allocated memory space in the buffer.
A buffer overflow can happen when developers predict wrongly how much space is required, or if some of the allocated memory is already occupied. If the buffer is not large enough to store the needed data, this information leaks into other parts of the program. An overflow can have several consequences: the program may slow down or crash, bad data may be returned, or a an attacker could even run other programs or commands in the overflow, causing unintended behaviors.
Let’s look at it into more detail with an example:
Buffer Overflow Example
As you can see in the image above, memory is made of different parts. Between the stack and the heap, there is a buffer area, which allows both to grow during run time.
If we look at a stack in detail, we can see different sections:
Function: the calling function written by the developer
Parameters: the parameters needed by the function
Return: it tells the program what to do after it has executed the function
Basepointer: marks the start of a function stack frame
Buffer: the allocated space for data
In this example, we have a program that allocated 20 bits of buffer. If we inject more than that amount, say 30 bits, the data will overflow.
Because of the nature of the memory, the data will overflow upwards towards the function. Once it gets to the return section, that is where the problems start.
If an attacker injects data in the return that points to the address of malicious code, the program will run it, causing severe consequences.
Scan your application for vulnerabilities with Kiuwan Code Security
Identify buffer overflow vulnerabilities in your code
Scan your code in just minutes. Check for compliance with major security standards including CWE/SANS-25, OWASP Top 10, PCI-DSS, and more.
Integrate with your DevOps environment
Add Kiuwan Code Security to your IDE for instant analysis and with your CI/CD tools to scan during the build.
Reach your security goals with action plans
Calculate your risk index and the hours of effort required to reach your target security level. Generate a custom plan with the What-If simulator.
What types of buffer overflow are there?
Here are the most well-known types of buffer overflow, beginning with the most common:
This involves overflowing a buffer on the call stack, as described above.
Same as stack overflow, but it takes place in an open memory pool.
An arithmetic operation results in an integer that is too large for the integer type meant to store it.
How can buffer overflow be exploited by attackers?
Buffer overflow issues are exploited by attackers by overwriting the memory of an application.
An attacker can act in various ways:
Intentionally feed input that the buffer cannot store and overwrite areas that hold executable code, replacing it with their own malicious code.
Change the execution path of a program to trigger a response that may expose private information.
Introduce extra code to gain access to IT systems.
Overwrite a pointer to gain control over the program.
Buffer overflow attacks against both legacy and newly-developed applications are still quite common, in part due to the wide variety of ways that buffer overflows can occur. Many popular apps have had buffer overflow vulnerabilities, including Whatsapp, macOs Catalina, and NVIDIA Shield TV.
Here are some of the most famous buffer overflow attacks:
The Morris Worm: In 1988, over 60,000 machines were infected by a worm planted in a buffer overflow with the ability to self-propagate. Although the creator of this bug stated that he did not mean any harm with it and only wanted to highlight security flaws, he was the first to be convicted under the Computer Fraud and Abuse Act.
Heartbleed: This weakness exposed information that is normally protected under SSL/TLS encryption. Hackers could manipulate the heartbeat request on a website that uses OpenSSL and then receive as an answer a lot of information, including confidential information. View a video about how it works here.
SQL Slammer: the SQL Slammer was a bug implanted in 2003 in a version of Microsoft SQL that spread like wildfire: doubling in size every 8.5 seconds. This caused internet outages and loss of cell phone coverage all over the world.
Kiuwan is trusted by 7000+ users
in 500+ companies worldwide
‘The components of Kiuwan help us dig into our source code and discover hidden flaws that may compromise its security and maintenance.
They are easily configurable, providing ready-to-use information.’
Jaime G, Technical Manager in IT Directorate
How Can You Prevent Buffer Overflow Attacks?
C and C++ are programming languages prone to buffer overflow. If possible, use another language like COBOL, Java, and Python that do not allow direct memory access. Consider safety versus performance costs when deciding which language and compiler setting to use.
Address space layout randomization
ASLR randomly arranges the locations of different parts of the program in memory, working together with virtual memory management. This prevents attackers from learning where their target is.
Buffer overflow protection
Enhance the security of executable programs by detecting buffer overflows on stack-allocated variables and preventing them from causing program misbehavior or from becoming serious security vulnerabilities.
Executable space protection
Mark memory regions as non-executable. This will prevent executing machine code in these regions. Any attempts will cause an exception.
Avoid standard library functions that are not bounds checked, such as gets, scanf and strcpy. Bounds checking in abstract data type libraries can reduce the occurrence and impact of buffer overflows.
Static code analysis
Scan your code for buffer overflow vulnerabilities with a Static Application Analysis Tool like Kiuwan and get tips on how to prevent them from being exploited.
Make Buffer Overflow Prevention Part of your DevOps Process
Kiuwan Code Security integrates with leading CI/CD tools so that you can take a DevOps approach to buffer overflow prevention.
Scan your code securely on your own local server as part of your build process.
Upload scan results to the cloud and share them with the development team.
Generate an automatic action plan and calculate the effort required to remediate vulnerabilities.
Apply what-if analysis and customize the plan to fit your team’s needs, then track the progress toward your goals.
On the right: Kiuwan Action Plans
Enjoy a comprehensive Kiuwan trial today!