// THREAT DETECTION AND DATA PRIVACY TERM
Buffer Overflow
A buffer overflow is a security flaw that happens when a program tries to put more data into a temporary storage area (a buffer) than it can hold. This extra data spills over, corrupting adjacent memory, which can crash the system or allow attackers to run their own malicious code.
TECHNICAL DEFINITION
A buffer overflow is a memory corruption vulnerability where a process writes data beyond the boundaries of a fixed-length buffer, overwriting adjacent memory locations on the stack or heap. This exploit can lead to a denial-of-service (DoS) by crashing the program or enable arbitrary code execution by overwriting critical control-flow data, such as a function's return address.
BACKGROUND
In computer security, a vulnerability is a flaw or weakness in a system's design, implementation, or management that can be exploited by a malicious actor to compromise its security.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- buffer overrun
- stack smashing
- memory corruption
- overwrite vulnerability
- buffer overflow attack
USAGE NOTE
This classic vulnerability is most prevalent in low-level languages like C and C++ that do not perform automatic bounds checking.
DEVELOPERS
Organizations developing technology related to Buffer Overflow.
A leader in Application Security Testing (AST), providing tools like Coverity (SAST) that analyze source code to detect vulnerabilities such as buffer overflows early in the software development lifecycle.
Offers a comprehensive cloud-based application security platform that uses static analysis (SAST) and dynamic analysis (DAST) to find and help remediate security flaws, including various types of buffer overflows.
Provides a software security platform that includes static application security testing (SAST) solutions. Its tools identify buffer overflow vulnerabilities and other coding flaws directly within the development process.
Develops and implements fundamental buffer overflow mitigations at both the operating system (Windows) and compiler (Visual Studio) levels, such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and stack canaries (/GS flag).
A non-profit organization that manages federally funded research. They maintain the Common Weakness Enumeration (CWE), a standard categorization of software weaknesses that is instrumental in defining and identifying buffer overflows for security tools and professionals.
Specializes in advanced static analysis tools, such as CodeSonar, for detecting critical defects and security vulnerabilities in source code. The company's technology is used to prevent memory-related errors like buffer overflows in critical systems.
Develops cybersecurity solutions, including endpoint protection platforms (Cortex XDR), that incorporate advanced exploit prevention technology designed to block memory corruption attacks, such as buffer overflows, in real-time.
Located at Carnegie Mellon University's Software Engineering Institute, CERT/CC is a major cybersecurity research center that analyzes vulnerabilities and publishes secure coding standards to help developers prevent flaws like buffer overflows.