Word of the Day: buffer overflow

Word of the Day Daily updates on the latest technology terms |February 14, 2018

buffer overflow Buffer overflow is an attack vector that can be exploited by sending more data to a fixed length block of memory (buffer) than the fixed length block of memory is allocated to hold. When there is excess data, it gets written to an adjacent buffer and will overwrite whatever data is being held there. Buffers are vulnerable to attack when applications fail to validate input from the client or other processes and flag or discard data when too much is sent to a memory buffer. Buffer overflow always ranks high in the Common Weakness Enumeration/SANS Top 25 Most Dangerous Software Errors and is specified as CWE-120 under the Common Weakness Enumeration dictionary of weakness types. Despite being well understood, buffer overflows continue to plague software from vendors both large and small. Vendors issue patches and updates for their software to fix buffer overflow vulnerabilities that have been discovered, but there is still a period of risk between the vulnerability being discovered and the patch being created and deployed.   Techniques to exploit buffer overflow vulnerabilities vary based on the operating system and programming language, but the goal is always to manipulate a computer's memory to subvert or control program execution. Buffer overflows are categorized according to the location of the buffer in the process memory, the two main types being stack-based overflow and heap-based overflow. Read more... Quote of the Day "A buffer overflow can be thought of as data that goes outside the bounds of a block of allocated memory to corrupt data, crash the program or allow the execution of malicious code." - Daniel Allen   Trending Terms buffer attack vector Common Weakness Enumeration integer overflow Unicode address space layout randomization stack overflow   Learning Center How did a Microsoft Equation Editor flaw put systems at risk? A Microsoft Equation Editor vulnerability put systems at risk of compromise. Learn how the flaw worked and how enterprises can protect themselves. How climate change threats can inform cybersecurity strategies There are several parallels between climate-related threats to critical infrastructure and data risk. Can the connection help companies develop effective cybersecurity strategies? How can attacks bypass ASLR protection on Intel chips? Attackers can bypass ASLR protection and conduct local attacks on any platform due to an Intel chip flaw. Find out how to protect your enterprise. Broadpwn flaw: How does the new iOS exploit compare? A researcher at Google's Project Zero developed an iOS exploit that mimics Broadpwn. Expert Kevin Beaver explains how it works. How do code-reuse attacks bypass Windows 10 security features? Code-reuse attacks use counterfeit object-oriented programming to bypass Windows 10 security features. Here's a look at how that works and how to stop it. Writing for Business It only takes one user ________ security policies to give an attacker access to network data. a. flouting b. flaunting Answer   Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2016 TechTarget. All rights reserved.