In information security and programming, a buffer overflow, also known as a buffer overrun, is a software coding vulnerability or error that cybercriminals can abuse to obtain unauthorized access to a company’s system.
The software error focuses on buffers, which are areas of memory that temporarily store data, typically as it is moved from one section of a program to another, or between programs. A buffer overflow happens when the amount of data in the buffer surpasses its storage space.
Because buffers are designed to hold a limited amount of information, any additional data that needs to go somewhere can overflow into adjoining buffers, corrupting or overwriting the valid data held in them. As a result, the program may exhibit erratic behavior, such as memory access errors, inaccurate results, and crashes.
These data buffers are typically located in RAM. Buffering is widely used by computers to improve performance and by most modern hard drives and online services to speed up data access. As previously stated, buffer overflows can be exploited by malicious actors to corrupt software. Despite being well understood, buffer overflow attacks remain a significant security issue that worries cybersecurity experts.
What Is a Buffer Overflow Attack?