Skip to content

Buffer Overflow

Understanding Buffer Overflow Attacks: A Threat to Software Integrity

Prevent Buffer Overflows in our Demo
Table of Contents

What is buffer overflow?

Buffers provide a temporary area for programs to store data. A buffer overflow, also known as a buffer overrun, is when a program overruns a buffer's boundary and overwrites adjacent memory locations in the process. When more data than was originally allocated to be stored gets placed by a program or system process, the extra data “overflows,” causing some of that data to leak out into other buffers, in this way overwriting or corrupting the data they were holding.

Types of buffer overflow attacks

There are two types of buffer overflows: stack-based and heap-based. Heap-based buffer overflows attack an application by flooding the memory space reserved for a program. Stack-based buffer overflows, which are more common among attackers, exploit applications and programs by using what is known as a stack, the memory space used to store user input.

What is a buffer overflow attack?

A buffer overflow attack is designed to exploit a buffer overflow vulnerability that allows the inclusion of extra data holding specific instructions for the desired actions of a hacker or malicious user; for example, the data could trigger a buffer overflow exploit, causing actions that damage files, change data, or even reveal sensitive/private information.


Learn More About Contrast Security

Contrast is the clear customers’ choice

Contrast is named a Customers’ Choice in the 2021 Gartner Peer Insights “Voice of the Customer”: Application Security Testing report. With the highest percentage of 5-star ratings, this is the third consecutive year Contrast has received this powerful endorsement from customers.


Built for Developers. Trusted by Security.


Learn Secure Code

Cross Site Scripting (XSS)


Learn about Cross site scripting (XSS) and how it affects your Java source code

SQL Injection - Java-1


Learn about SWL injection and how it affects your Java source code

Client Side Injection


Learn about client-side injection and how it can affect your source code