(also buffer overflow, buffer overrun, buffer overflow exploit)
A security exploit where the attacker deliberately overloads a program’s buffer (temporary storage used when moving data) to make it overwrite adjacent memory locations. This can change the app’s execution path, resulting in damaged files or exposure of sensitive data. In some cases, attackers can even insert sophisticated malicious scripts into a program’s executable code.
Buffer overflow attacks are the most common type of DDoS attack. They affect nearly all applications and web servers, although some programming languages are more susceptible than others. In particular, PERL, Java, JavaScript, and C# have inbuilt safeguards against buffer overflow attacks.
1988: The Morris Worm accidentally crashed ARPANET (the precursor to the internet) as the result of a buffer overflow attack.
2019: Hackers exploited voice-over-internet protocol vulnerabilities to carry out a successful buffer overflow attack on WhatsApp and inject malware into many users’ devices.