This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Periodic Table of Vulnerabilities - Buffer Overflow

Jump to: navigation, search

Return to Periodic Table Working View

Buffer Overflow

Root Cause Summary

The application allows an attacker to supply more data than will fit in a pre-allocated block of memory and overwrite existing instructions or data.

Browser / Standards Solution


Perimeter Solution

The perimeter should defend applications from known worm/exploit signatures such as Code Red and alert or block suspicious payloads (e.g. thousands of characters or shellcode signatures).

Generic Framework Solution

The framework should be built on a memory-managed platform which prohibits direct memory access.

Custom Framework Solution


Custom Code Solution


Discussion / Controversy

Even if the overhead of a managed platform costs a few extra CPUs, the cost is vanishingly small compared to the extra cost of code review and testing required to ensure that the application is secure against buffer overflow bugs.


Buffer Overflow