Heap Buffer Overflow

Occurs when a program writes more data to a dynamically allocated buffer on the heap than the buffer can hold, leading to the overflow of adjacent heap memory regions. This overflow into adjacent memory locations can lead to overwriting other data, corrupting the program's execution, and leading to security vulnerabilities or crashes.

Remediation:

*Input Validation Strategy*: Assume all input is malicious and use an *"accept known good"* input validation strategy. Reject any input that does not conform to specifications
When performing input validation, consider all potentially relevant properties including length, type, range of acceptable value, missing or extra inputs, syntax etc.
Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available. *Note:* this approach is still susceptible to calculation errors such as Off-by-one (link:https://cwe.mitre.org/data/definitions/193.html[CWE-193]) and Incorrectly calculating buffer lengths (link:https://cwe.mitre.org/data/definitions/131.html[CWE-131])

Metadata

Severity: high
Slug: heap-buffer-overflow

CWEs

120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Available Labs

Open C labs in SecDim Play for this vulnerability.

easy

Heap Buffer Overflow.c

C Easy Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.