Buffer Overflow is a vulnerability in software due to improper boundary checks, where an attacker exploits the target system by writing overwhelming data to the software memory buffer to overflow the buffer’s capacity and then making the malicious data to be written in the adjacent memory location giving un-authorized access.
There are two types of buffer overflow:
Stack Based Over Flow is an attack where an attacker gets control of the Extended Instruction Pointer (EIP) of Stack Memory which points to the next instruction to be executed and then makes the EIP to point to the memory location in which the malicious process instruction is present.
Heap Based Over Flow is almost same as stack over flow attack. Heap is dynamic memory allocation given to a program during the run time. The attacker takes the control of the Heap memory allocation and points it to the malicious code.
Common Weakness Enumeration (CWE) References