There are two kinds of things stored in computer memory: data and instructions. To the computer, those look the same, the difference is just in how it interprets them. With a buffer overflow attack, you write data that extends into a memory area where the computer thinks instructions are stored. You overwrite the original instructions and make the computer execute the new ones you just put there a post of your data. Many computer security issues boil down to not having an inherent difference between data and instructions. Unfortunately, so do some really neat programming tricks, so people are attached to that property. Answer from erisdottir on reddit.com
🌐
Fortinet
fortinet.com › resources › cyberglossary › buffer-overflow
What Is Buffer Overflow? Attacks, Types & Vulnerabilities | Fortinet
Attackers use a buffer overflow to corrupt a web application’s execution stack, execute arbitrary code, and take over a machine. Flaws in buffer overflows can exist in both application servers and web servers, especially web applications that use libraries like graphics libraries.
🌐
OWASP Foundation
owasp.org › www-community › attacks › Buffer_overflow_attack
Buffer Overflow Attack | OWASP Foundation
Buffer overflow errors are characterized by the overwriting of memory fragments of the process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and ...
Discussions

How do buffer overflow attacks work?
how do people discover a vulnerability without viewing the source code? It's really easy to feed a very long input to something and notice that it crashes. That's usually a pretty good sign that it's vulnerable to exploitation and that you should take a closer look. There are researchers (both black hat and white hat) that are constantly doing this to every aspect of every program they can find. Isn't this something that most programs account for? You'd think that, but no. It's perhaps not as bad as it used to be, but people are constantly finding exploits. Many times it's not at all obvious from looking at the source code that a vulnerability exists, e.g. it might require a certain sequence of events to happen in the right order. Does anyone have an example of a specific buffer overflow attack? There are vulnerability databases filled with thousands of specific examples. More on reddit.com
🌐 r/learnprogramming
35
76
March 12, 2015
Buffer Overflow in the New OSCP
No BOF https://www.offsec.com/offsec/oscp-exam-structure/ More on reddit.com
🌐 r/oscp
18
18
May 5, 2024
Buffer overflows in the wild?

Lots of imbeded software is written in C, so your vector of attack into a network could be through a poorly secured smart device

More on reddit.com
🌐 r/hacking
12
4
September 6, 2024
Where would I find an explanation of Buffer Overflow or Stack overflow Computer Science
What sort of knowledge do you already have? Do you know how to program, and if so what languages? If you know how to program in a low-level language like C, then you can get a detailed answer that explains exactly what's going on. If you know how to program in a high-level language like Python, then you can get a slightly less detailed answer. If you don't program at all then you're just going to get an analogy or a layperson explanation. More on reddit.com
🌐 r/learnprogramming
6
1
May 10, 2024
People also ask

How does a buffer overflow attack work?
A buffer overflow attack works when an attacker manipulates coding errors to overwrite computing memory. They can then carry out malicious actions like stealing data and compromising systems.
🌐
fortinet.com
fortinet.com › resources › cyberglossary › buffer-overflow
What Is Buffer Overflow? Attacks, Types & Vulnerabilities | Fortinet
Why is buffer overflow a vulnerability?
Buffer overflow is a vulnerability because it overflows memory storage capacity, which overwrites memory data.
🌐
fortinet.com
fortinet.com › resources › cyberglossary › buffer-overflow
What Is Buffer Overflow? Attacks, Types & Vulnerabilities | Fortinet
What is a buffer stack overflow?
A buffer stack overflow is a software coding error hackers can use to exploit a vulnerability and gain unauthorized access to corporate systems.
🌐
fortinet.com
fortinet.com › resources › cyberglossary › buffer-overflow
What Is Buffer Overflow? Attacks, Types & Vulnerabilities | Fortinet
🌐
Reddit
reddit.com › r/explainlikeimfive › eli5: what is a buffer overflow attack and how does it allow attackers to take control of a computer?
r/explainlikeimfive on Reddit: ELI5: What is a buffer overflow attack and how does it allow attackers to take control of a computer?
February 27, 2026 -

Every description of a buffer overflow (which seems to be a very common type of computer exploit) shows something like a text string that is longer than the memory reserved for a variable, but how does this provide an attacker with a way to compromise your computer?

How does a buffer overflow work Mar 5, 2026
r/HowToHack
4mo ago
ELI5: What is the point of buffer overflow attacks? Mar 9, 2024
r/cybersecurity
2y ago
Guide to Stack Buffer Overflow (OSCP) Mar 29, 2021
r/hacking
5y ago
Buffer Overflow Vulnerability C Code Feb 28, 2023
r/C_Programming
3y ago
More results at reddit.com
🌐
Cloudflare
cloudflare.com › learning › security › threats › buffer-overflow
What Is Buffer Overflow?
Buffer overflows can be exploited by attackers with a goal of modifying a computer’s memory in order to undermine or take control of program execution.
🌐
Imperva
imperva.com › home › appsec › buffer overflow attack
What is a Buffer Overflow | Attack Types and Prevention Methods | Imperva
December 21, 2023 - If the transaction overwrites ... errors, or crashes. ... Attackers exploit buffer overflow issues by overwriting the memory of an application....
Find elsewhere
🌐
GeeksforGeeks
geeksforgeeks.org › c++ › buffer-overflow-attack-with-example
Buffer Overflow Attack with Example - GeeksforGeeks
January 29, 2025 - Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a user's input. There are two types of buffer overflows: stack-based and heap-based. Heap-based, which are difficult to execute and the least common of the two, attack an application by flooding the memory space reserved for a program.
🌐
Wikipedia
en.wikipedia.org › wiki › Buffer_overflow
Buffer overflow - Wikipedia
4 weeks ago - By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold executable code and replace it with malicious code, or to selectively overwrite data pertaining to the program's state, therefore causing behavior that was not intended by the original programmer. Buffers are widespread in operating system (OS) code, so it is possible to make attacks ...
🌐
Code Intelligence
code-intelligence.com › blog › buffer-overflows-complete-guide
Everything about Buffer Overflows | Blog | Code Intelligence
When a function is called, the local variables are stored in the stack, and if a buffer within the stack overflows, it can overwrite the return address. Attackers exploit this by overwriting the return address with their own malicious code, redirecting the program’s execution flow.
🌐
Reddit
reddit.com › r/learnprogramming › how do buffer overflow attacks work?
r/learnprogramming on Reddit: How do buffer overflow attacks work?
March 12, 2015 -

I understand how they function in general, but how do people discover a vulnerability without viewing the source code? Isn't this something that most programs account for? Does anyone have an example of a specific buffer overflow attack?


Edit: Thanks for the great replies everyone. I noticed that there were a few comments asking what buffer overflows were below, and I didn't include anything in my original post about it so I will include a very brief and simple explanation here so that those coming in who don't have experience in a low level language like C can understand what the comments in this thread are referring to. u/Hexorg has a great explanation of them below as well.

Suppose that you create an array of char large enough to hold 10 characters; the computer is then going to allocate enough space in memory to store those 10 characters. Suppose then you take input from the user and store their input in this array. If the size of their input is <10 characters, there is no issue -- the input is simply stored in the array and the program moves on. Now suppose that the input is greater than 10 characters. If there is nothing built in to detect and stop an input larger than the size of the array from being stored, then the input is going to overflow into memory, onto the program stack, and overwrite whatever is currently stored there. Some malicious users can abuse this vulnerability by including instruction encoding that the program will execute in place of what was previously there and cause it to perform in ways it was never intended to.

Those of you who are far more knowledgeable about this, please by all means correct me on anything that is wrong in my explanation. I just want everyone coming in to understand what is being discussed.


Edit 2: I posted this as a comment but I will post it here so it gets more exposure and more people have an opportunity to answer:

I guess what is still confusing is how someone knows where to pass a return address for whatever instructions they want to execute without viewing the stack. I see how it would be easy to just pass in an arbitrarily large string of characters and see if it crashes the program -- obviously you wouldn't need to actually view the stack to do this; but how do people actually cause a program to execute their own set of instructions passed in via their input without knowing where the programs return is in order to give it the address of their own exploit instructions? My understanding is that you would have to pass in a string of a specific size so that the address reached the point on the stack where the return instruction executes.

🌐
Contrast Security
contrastsecurity.com › glossary › buffer-overflow
Buffer Overflow | Types of Buffer Overflow Attacks
A buffer overflow attack is designed to exploit a buffer overflow vulnerability that allows the inclusion of extra data holding specific instructions for the desired actions of a hacker or malicious user; for example, the data could trigger ...
🌐
Jackson State University
jsums.edu › nmeghanathan › files › 2015 › 05 › CSC437-Fall2013-Module-5-Buffer-Overflow-Attacks.pdf pdf
Module 5: Buffer Overflow Attacks Dr. Natarajan Meghanathan
Overview of Buffer Overflow Attacks · • A buffer overflow can occur when a process (as a result of · programming error) attempts to store data beyond the · limits of a fixed-size buffer and consequently overwrites · adjacent memory locations. – The locations could hold other program variables or parameters or ·
🌐
Kiuwan
kiuwan.com › blog › buffer-overflow-attacks
Buffer Overflow Attacks: Causes, Outcomes, and Prevention | Kiuwan
December 4, 2025 - A buffer overflow attack is a vulnerability in software security that can have severe business consequences. Learn how to address and avoid it.
🌐
OWASP Foundation
owasp.org › www-community › vulnerabilities › Buffer_Overflow
Buffer Overflow | OWASP Foundation
In a classic buffer overflow exploit, the attacker sends data to a program, which it stores in an undersized stack buffer. The result is that information on the call stack is overwritten, including the function’s return pointer.
🌐
Medium
medium.com › @delta_core › exploiting-buffer-overflows-a-detailed-professional-guide-80a224f76a2b
Exploiting Buffer Overflows: A Detailed Professional Guide | by Delta | Medium
March 15, 2025 - When critical data — like the return address of a function — is overwritten, the attacker can redirect the program’s execution flow. This redirection can lead to: Arbitrary Code Execution: Injecting shellcode (malicious payload) that the CPU executes. System Compromise: Elevating privileges or executing commands that compromise the entire system. Service Disruption: Crashing the program or causing a denial of service (DoS). Consider the following C program that demonstrates a classic buffer overflow vulnerability:
🌐
Black Duck
blackduck.com › blog › detect-prevent-and-mitigate-buffer-overflow-attacks.html
Buffer Overflow Attacks: Detection, Prevention & Mitigation | Black Duck Blog
March 31, 2024 - This is due to the fact that it functioned in part by filling a buffer in the UNIX fingerd protocol with exploit code, then overflowing that buffer to modify the return address to point to the buffer filled with exploit code. ASLR and DEP would have made it more difficult to pinpoint the address to point to, if not making that area of memory non-executable completely. Sometimes a vulnerability slips through the cracks, remaining open to attack despite controls in place at the development, compiler, or operating system level.
🌐
YouTube
youtube.com › watch
What is Buffer Overflow Attack? Causes and Types of Buffer Overflows - YouTube
Buffer overflows are not only inconvenient, but dangerous too. Buffer overflow happens when a program or process tries to write more data than the memory buf...
Published   July 10, 2025