Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

C program

In C programs, execution starts with the main function, such as int main(int argc, char **argv) {. The program may copy user input into a fixed-size array, like char name[12];, without checking length (using strcpy). If the input exceeds the array size, it can overwrite memory, including the Return Pointer, letting attackers control the CPU’s execution.img_bufferoverflow

When Alice enters “Alice,” the application works as expected, storing her input in memory. However, when Eve inputs too many characters, the CPU overwrites adjacent memory values with the excess data.

buffer flow

Eve’s excessive input caused the CPU to overwrite the return pointer, redirecting it to a location filled with A’s. If Eve gains control of the server, she could replace the A’s with executable code and modify the return pointer to make the CPU run her code.

In simple terms, buffer overflows enable attackers to gain control of a victim’s CPU by strategically overwriting the victim’s memory.