Existence of Stack Overflow Vulnerabilities in Well-known Open Source Projects

10/31/2019
by   Md Masudur Rahman, et al.
0

A stack overflow occurs when a program or process tries to store more data in a buffer (or stack) than it was intended to hold. If the affected program is running with special privileges or accepts data from untrusted network hosts (e.g. a web-server), then it is a potential security vulnerability. Overflowing a stack, an attacker can corrupt the stack in such a way as to inject executable code into the running program and take control of the process. This is one of the easiest and more reliable methods for attackers to gain unauthorized access to a computer. In this paper, we show that how stack overflow occurs and many open source projects, such as - Linux, Git, PHP, etc. contain such code portions in which it is possible to overflow the stacks as well as inject malicious script to harm the normal execution of the processes. In addition, this paper raises a concern to avoid writing such codes those are potentially sources for stack overflow attack.

READ FULL TEXT
research
06/20/2018

Toxic Code Snippets on Stack Overflow

Online code clones are code fragments that are copied from software proj...
research
07/16/2022

Do Fewer Tiers Mean Fewer Tears? Eliminating Web Stack Components to Improve Interoperability

Web applications are structured as multi-tier stacks of components. Each...
research
12/30/2020

Stack-based Buffer Overflow Detection using Recurrent Neural Networks

Detecting vulnerabilities in software is a critical challenge in the dev...
research
11/02/2021

The Security Risk of Lacking Compiler Protection in WebAssembly

WebAssembly is increasingly used as the compilation target for cross-pla...
research
02/22/2019

On Transforming Functions Accessing Global Variables into Logically Constrained Term Rewriting Systems

In this paper, we show a new approach to transformations of an imperativ...
research
01/27/2023

Stack-Aware Hyperproperties

A hyperproperty relates executions of a program and is used to formalize...

Please sign up or login with your details

Forgot password? Click here to reset