nerdexam
EC-Council

312-50V11 · Question #191

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code: #include <string.h> int main(){ char buffer[

The correct answer is D. C++. C++ inherits C's manual memory management and lacks automatic bounds checking, making it the primary language susceptible to buffer overflow vulnerabilities.

System Hacking

Question

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code:

#include <string.h> int main(){ char buffer[8]; strcpy(buffer, ""11111111111111111111111111111""); } Output:

Segmentation fault

Options

  • AC#
  • BPython
  • CJava
  • DC++

How the community answered

(36 responses)
  • A
    3% (1)
  • C
    3% (1)
  • D
    94% (34)

Why each option

C++ inherits C's manual memory management and lacks automatic bounds checking, making it the primary language susceptible to buffer overflow vulnerabilities.

AC#

C# runs on the .NET CLR, which enforces memory safety and automatic bounds checking, preventing buffer overflow conditions by design.

BPython

Python uses dynamic memory allocation and its runtime enforces strict bounds on all sequence operations, making buffer overflows essentially impossible.

CJava

Java enforces array bounds checking at runtime and uses garbage collection, throwing an ArrayIndexOutOfBoundsException rather than overwriting memory.

DC++Correct

C++ does not perform automatic bounds checking on arrays or string operations, and functions like strcpy() blindly copy data past buffer boundaries. In the example, copying a 29-character string into an 8-byte buffer overwrites adjacent memory, causing a segmentation fault and a classic exploitable condition. Managed languages enforce bounds at runtime, but C++ leaves this responsibility entirely to the developer.

Concept tested: Buffer overflow vulnerability in unmanaged C/C++ code

Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow

Topics

#buffer overflow#bounds checking#C++#memory corruption

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice