nerdexam
EC-Council

312-50V9 · Question #316

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code: #include <string.h> int main(){ char buffer[

The correct answer is D. C++. C++ lacks built-in bounds checking on array and buffer operations, making it susceptible to buffer overflow attacks when unsafe functions like strcpy() write beyond allocated memory.

System Hacking

Question

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code:

#include <string.h> int main(){ char buffer[8]; strcpy(buffer, ""11111111111111111111111111111""); } Output:

Segmentation fault

Options

  • AC#
  • BPython
  • CJava
  • DC++

How the community answered

(38 responses)
  • A
    3% (1)
  • B
    5% (2)
  • C
    3% (1)
  • D
    89% (34)

Why each option

C++ lacks built-in bounds checking on array and buffer operations, making it susceptible to buffer overflow attacks when unsafe functions like strcpy() write beyond allocated memory.

AC#

C# is a managed language running on the .NET CLR, which enforces array bounds at runtime and throws an IndexOutOfRangeException rather than allowing a buffer overflow.

BPython

Python manages memory dynamically through its interpreter and automatically resizes string and buffer objects, making traditional buffer overflow attacks impossible in pure Python code.

CJava

Java runs on the JVM, which performs automatic bounds checking on all array accesses and throws an ArrayIndexOutOfBoundsException, preventing buffer overflows entirely.

DC++Correct

C++ inherits C's low-level memory model and provides no automatic bounds checking on arrays or string operations; the strcpy() function in the example blindly copies a 29-character string into an 8-byte buffer, overwriting adjacent memory and causing the segmentation fault shown. Unlike managed languages, C++ gives the programmer direct memory control without runtime safety nets, making this class of vulnerability possible.

Concept tested: Buffer overflow vulnerability in unmanaged languages

Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow

Topics

#buffer overflow#C++#bounds checking#memory safety

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice