CAS-002 · Question #2
Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?
The correct answer is B. Standard libraries. Unsafe standard library functions (such as strcpy or gets in C/C++) lack bounds checking, making them a direct enabler of buffer overflow vulnerabilities when used in application development.
Question
Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?
Options
- ASecure cookie storage
- BStandard libraries
- CState management
- DInput validation
How the community answered
(63 responses)- A10% (6)
- B86% (54)
- C2% (1)
- D3% (2)
Why each option
Unsafe standard library functions (such as strcpy or gets in C/C++) lack bounds checking, making them a direct enabler of buffer overflow vulnerabilities when used in application development.
Secure cookie storage is a mechanism for protecting session tokens and does not relate to memory buffer management or overflow vulnerabilities.
Many functions in standard C/C++ libraries - such as strcpy(), gets(), and sprintf() - do not perform boundary checks on destination buffers. When developers use these functions without additional validation, they allow input data to exceed allocated memory regions, which is the core mechanism of a buffer overflow attack. Modern secure replacements like strncpy() or fgets() exist precisely to mitigate this risk.
State management governs application workflow and session data consistency but has no direct bearing on memory allocation boundaries that buffer overflows exploit.
Input validation is a defensive control that prevents buffer overflows by rejecting or sanitizing oversized input before it reaches vulnerable functions.
Concept tested: Unsafe standard library functions enabling buffer overflows
Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Topics
Community Discussion
No community discussion yet for this question.