Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does Java have buffer overflows?

Does Java have buffer overflows? If yes can you give me scenarios?

like image 606
ecleel Avatar asked Jan 26 '09 12:01

ecleel


People also ask

What is buffer overrun in Java?

Buffer overflow occurs when data is input or written beyond the allocated bounds of an object, causing a program crash or creating a vulnerability that attackers might exploit.

What is the risk to Java from buffer overflow attacks?

Buffer overflows can affect all types of software. They typically result from malformed inputs or failure to allocate enough space for the buffer. If the transaction overwrites executable code, it can cause the program to behave unpredictably and generate incorrect results, memory access errors, or crashes.

Is buffer overflow still possible?

Description. Buffer overflow is probably the best known form of software security vulnerability. Most software developers know what a buffer overflow vulnerability is, but buffer overflow attacks against both legacy and newly-developed applications are still quite common.

Is memcpy () vulnerable to buffer overflow attacks?

The following is the source code of a C program that has a buffer overflow vulnerability: char greeting[5]; memcpy(greeting, "Hello, world!\ n", 15);


2 Answers

Since Java Strings are based on char arrays and Java automatically checks array bounds, buffer overflows are only possible in unusual scenarios:

  1. If you call native code via JNI
  2. In the JVM itself (usually written in C++)
  3. The interpreter or JIT compiler does not work correctly (Java bytecode mandated bounds checks)
like image 78
Michael Borgwardt Avatar answered Oct 06 '22 09:10

Michael Borgwardt


Managed languages such as Java and C# do not have these problems, but the specific virtual machines (JVM/CLR/etc) which actually run the code may.

like image 40
Brian Rasmussen Avatar answered Oct 06 '22 08:10

Brian Rasmussen