LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What protections exist against buffer overflow exploits and how does each work?

Four layers: stack canaries, ASLR, DEP/NX, and safe coding — each individually bypassable, but together extremely effective.

Four buffer-overflow defenses fanning from a hub: stack canary, ASLR, DEP/NX, safe coding.

* Layered defenses — stack canaries, ASLR, DEP/NX and safe coding each block a different stage of the exploit. *

Protection How it works Bypass technique
Stack Canaries Random value between buffer and return address; checked before ret Leak canary via format string or info disclosure
ASLR (Address Space Layout Randomization) Randomizes memory layout each execution Information leaks reveal base addresses
DEP/NX (Data Execution Prevention / No-eXecute) Stack/heap marked non-executable ROP uses existing executable code (no injection needed)
Safe functions Bounded copies (fgets, strncpy) N/A — eliminates the bug class

Defense-in-depth example:

  • Stack canary detects the overflow → program aborts before ret
  • Even if canary is bypassed, ASLR means attacker doesn't know where to jump
  • Even if addresses leak, DEP prevents executing injected shellcode
  • Even if attacker uses ROP, ASLR randomizes gadget locations

Best defense: Layer all protections AND use memory-safe languages where possible.

Go deeper:

From Quiz: SPRG / Buffer Overflow | Updated: Jul 14, 2026