FBI and CISA have issued a joint advisory to warn software developers against building codes with Buffer Overflow vulnerabilities in them, calling them “unforgivable” mistakes.
Tagging the advisory as part of their ongoing “Secure by Design” efforts, the authorities said these vulnerabilities are prevalent in software, including vendors like Microsoft, VMware, and Ivanti, that lead to full system compromise.
“CISA and FBI maintain that the use of unsafe software development practices that allow the persistence of buffer overflow vulnerabilities — especially the use of memory-unsafe programming languages — poses unacceptable risk to our national and economic security,” the authorities said.
Buffer overflow defect is a memory safety vulnerability that stems from a program reading or writing memory beyond allocated boundaries by failing to initialize memory properly.
Buffer Overflow bugs are unforgivable
“The CISA and FBI recognize that memory safety vulnerabilities encompass a wide range of issues — many of which require significant time and effort to properly resolve,” the advisory added. “While all types of memory safety vulnerabilities can be prevented by using memory safe languages during development, other mitigations may only address certain types of memory safety vulnerabilities.”
The advisory pointed out that buffer overflow flaws are well-understood vulnerabilities and are easily avoidable by using memory-safe languages. It also listed additional techniques to help fix these issues.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
