- When. a string longer than expected length is written to memory
- An attacker may be able to insert instructions into a string
- Attempt to execute code in the stack portion of the memory and get the code to return a memory address to a malicious file
Heart bleed
• An example of a buffer underflow attack