A buffer overflow is when a string longer than expected is written to a buffer to force the program to return a different memory address than expected
Can be used write a string larger than the buffer size to force it to point to a memory address of a malicious executable
Heartbleed
Heartbleed is an example of a Buffer underflow attack
Heartbleed takes advantage of a vulnerability with OpenSSL where the attacker uses the heartbeat of SSL to send a message of smaller size than the server expects
Sending a message Hello and providing metadata that the message is 500 bytes long
This may cause leaks of whatever is on the server’s memory