🛡️ Free practice test question from: buffer overflow (Security+)

The scenario describes attackers exploiting a vulnerability by sending oversized input to a specific input field, allowing them to overwrite the application's memory and execute arbitrary commands. Given that the application is written in C++, which typically uses stack memory for local variables, the most likely type of buffer overflow attack in this context is a stack-based buffer overflow.

A) Heap-based buffer overflow: This involves overwriting data in the heap memory, which is used for dynamic memory allocation. Typically involves overwriting memory allocated using functions like malloc() or new. While possible, the description more closely aligns with stack memory manipulation.

B) Format string attack: This exploits improper handling of format strings (e.g., using user input directly in printf-style functions). The scenario describes an oversized input, not a misuse of format specifiers.

D) Off-by-one error: This is a specific type of buffer overflow where only one byte is overwritten, typically not sufficient for executing arbitrary commands.