Ask HN: How do buffer overflows still happen in spite of ASLR?

4 points by hackerpain ↗ HN
Forgive me for my lack of lower level knowledge. I am kind of interested to know why in spite of advanced ASLR protection Buffer Overflow and Heap Buffer overflow happen in modern software like Chromium browser, surprising to see so many heap overflow bugs in their bug tracker.

Can someone ELI5 how buffer overflow defeats ASLR?

3 comments

[ 1.6 ms ] story [ 23.9 ms ] thread
ASLR doesn’t do anything to prevent buffer overflows; it makes it harder to exploit them.

That doesn’t mean it makes it impossible, and even if it did, the buffer overflow itself still is a bug.

Yes but how does that work? i have heard of unexploitable overflows how does that work?

and hey: Your username tricked me.

Unexploited overflows are like unproven math. You don't know the truth unless somebody happens to succeed. It's a matter of a stubborn smart person putting in lots of clever effort and getting lucky.