Buffer overflow vulnerabilities are a prevalent type of memory safety software design defect that regularly lead to system compromise. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) recognize that memory safety vulnerabilities encompass a wide range of issues—many of which require significant time and effort to properly resolve. While all types of memory safety vulnerabilities can be prevented by using memory safe languages during development, other mitigations may only address certain types of memory safety vulnerabilities. Regardless, buffer overflow vulnerabilities are a well understood subset of memory safety vulnerability and can be addressed by using memory safe languages and other proven techniques listed in this Alert. Despite the existence of well-documented, effective mitigations for buffer overflow vulnerabilities, many manufacturers continue to use unsafe software development practices that allow these vulnerabilities to persist. For these reasons—as well as the damage exploitation of these defects can cause—CISA, FBI, and others1 designate buffer overflow vulnerabilities as unforgivable defects.