Editing Crash (computing) (section)

==Security and privacy implications of crashes==
Depending on the application, the crash may contain the user's sensitive and [[information privacy|private information]].<ref>{{cite arXiv|title=Crashing Privacy: An Autopsy of a Web Browser's Leaked Crash Reports|eprint=1808.01718|last1=Satvat|first1=Kiavash|last2=Saxena|first2=Nitesh|year=2018|class=cs.CR}}</ref> Moreover, many software bugs which cause crashes are also [[Exploit (computer security)|exploitable]] for [[arbitrary code execution]] and other types of [[privilege escalation]].<ref>{{cite web|url=http://msdn.microsoft.com/en-us/magazine/cc163311.aspx|title=Analyze Crashes to Find Security Vulnerabilities in Your Apps|publisher=Msdn.microsoft.com|date=2007-04-26|access-date=2014-06-26|archive-date=11 December 2011|archive-url=https://web.archive.org/web/20111211180422/http://msdn.microsoft.com/en-us/magazine/cc163311.aspx|url-status=live}}</ref><ref>{{cite web|url=http://www.squarefree.com/2006/11/01/memory-safety-bugs-in-c-code/|title=Jesse Ruderman » Memory safety bugs in C++ code|publisher=Squarefree.com|date=2006-11-01|access-date=2014-06-26|archive-date=11 December 2013|archive-url=https://web.archive.org/web/20131211092447/http://www.squarefree.com/2006/11/01/memory-safety-bugs-in-c-code/|url-status=live}}</ref> For example, a [[stack buffer overflow]] can overwrite the return address of a subroutine with an invalid value, which will cause, e.g., a [[segmentation fault]], when the subroutine returns. However, if an exploit overwrites the return address with a valid value, the code in that address will be executed.