char buf[8]; /* tiny buffer, easy to overflow */

printf("What is your name?\\n");
scanf("%s", buf); /* WRONG */
scanf("%7s", buf); /* RIGHT */

If the user enters a string longer than 7 characters (- 1 for the null terminator), memory behind the buffer buf will be overwritten. This results in undefined behavior. Malicious hackers often exploit this in order to overwrite the return address, and change it to the address of the hacker’s malicious code.