The invention relates to a method and an apparatus for locating buffer overflow vulnerability. According to the method and the apparatus, outdated data information on a stack can be used to reestablish a function calling relation chain in the case that buffer overflow at the stack covers a stack frame address and a function return address, and an overflow function can be further directly located by virtue of the reestablished function calling relation chain. The method comprises the following steps: when the buffer overflow occurs, allowing a current program to be interrupted by an error so as to avoid the execution of a malicious code; taking an address indicated by a current ESP register as a starting point, and successively finding and determining an outdated stack frame pointer and an outdated return address from outdated data on the stack, wherein a value of the outdated return address is the return address of a last sub-function called by the overflow function, and a function corresponding to the return address is the overflow function. According to the method and the apparatus, a novel way of directly locating the overflow function rather than the way of adopting a stack calling function for successively backtrackeing is used, a vulnerability function is located by using the outdated data on the stack, different situations are classified to be processed, so that the outdated data can be reused, and the overflow function and the overflow address can be rapidly located.