CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5215 vulnerabilities reference this CWE, most recent first.
GHSA-F6HV-C34J-XJPH
Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-15 18:31An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters.
{
"affected": [],
"aliases": [
"CVE-2023-43683"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T17:15:33Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters.",
"id": "GHSA-f6hv-c34j-xjph",
"modified": "2025-08-15T18:31:11Z",
"published": "2025-08-14T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43683"
},
{
"type": "WEB",
"url": "https://www.malwarebytes.com/secure/cves/cve-2023-43683"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F6V5-HJXR-P24J
Vulnerability from github – Published: 2024-07-08 12:31 – Updated: 2024-07-11 15:30The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
{
"affected": [],
"aliases": [
"CVE-2024-27459"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-08T11:15:10Z",
"severity": "HIGH"
},
"details": "The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.",
"id": "GHSA-f6v5-hjxr-p24j",
"modified": "2024-07-11T15:30:44Z",
"published": "2024-07-08T12:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27459"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27459"
},
{
"type": "WEB",
"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F755-P72C-MHGQ
Vulnerability from github – Published: 2024-04-24 15:30 – Updated: 2024-04-24 15:30A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. This vulnerability affects the function sub_42D4DC of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-4113"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-24T15:15:48Z",
"severity": "HIGH"
},
"details": "A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. This vulnerability affects the function sub_42D4DC of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-f755-p72c-mhgq",
"modified": "2024-04-24T15:30:36Z",
"published": "2024-04-24T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4113"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/fromSetSysTime.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.261856"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.261856"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.317217"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F7GP-8JP4-WWJ5
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-07-03 18:41Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.
{
"affected": [],
"aliases": [
"CVE-2024-34946"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:39:38Z",
"severity": "MODERATE"
},
"details": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.",
"id": "GHSA-f7gp-8jp4-wwj5",
"modified": "2024-07-03T18:41:08Z",
"published": "2024-05-14T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34946"
},
{
"type": "WEB",
"url": "https://palm-vertebra-fe9.notion.site/fromDhcpListClient_page-c9ee71f670534555a5ef2d99320da48e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F7Q5-J64X-4X4P
Vulnerability from github – Published: 2025-11-13 12:31 – Updated: 2025-11-13 12:31Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-7704"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-13T10:15:54Z",
"severity": "MODERATE"
},
"details": "Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability",
"id": "GHSA-f7q5-j64x-4x4p",
"modified": "2025-11-13T12:31:42Z",
"published": "2025-11-13T12:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7704"
},
{
"type": "WEB",
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F854-G8C6-MQ5Q
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24110.
{
"affected": [],
"aliases": [
"CVE-2024-9726"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T21:15:25Z",
"severity": "HIGH"
},
"details": "Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24110.",
"id": "GHSA-f854-g8c6-mq5q",
"modified": "2024-11-22T21:32:20Z",
"published": "2024-11-22T21:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9726"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1475"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F869-2W7M-Q4P9
Vulnerability from github – Published: 2026-01-23 18:31 – Updated: 2026-01-23 18:31dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to potentially execute arbitrary code on the Windows system.
{
"affected": [],
"aliases": [
"CVE-2021-47881"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-23T17:15:51Z",
"severity": "MODERATE"
},
"details": "dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to potentially execute arbitrary code on the Windows system.",
"id": "GHSA-f869-2w7m-q4p9",
"modified": "2026-01-23T18:31:29Z",
"published": "2026-01-23T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47881"
},
{
"type": "WEB",
"url": "https://www.ddc-web.com"
},
{
"type": "WEB",
"url": "https://www.ddc-web.com/en/connectivity/databus/milstd1553-1/software-1/bu-69414?partNumber=BU-69414"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/49577"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/datasims-avionics-arinc-local-buffer-overflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F8CC-G7J8-XXPM
Vulnerability from github – Published: 2022-12-30 16:58 – Updated: 2022-12-30 16:58Impact
The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream.
Patches
XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead.
Workarounds
The only solution is to catch the StackOverflowError in the client code calling XStream.
References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for CVE-2022-40151.
Credits
The vulnerability was discovered and reported by Henry Lin of the Google OSS-Fuzz team.
For more information
If you have any questions or comments about this advisory: * Open an issue in XStream * Contact us at XStream Google Group
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.thoughtworks.xstream:xstream"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-40151"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-502",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T16:58:39Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nThe vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream.\n\n### Patches\nXStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead.\n\n### Workarounds\nThe only solution is to catch the StackOverflowError in the client code calling XStream.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream\u0027s documentation for [CVE-2022-40151](https://x-stream.github.io/CVE-2022-40151.html).\n\n### Credits\nThe vulnerability was discovered and reported by Henry Lin of the Google OSS-Fuzz team.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)\n",
"id": "GHSA-f8cc-g7j8-xxpm",
"modified": "2022-12-30T16:58:39Z",
"published": "2022-12-30T16:58:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-f8cc-g7j8-xxpm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151"
},
{
"type": "WEB",
"url": "https://github.com/x-stream/xstream/issues/304"
},
{
"type": "WEB",
"url": "https://github.com/x-stream/xstream/issues/314"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367"
},
{
"type": "PACKAGE",
"url": "https://github.com/x-stream/xstream"
},
{
"type": "WEB",
"url": "https://x-stream.github.io/CVE-2022-40151.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow"
}
GHSA-F8FG-9V3C-G666
Vulnerability from github – Published: 2024-03-28 15:30 – Updated: 2024-08-01 15:31Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function.
{
"affected": [],
"aliases": [
"CVE-2024-30583"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T14:15:14Z",
"severity": "HIGH"
},
"details": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function.",
"id": "GHSA-f8fg-9v3c-g666",
"modified": "2024-08-01T15:31:34Z",
"published": "2024-03-28T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30583"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_mitInterface.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F8Q2-J8XF-7XHH
Vulnerability from github – Published: 2024-04-27 21:30 – Updated: 2024-04-27 21:30A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-4291"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-27T20:15:07Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-f8q2-j8xf-7xhh",
"modified": "2024-04-27T21:30:30Z",
"published": "2024-04-27T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4291"
},
{
"type": "WEB",
"url": "https://github.com/L1ziang/Vulnerability/blob/main/formAddMacfilterRule.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.262223"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.262223"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.320672"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.