CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5215 vulnerabilities reference this CWE, most recent first.
GHSA-FVCG-H832-4GCF
Vulnerability from github – Published: 2024-05-22 18:30 – Updated: 2024-08-19 21:35xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2024-29421"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T18:15:09Z",
"severity": "MODERATE"
},
"details": "xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code.",
"id": "GHSA-fvcg-h832-4gcf",
"modified": "2024-08-19T21:35:07Z",
"published": "2024-05-22T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29421"
},
{
"type": "WEB",
"url": "https://github.com/SpikeReply/advisories/blob/530dbd7ce68600a22c47dd1bcbe360220feda1d9/cve/xmedcon/cve-2024-29421.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVFX-J89J-56CF
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2021-33019"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-30T18:15:00Z",
"severity": "HIGH"
},
"details": "A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.",
"id": "GHSA-fvfx-j89j-56cf",
"modified": "2022-05-24T19:12:28Z",
"published": "2022-05-24T19:12:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33019"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-238-04"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1059"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FVHG-7469-PQ78
Vulnerability from github – Published: 2024-05-15 00:30 – Updated: 2024-05-15 00:30There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
{
"affected": [],
"aliases": [
"CVE-2024-31466"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T22:15:09Z",
"severity": "CRITICAL"
},
"details": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n",
"id": "GHSA-fvhg-7469-pq78",
"modified": "2024-05-15T00:30:36Z",
"published": "2024-05-15T00:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31466"
},
{
"type": "WEB",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVHQ-6PJG-JC69
Vulnerability from github – Published: 2024-08-18 18:30 – Updated: 2024-08-21 21:30A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-7909"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-18T18:15:04Z",
"severity": "HIGH"
},
"details": "A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-fvhq-6pjg-jc69",
"modified": "2024-08-21T21:30:46Z",
"published": "2024-08-18T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7909"
},
{
"type": "WEB",
"url": "https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setLanguageCfg_bof"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.275035"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.275035"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.388436"
},
{
"type": "WEB",
"url": "https://www.totolink.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FVJ3-WM3X-CVHJ
Vulnerability from github – Published: 2025-10-24 18:31 – Updated: 2025-10-24 21:31D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.
{
"affected": [],
"aliases": [
"CVE-2025-60558"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-24T16:22:31Z",
"severity": "HIGH"
},
"details": "D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ.",
"id": "GHSA-fvj3-wm3x-cvhj",
"modified": "2025-10-24T21:31:11Z",
"published": "2025-10-24T18:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60558"
},
{
"type": "WEB",
"url": "https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/16-buffer%20overflow-formVirtualServ.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVJ9-WHQH-93FF
Vulnerability from github – Published: 2024-04-29 18:30 – Updated: 2024-07-03 18:37A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1.
{
"affected": [],
"aliases": [
"CVE-2024-34020"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-29T16:15:35Z",
"severity": "MODERATE"
},
"details": "A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1.",
"id": "GHSA-fvj9-whqh-93ff",
"modified": "2024-07-03T18:37:18Z",
"published": "2024-04-29T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34020"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1223534"
},
{
"type": "WEB",
"url": "http://ftp.kaist.ac.kr/hangul/code/hcode"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FW5X-PJ29-22M6
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-16 18:31Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
{
"affected": [],
"aliases": [
"CVE-2025-71025"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T16:16:05Z",
"severity": "HIGH"
},
"details": "Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.",
"id": "GHSA-fw5x-pj29-22m6",
"modified": "2026-01-16T18:31:23Z",
"published": "2026-01-13T18:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71025"
},
{
"type": "WEB",
"url": "https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-3/10/1.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FW75-HWPP-7CM4
Vulnerability from github – Published: 2024-01-16 18:31 – Updated: 2024-01-16 18:31A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-0578"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-16T16:15:15Z",
"severity": "HIGH"
},
"details": "A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-fw75-hwpp-7cm4",
"modified": "2024-01-16T18:31:10Z",
"published": "2024-01-16T18:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0578"
},
{
"type": "WEB",
"url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/8/README.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.250794"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.250794"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FW86-52FV-6JPX
Vulnerability from github – Published: 2024-03-17 06:30 – Updated: 2024-03-17 06:30A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-2547"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-17T04:15:06Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-fw86-52fv-6jpx",
"modified": "2024-03-17T06:30:29Z",
"published": "2024-03-17T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2547"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/R7WebsSecurityHandler.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.257000"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.257000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FW9R-WF7J-MG52
Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-05 18:31Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.
{
"affected": [],
"aliases": [
"CVE-2025-70218"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T18:16:11Z",
"severity": "CRITICAL"
},
"details": "Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.",
"id": "GHSA-fw9r-wf7j-mg52",
"modified": "2026-03-05T18:31:36Z",
"published": "2026-03-04T18:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70218"
},
{
"type": "WEB",
"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2025-70218"
},
{
"type": "WEB",
"url": "https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-513"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.