CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5214 vulnerabilities reference this CWE, most recent first.
GHSA-G2VX-PRH9-62C4
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Secure Boot Security Feature Bypass Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-26180"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:36Z",
"severity": "HIGH"
},
"details": "Secure Boot Security Feature Bypass Vulnerability",
"id": "GHSA-g2vx-prh9-62c4",
"modified": "2024-04-09T18:30:25Z",
"published": "2024-04-09T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26180"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26180"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G2WH-GHM8-WH32
Vulnerability from github – Published: 2023-10-11 18:30 – Updated: 2025-11-04 21:30A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.
{
"affected": [],
"aliases": [
"CVE-2023-35055"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-11T16:15:13Z",
"severity": "CRITICAL"
},
"details": "A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.",
"id": "GHSA-g2wh-ghm8-wh32",
"modified": "2025-11-04T21:30:44Z",
"published": "2023-10-11T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35055"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1761"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G382-2692-6X82
Vulnerability from github – Published: 2026-02-07 00:30 – Updated: 2026-02-07 00:30Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
{
"affected": [],
"aliases": [
"CVE-2020-37159"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-07T00:15:55Z",
"severity": "HIGH"
},
"details": "Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.",
"id": "GHSA-g382-2692-6x82",
"modified": "2026-02-07T00:30:28Z",
"published": "2026-02-07T00:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37159"
},
{
"type": "WEB",
"url": "https://en.softonic.com/author/pxcompany"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/48087"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/cuckoo-clock-buffer-overflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G3FV-XJ43-XG82
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18454.
{
"affected": [],
"aliases": [
"CVE-2023-32144"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T02:15:18Z",
"severity": "HIGH"
},
"details": "D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18454.",
"id": "GHSA-g3fv-xj43-xg82",
"modified": "2024-05-03T03:30:50Z",
"published": "2024-05-03T03:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32144"
},
{
"type": "WEB",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-536"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G3JM-X33W-9Q5W
Vulnerability from github – Published: 2024-08-23 18:33 – Updated: 2024-08-23 21:30Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.
{
"affected": [],
"aliases": [
"CVE-2024-44386"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-23T16:15:07Z",
"severity": "HIGH"
},
"details": "Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.",
"id": "GHSA-g3jm-x33w-9q5w",
"modified": "2024-08-23T21:30:42Z",
"published": "2024-08-23T18:33:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44386"
},
{
"type": "WEB",
"url": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow2.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-G3M9-67HP-Q26F
Vulnerability from github – Published: 2024-01-10 15:30 – Updated: 2024-01-10 15:30The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
{
"affected": [],
"aliases": [
"CVE-2023-48265"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-10T13:15:48Z",
"severity": "HIGH"
},
"details": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.",
"id": "GHSA-g3m9-67hp-q26f",
"modified": "2024-01-10T15:30:19Z",
"published": "2024-01-10T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48265"
},
{
"type": "WEB",
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G3W4-73XH-8JRW
Vulnerability from github – Published: 2024-03-27 15:30 – Updated: 2024-03-27 15:30A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-2976"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-27T14:15:12Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-g3w4-73xh-8jrw",
"modified": "2024-03-27T15:30:38Z",
"published": "2024-03-27T15:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2976"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.258145"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.258145"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.300997"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G42G-W9J9-78HJ
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2026-10898"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:16:51Z",
"severity": "HIGH"
},
"details": "Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-g42g-w9j9-78hj",
"modified": "2026-06-05T03:31:30Z",
"published": "2026-06-05T00:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10898"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513946753"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G42R-FH8W-CM5M
Vulnerability from github – Published: 2025-01-09 09:31 – Updated: 2025-01-09 15:31There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701.
Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web server, an attacker is very likely to be able to find these vulnerabilities.
Impact: Low – Usually, overflowing one of these buffers just causes a segmentation fault of the CGI binary, which causes the web server to return a 502 Bad Gateway error. However the webserver itself is not affected, and no DoS can be achieved. Abusing these buffer overflows in a meaningful way requires highly technical knowledge, especially since ASLR also seems to be enabled on the charging station. However, a skilled attacker might be able to use one of these buffer overflows to obtain remote code execution.
CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack has a small impact on the availability of the device (VC:N/VI:N/VA:L). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect this vulnerability to have a safety impact. The attack can be automated (AU:Y).
{
"affected": [],
"aliases": [
"CVE-2024-43663"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T08:15:29Z",
"severity": "MODERATE"
},
"details": "There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701.\n\nLikelihood: High \u2013 Given the prevalence of these buffer overflows, and the clear error message of the web server, an attacker is very likely to be able to find these vulnerabilities.\n\nImpact: Low \u2013 Usually, overflowing one of these buffers just causes a segmentation fault of the CGI binary, which causes the web server to return a 502 Bad Gateway error. However the webserver itself is not affected, and no DoS can be achieved. Abusing these buffer overflows in a meaningful way requires highly technical knowledge, especially since ASLR also seems to be enabled on the charging station. However, a skilled attacker might be able to use one of these buffer overflows to obtain remote code execution.\n\nCVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack has a small impact on the availability of the device (VC:N/VI:N/VA:L). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect\u00a0 this vulnerability to have a safety impact. The attack can be automated (AU:Y).",
"id": "GHSA-g42r-fh8w-cm5m",
"modified": "2025-01-09T15:31:51Z",
"published": "2025-01-09T09:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43663"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/CVE-2024-43663"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/DIVD-2024-00035"
},
{
"type": "WEB",
"url": "https://iocharger.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G4CF-3PJW-W4XJ
Vulnerability from github – Published: 2025-05-08 21:32 – Updated: 2025-05-12 21:31TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.
{
"affected": [],
"aliases": [
"CVE-2025-45797"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-08T20:15:30Z",
"severity": "MODERATE"
},
"details": "TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.",
"id": "GHSA-g4cf-3pjw-w4xj",
"modified": "2025-05-12T21:31:08Z",
"published": "2025-05-08T21:32:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45797"
},
{
"type": "WEB",
"url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setNoticeCFG-NoticURL-buffer.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.