CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5213 vulnerabilities reference this CWE, most recent first.
GHSA-GRHV-WQP6-MHVX
Vulnerability from github – Published: 2025-08-25 15:32 – Updated: 2025-11-03 21:34A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6:
else if (tag==6) // 0x06 "number of sequences"
{
// NRec
if (len>4) fprintf(stderr,"Warning MFER tag6 incorrect length %i>4\n",len);
curPos += ifread(buf,1,len,hdr);
{
"affected": [],
"aliases": [
"CVE-2025-54484"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-25T14:15:34Z",
"severity": "CRITICAL"
},
"details": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6:\n\n\t\t\t\telse if (tag==6) \t// 0x06 \"number of sequences\"\n\t\t\t\t{\n\t\t\t\t\t// NRec\n\t\t\t\t\tif (len\u003e4) fprintf(stderr,\"Warning MFER tag6 incorrect length %i\u003e4\\n\",len);\n\t\t\t\t\tcurPos += ifread(buf,1,len,hdr);",
"id": "GHSA-grhv-wqp6-mhvx",
"modified": "2025-11-03T21:34:23Z",
"published": "2025-08-25T15:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54484"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2234"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRMC-8W5P-47X7
Vulnerability from github – Published: 2024-08-26 15:31 – Updated: 2024-08-26 15:31Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.
{
"affected": [],
"aliases": [
"CVE-2024-44558"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-26T13:15:05Z",
"severity": "HIGH"
},
"details": "Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.",
"id": "GHSA-grmc-8w5p-47x7",
"modified": "2024-08-26T15:31:15Z",
"published": "2024-08-26T15:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44558"
},
{
"type": "WEB",
"url": "https://detailed-stetson-767.notion.site/Tenda-AX1806-Buffer-Overflow-in-setIptvInfo-5aee8fa8b7754d319ee35027d3628f2e?pvs=4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRQ5-CG54-WP35
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-07-03 18:41TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
{
"affected": [],
"aliases": [
"CVE-2024-34308"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:38:38Z",
"severity": "HIGH"
},
"details": "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.",
"id": "GHSA-grq5-cg54-wp35",
"modified": "2024-07-03T18:41:05Z",
"published": "2024-05-14T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34308"
},
{
"type": "WEB",
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRVX-723J-W74G
Vulnerability from github – Published: 2026-02-13 00:32 – Updated: 2026-02-13 00:32AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2019-25331"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-12T23:16:05Z",
"severity": "HIGH"
},
"details": "AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the \u0027Exit folder\u0027 input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code.",
"id": "GHSA-grvx-723j-w74g",
"modified": "2026-02-13T00:32:52Z",
"published": "2026-02-13T00:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25331"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/47788"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/avs-audio-converter-exit-folder-buffer-overflow"
},
{
"type": "WEB",
"url": "http://www.avs4you.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GRW7-F5C2-VC83
Vulnerability from github – Published: 2024-07-19 18:31 – Updated: 2024-08-01 15:32A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
{
"affected": [],
"aliases": [
"CVE-2024-41492"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-19T17:15:03Z",
"severity": "HIGH"
},
"details": "A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GHSA-grw7-f5c2-vc83",
"modified": "2024-08-01T15:32:06Z",
"published": "2024-07-19T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41492"
},
{
"type": "WEB",
"url": "https://gist.github.com/Swind1er/4176fdc25e415296904c9fb19e2f8293"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GV69-7Q7F-C8FH
Vulnerability from github – Published: 2025-01-17 03:30 – Updated: 2025-01-17 03:30Fuji Electric Alpha5 SMART
is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2024-34579"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-17T01:15:22Z",
"severity": "HIGH"
},
"details": "Fuji Electric Alpha5 SMART \n\nis vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.",
"id": "GHSA-gv69-7q7f-c8fh",
"modified": "2025-01-17T03:30:29Z",
"published": "2025-01-17T03:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34579"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GV9M-9FJQ-VFQQ
Vulnerability from github – Published: 2025-02-11 18:31 – Updated: 2025-02-11 18:31A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
{
"affected": [],
"aliases": [
"CVE-2025-22467"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T16:15:50Z",
"severity": "CRITICAL"
},
"details": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.",
"id": "GHSA-gv9m-9fjq-vfqq",
"modified": "2025-02-11T18:31:34Z",
"published": "2025-02-11T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22467"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GVCC-MWHQ-CCVW
Vulnerability from github – Published: 2024-09-16 14:37 – Updated: 2024-09-16 14:37The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
{
"affected": [],
"aliases": [
"CVE-2024-45695"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-16T07:15:02Z",
"severity": "CRITICAL"
},
"details": "The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.",
"id": "GHSA-gvcc-mwhq-ccvw",
"modified": "2024-09-16T14:37:28Z",
"published": "2024-09-16T14:37:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45695"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GVF2-9PVF-3985
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-28928"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:15Z",
"severity": "HIGH"
},
"details": "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability",
"id": "GHSA-gvf2-9pvf-3985",
"modified": "2024-07-09T18:30:49Z",
"published": "2024-07-09T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28928"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GVF4-7544-2WH5
Vulnerability from github – Published: 2024-03-29 15:30 – Updated: 2024-07-03 18:33Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function.
{
"affected": [],
"aliases": [
"CVE-2024-30623"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-29T13:15:15Z",
"severity": "MODERATE"
},
"details": "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function.",
"id": "GHSA-gvf4-7544-2wh5",
"modified": "2024-07-03T18:33:58Z",
"published": "2024-03-29T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30623"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_page.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.