CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5212 vulnerabilities reference this CWE, most recent first.
GHSA-J2C6-77X8-863M
Vulnerability from github – Published: 2024-07-16 18:31 – Updated: 2024-08-01 15:32Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter.
{
"affected": [],
"aliases": [
"CVE-2024-33181"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-16T18:15:07Z",
"severity": "HIGH"
},
"details": "Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter.",
"id": "GHSA-j2c6-77x8-863m",
"modified": "2024-08-01T15:32:01Z",
"published": "2024-07-16T18:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33181"
},
{
"type": "WEB",
"url": "https://palm-vertebra-fe9.notion.site/addWifiMacFilter_2-0f7fab42d4254867b46fe92b25dc7c40"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2HQ-24XQ-XCJR
Vulnerability from github – Published: 2023-03-28 21:30 – Updated: 2025-11-04 21:30This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.
{
"affected": [],
"aliases": [
"CVE-2022-0194"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-28T19:15:00Z",
"severity": "CRITICAL"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.",
"id": "GHSA-j2hq-24xq-xcjr",
"modified": "2025-11-04T21:30:33Z",
"published": "2023-03-28T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0194"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"type": "WEB",
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/709991"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2PH-F4FJ-M4R3
Vulnerability from github – Published: 2026-02-05 18:30 – Updated: 2026-02-05 18:30Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters.
{
"affected": [],
"aliases": [
"CVE-2020-37127"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-05T17:16:07Z",
"severity": "MODERATE"
},
"details": "Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters.",
"id": "GHSA-j2ph-f4fj-m4r3",
"modified": "2026-02-05T18:30:31Z",
"published": "2026-02-05T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37127"
},
{
"type": "WEB",
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/48301"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/dnsmasq-utils-dhcprelease-denial-of-service"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J2Q7-6Q2X-2Q9P
Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2024-04-04 08:56TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.
{
"affected": [],
"aliases": [
"CVE-2023-46564"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T18:17:39Z",
"severity": "CRITICAL"
},
"details": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.",
"id": "GHSA-j2q7-6q2x-2q9p",
"modified": "2024-04-04T08:56:37Z",
"published": "2023-10-25T18:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46564"
},
{
"type": "WEB",
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/6/1.md"
},
{
"type": "WEB",
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download\u0026id=85\u0026ids=36"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2RH-9HJF-9V46
Vulnerability from github – Published: 2025-05-18 21:30 – Updated: 2025-05-18 21:30A vulnerability was found in code-projects Police Station Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function criminal::remove of the file source.cpp of the component Delete Record. The manipulation of the argument No leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-4892"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-18T19:15:19Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in code-projects Police Station Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function criminal::remove of the file source.cpp of the component Delete Record. The manipulation of the argument No leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-j2rh-9hjf-9v46",
"modified": "2025-05-18T21:30:20Z",
"published": "2025-05-18T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4892"
},
{
"type": "WEB",
"url": "https://code-projects.org"
},
{
"type": "WEB",
"url": "https://github.com/zzzxc643/cve/blob/main/Police-StationManagementSystem2.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.309445"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.309445"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.577501"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J2V6-5MGP-W77V
Vulnerability from github – Published: 2024-04-23 15:30 – Updated: 2024-08-16 18:30Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm.
{
"affected": [],
"aliases": [
"CVE-2024-33212"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-23T15:15:50Z",
"severity": "HIGH"
},
"details": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm.",
"id": "GHSA-j2v6-5mgp-w77v",
"modified": "2024-08-16T18:30:56Z",
"published": "2024-04-23T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33212"
},
{
"type": "WEB",
"url": "https://palm-vertebra-fe9.notion.site/formSetCfm-7d199da0fd0740988a498304905e2dd1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J336-77C5-WRMX
Vulnerability from github – Published: 2026-01-29 15:30 – Updated: 2026-01-29 15:30Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload.
{
"affected": [],
"aliases": [
"CVE-2020-37001"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-29T15:16:06Z",
"severity": "HIGH"
},
"details": "Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the \u0027Archive To\u0027 input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload.",
"id": "GHSA-j336-77c5-wrmx",
"modified": "2026-01-29T15:30:28Z",
"published": "2026-01-29T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37001"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20171116000613/http://www.frigate3.com/index.php"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/48688"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/frigate-professional-pack-file-buffer-overflow-seh-egghunter"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J3CP-7WH4-9F6C
Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2026-03-31 18:31When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2025-53521"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T14:15:48Z",
"severity": "HIGH"
},
"details": "When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-j3cp-7wh4-9f6c",
"modified": "2026-03-31T18:31:25Z",
"published": "2025-10-15T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53521"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000156741"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J3GR-CVWW-7M69
Vulnerability from github – Published: 2025-01-30 21:31 – Updated: 2025-01-30 21:31AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24772.
{
"affected": [],
"aliases": [
"CVE-2024-11609"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-30T21:15:13Z",
"severity": "HIGH"
},
"details": "AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24772.",
"id": "GHSA-j3gr-cvww-7m69",
"modified": "2025-01-30T21:31:23Z",
"published": "2025-01-30T21:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11609"
},
{
"type": "WEB",
"url": "https://certvde.com/en/bulletins/bulletins/2182-automationdirect-c-more-ea9-programming-software"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1673"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3PJ-94WW-QQ3J
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2021-27413"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-13T19:15:00Z",
"severity": "HIGH"
},
"details": "Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.",
"id": "GHSA-j3pj-94ww-qq3j",
"modified": "2022-05-24T19:02:18Z",
"published": "2022-05-24T19:02:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27413"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-01"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-588"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.