Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5212 vulnerabilities reference this CWE, most recent first.

GHSA-JPGM-G5CC-54QG

Vulnerability from github – Published: 2024-12-06 18:30 – Updated: 2024-12-06 18:30
VLAI
Details

The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-06T18:15:25Z",
    "severity": "CRITICAL"
  },
  "details": "The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution.",
  "id": "GHSA-jpgm-g5cc-54qg",
  "modified": "2024-12-06T18:30:46Z",
  "published": "2024-12-06T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48871"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02"
    },
    {
      "type": "WEB",
      "url": "https://www.planet.com.tw/en/support/downloads?method=keyword\u0026keyword=v1.305b241111"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JPV7-733X-P7QW

Vulnerability from github – Published: 2024-07-26 21:31 – Updated: 2024-07-26 21:31
VLAI
Details

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-26T20:15:03Z",
    "severity": "HIGH"
  },
  "details": "A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.",
  "id": "GHSA-jpv7-733x-p7qw",
  "modified": "2024-07-26T21:31:15Z",
  "published": "2024-07-26T21:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38509"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-156781"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JPW5-97M6-C8M2

Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2025-12-18 00:34
VLAI
Details

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1125"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-23T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",
  "id": "GHSA-jpw5-97m6-c8m2",
  "modified": "2025-12-18T00:34:04Z",
  "published": "2022-05-13T01:16:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1125"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3658-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3658-3"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4208"
    },
    {
      "type": "WEB",
      "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2018/q2/122"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104214"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JPXP-6RP5-3WG3

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2025-10-22 00:32
VLAI
Details

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-295",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-10T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-jpxp-6rp5-3wg3",
  "modified": "2025-10-22T00:32:29Z",
  "published": "2022-02-11T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20703"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20703"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-408"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-413"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQ6R-QXVF-4WRV

Vulnerability from github – Published: 2024-04-27 09:30 – Updated: 2024-04-27 09:30
VLAI
Details

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-27T09:15:09Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-jq6r-qxvf-4wrv",
  "modified": "2024-04-27T09:30:34Z",
  "published": "2024-04-27T09:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4246"
    },
    {
      "type": "WEB",
      "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formQosManageDouble_user.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.262137"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.262137"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.319831"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQ84-946J-R77Q

Vulnerability from github – Published: 2024-06-14 15:31 – Updated: 2024-07-03 18:45
VLAI
Details

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-14T14:15:11Z",
    "severity": "HIGH"
  },
  "details": "TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.",
  "id": "GHSA-jq84-946j-r77q",
  "modified": "2024-07-03T18:45:22Z",
  "published": "2024-06-14T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37640"
    },
    {
      "type": "WEB",
      "url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/TOTOLINK/A3700R/setWiFiEasyGuestCfg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQCX-VW98-5Q84

Vulnerability from github – Published: 2024-04-03 03:30 – Updated: 2024-08-01 18:32
VLAI
Details

In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T03:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.",
  "id": "GHSA-jqcx-vw98-5q84",
  "modified": "2024-08-01T18:32:49Z",
  "published": "2024-04-03T03:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30166"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0"
    },
    {
      "type": "WEB",
      "url": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQHC-3V3M-GJX4

Vulnerability from github – Published: 2024-04-12 18:33 – Updated: 2026-01-23 18:31
VLAI
Details

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).

On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition.

This issue affects: Junos OS:

  • all versions before 21.2R3-S6,

  • from 21.3 before 21.3R3-S5,

  • from 21.4 before 21.4R3-S5,

  • from 22.1 before 22.1R3-S3,

  • from 22.2 before 22.2R3-S1,

  • from 22.3 before 22.3R2-S2, 22.3R3,

  • from 22.4 before 22.4R2-S1, 22.4R3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30392"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-12T16:15:39Z",
    "severity": "HIGH"
  },
  "details": "A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJunos OS:\n\n\n\n  *  all versions before 21.2R3-S6,\n\n  *  from 21.3 before 21.3R3-S5,\n\n  *  from 21.4 before 21.4R3-S5,\n\n  *  from 22.1 before 22.1R3-S3,\n\n  *  from 22.2 before 22.2R3-S1,\n\n  *  from 22.3 before 22.3R2-S2, 22.3R3,\n\n  *  from 22.4 before 22.4R2-S1, 22.4R3.",
  "id": "GHSA-jqhc-3v3m-gjx4",
  "modified": "2026-01-23T18:31:21Z",
  "published": "2024-04-12T18:33:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30392"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA79092"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JQQV-G9PC-97QC

Vulnerability from github – Published: 2025-04-23 15:30 – Updated: 2025-04-23 18:30
VLAI
Details

In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-45428"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-23T15:16:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.",
  "id": "GHSA-jqqv-g9pc-97qc",
  "modified": "2025-04-23T18:30:57Z",
  "published": "2025-04-23T15:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45428"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQWJ-JQV8-9WMV

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-25189"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-21T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).",
  "id": "GHSA-jqwj-jqv8-9wmv",
  "modified": "2022-05-24T17:34:38Z",
  "published": "2022-05-24T17:34:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25189"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-324-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.