CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5208 vulnerabilities reference this CWE, most recent first.
GHSA-MMM7-V6RG-XX8H
Vulnerability from github – Published: 2025-08-20 18:30 – Updated: 2025-08-20 18:30MJM QuickPlayer (likely now referred to as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code. Exploitation is achieved via a crafted payload that bypasses DEP and ASLR protections using ROP techniques, and requires user interaction to open the file.
{
"affected": [],
"aliases": [
"CVE-2011-10023"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-20T16:15:34Z",
"severity": "HIGH"
},
"details": "MJM QuickPlayer (likely now referred to as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code. Exploitation is achieved via a crafted payload that bypasses DEP and ASLR protections using ROP techniques, and requires user interaction to open the file.",
"id": "GHSA-mmm7-v6rg-xx8h",
"modified": "2025-08-20T18:30:21Z",
"published": "2025-08-20T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-10023"
},
{
"type": "WEB",
"url": "https://mjm-software.com"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20111016194042/https://www.corelan.be/index.php/forum/security-advisories/corelan-11-003-mjm-quickplayer-2-3-2010-stack-buffer-overflow-s3m"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/17229"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/mjm-quickplayer-s3m-stack-based-buffer-overflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MP63-MM73-JHGM
Vulnerability from github – Published: 2025-04-22 15:30 – Updated: 2025-04-23 15:30TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.
{
"affected": [],
"aliases": [
"CVE-2025-28033"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-22T14:15:25Z",
"severity": "HIGH"
},
"details": "TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.",
"id": "GHSA-mp63-mm73-jhgm",
"modified": "2025-04-23T15:30:52Z",
"published": "2025-04-22T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28033"
},
{
"type": "WEB",
"url": "https://locrian-lightning-dc7.notion.site/BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c"
},
{
"type": "WEB",
"url": "https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MPC3-HQR8-W5F3
Vulnerability from github – Published: 2026-01-27 21:31 – Updated: 2026-06-30 03:35In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
{
"affected": [],
"aliases": [
"CVE-2026-24882"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T19:16:16Z",
"severity": "HIGH"
},
"details": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.",
"id": "GHSA-mpc3-hqr8-w5f3",
"modified": "2026-06-30T03:35:30Z",
"published": "2026-01-27T21:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2719"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2753"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-24882"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433464"
},
{
"type": "WEB",
"url": "https://dev.gnupg.org/T8045"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24882.json"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPC6-889R-JGRH
Vulnerability from github – Published: 2023-10-04 06:30 – Updated: 2024-03-05 09:31Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.
{
"affected": [],
"aliases": [
"CVE-2023-30733"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-04T04:15:13Z",
"severity": "CRITICAL"
},
"details": "Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.",
"id": "GHSA-mpc6-889r-jgrh",
"modified": "2024-03-05T09:31:18Z",
"published": "2023-10-04T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30733"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MPQV-P8RQ-HM8V
Vulnerability from github – Published: 2022-10-15 12:01 – Updated: 2022-10-15 12:01Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-38450"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T20:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-mpqv-p8rq-hm8v",
"modified": "2022-10-15T12:01:01Z",
"published": "2022-10-15T12:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38450"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPVX-G3X3-756V
Vulnerability from github – Published: 2024-03-01 03:30 – Updated: 2024-03-01 03:30Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2024-1941"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-01T01:15:07Z",
"severity": "HIGH"
},
"details": "\nDelta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.\n\n",
"id": "GHSA-mpvx-g3x3-756v",
"modified": "2024-03-01T03:30:34Z",
"published": "2024-03-01T03:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1941"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-060-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQ3Q-F49J-4FJG
Vulnerability from github – Published: 2024-03-27 03:31 – Updated: 2025-11-04 21:31A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.
{
"affected": [],
"aliases": [
"CVE-2024-25393"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-27T03:15:11Z",
"severity": "CRITICAL"
},
"details": "A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.",
"id": "GHSA-mq3q-f49j-4fjg",
"modified": "2025-11-04T21:31:21Z",
"published": "2024-03-27T03:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25393"
},
{
"type": "WEB",
"url": "https://github.com/RT-Thread/rt-thread/issues/8288"
},
{
"type": "WEB",
"url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2024/Mar/28"
},
{
"type": "WEB",
"url": "https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/28"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/05/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQ89-7CWQ-CHFG
Vulnerability from github – Published: 2024-09-16 21:30 – Updated: 2024-09-18 18:30The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-45413"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-16T21:15:45Z",
"severity": "HIGH"
},
"details": "The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability.",
"id": "GHSA-mq89-7cwq-chfg",
"modified": "2024-09-18T18:30:50Z",
"published": "2024-09-16T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45413"
},
{
"type": "WEB",
"url": "https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQH3-R83Q-28JH
Vulnerability from github – Published: 2025-05-20 15:30 – Updated: 2025-05-20 18:30TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.
{
"affected": [],
"aliases": [
"CVE-2025-45862"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T14:15:49Z",
"severity": "MODERATE"
},
"details": "TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.",
"id": "GHSA-mqh3-r83q-28jh",
"modified": "2025-05-20T18:30:53Z",
"published": "2025-05-20T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45862"
},
{
"type": "WEB",
"url": "https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/7/overflow.md"
},
{
"type": "WEB",
"url": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MQPV-GCV6-R5W9
Vulnerability from github – Published: 2026-02-11 21:30 – Updated: 2026-02-11 21:30NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash.
{
"affected": [],
"aliases": [
"CVE-2020-37200"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T21:16:14Z",
"severity": "MODERATE"
},
"details": "NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash.",
"id": "GHSA-mqpv-gcv6-r5w9",
"modified": "2026-02-11T21:30:41Z",
"published": "2026-02-11T21:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37200"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/47860"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/netsharewatcher-key-denial-of-service"
},
{
"type": "WEB",
"url": "http://www.nsauditor.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.