Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5208 vulnerabilities reference this CWE, most recent first.

GHSA-MMM7-V6RG-XX8H

Vulnerability from github – Published: 2025-08-20 18:30 – Updated: 2025-08-20 18:30
VLAI
Details

MJM QuickPlayer (likely now referred to as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code. Exploitation is achieved via a crafted payload that bypasses DEP and ASLR protections using ROP techniques, and requires user interaction to open the file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-10023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T16:15:34Z",
    "severity": "HIGH"
  },
  "details": "MJM QuickPlayer (likely now referred to as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code. Exploitation is achieved via a crafted payload that bypasses DEP and ASLR protections using ROP techniques, and requires user interaction to open the file.",
  "id": "GHSA-mmm7-v6rg-xx8h",
  "modified": "2025-08-20T18:30:21Z",
  "published": "2025-08-20T18:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-10023"
    },
    {
      "type": "WEB",
      "url": "https://mjm-software.com"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20111016194042/https://www.corelan.be/index.php/forum/security-advisories/corelan-11-003-mjm-quickplayer-2-3-2010-stack-buffer-overflow-s3m"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/17229"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/mjm-quickplayer-s3m-stack-based-buffer-overflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MP63-MM73-JHGM

Vulnerability from github – Published: 2025-04-22 15:30 – Updated: 2025-04-23 15:30
VLAI
Details

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-28033"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-22T14:15:25Z",
    "severity": "HIGH"
  },
  "details": "TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.",
  "id": "GHSA-mp63-mm73-jhgm",
  "modified": "2025-04-23T15:30:52Z",
  "published": "2025-04-22T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28033"
    },
    {
      "type": "WEB",
      "url": "https://locrian-lightning-dc7.notion.site/BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c"
    },
    {
      "type": "WEB",
      "url": "https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPC3-HQR8-W5F3

Vulnerability from github – Published: 2026-01-27 21:31 – Updated: 2026-06-30 03:35
VLAI
Details

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-27T19:16:16Z",
    "severity": "HIGH"
  },
  "details": "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.",
  "id": "GHSA-mpc3-hqr8-w5f3",
  "modified": "2026-06-30T03:35:30Z",
  "published": "2026-01-27T21:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24882"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2719"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2753"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-24882"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433464"
    },
    {
      "type": "WEB",
      "url": "https://dev.gnupg.org/T8045"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24882.json"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPC6-889R-JGRH

Vulnerability from github – Published: 2023-10-04 06:30 – Updated: 2024-03-05 09:31
VLAI
Details

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-30733"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-04T04:15:13Z",
    "severity": "CRITICAL"
  },
  "details": "Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.",
  "id": "GHSA-mpc6-889r-jgrh",
  "modified": "2024-03-05T09:31:18Z",
  "published": "2023-10-04T06:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30733"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPQV-P8RQ-HM8V

Vulnerability from github – Published: 2022-10-15 12:01 – Updated: 2022-10-15 12:01
VLAI
Details

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-14T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-mpqv-p8rq-hm8v",
  "modified": "2022-10-15T12:01:01Z",
  "published": "2022-10-15T12:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38450"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPVX-G3X3-756V

Vulnerability from github – Published: 2024-03-01 03:30 – Updated: 2024-03-01 03:30
VLAI
Details

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1941"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-01T01:15:07Z",
    "severity": "HIGH"
  },
  "details": "\nDelta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.\n\n",
  "id": "GHSA-mpvx-g3x3-756v",
  "modified": "2024-03-01T03:30:34Z",
  "published": "2024-03-01T03:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1941"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-060-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQ3Q-F49J-4FJG

Vulnerability from github – Published: 2024-03-27 03:31 – Updated: 2025-11-04 21:31
VLAI
Details

A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-27T03:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.",
  "id": "GHSA-mq3q-f49j-4fjg",
  "modified": "2025-11-04T21:31:21Z",
  "published": "2024-03-27T03:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25393"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RT-Thread/rt-thread/issues/8288"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2024/Mar/28"
    },
    {
      "type": "WEB",
      "url": "https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Mar/28"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/03/05/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQ89-7CWQ-CHFG

Vulnerability from github – Published: 2024-09-16 21:30 – Updated: 2024-09-18 18:30
VLAI
Details

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-16T21:15:45Z",
    "severity": "HIGH"
  },
  "details": "The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability.",
  "id": "GHSA-mq89-7cwq-chfg",
  "modified": "2024-09-18T18:30:50Z",
  "published": "2024-09-16T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45413"
    },
    {
      "type": "WEB",
      "url": "https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQH3-R83Q-28JH

Vulnerability from github – Published: 2025-05-20 15:30 – Updated: 2025-05-20 18:30
VLAI
Details

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-45862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T14:15:49Z",
    "severity": "MODERATE"
  },
  "details": "TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.",
  "id": "GHSA-mqh3-r83q-28jh",
  "modified": "2025-05-20T18:30:53Z",
  "published": "2025-05-20T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45862"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/7/overflow.md"
    },
    {
      "type": "WEB",
      "url": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQPV-GCV6-R5W9

Vulnerability from github – Published: 2026-02-11 21:30 – Updated: 2026-02-11 21:30
VLAI
Details

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-37200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-11T21:16:14Z",
    "severity": "MODERATE"
  },
  "details": "NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash.",
  "id": "GHSA-mqpv-gcv6-r5w9",
  "modified": "2026-02-11T21:30:41Z",
  "published": "2026-02-11T21:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37200"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/47860"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/netsharewatcher-key-denial-of-service"
    },
    {
      "type": "WEB",
      "url": "http://www.nsauditor.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.