Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5207 vulnerabilities reference this CWE, most recent first.

GHSA-PC4X-J8X7-66JG

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability.

The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21620.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:34Z",
    "severity": "MODERATE"
  },
  "details": "D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21620.",
  "id": "GHSA-pc4x-j8x7-66jg",
  "modified": "2024-05-03T03:31:00Z",
  "published": "2024-05-03T03:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41220"
    },
    {
      "type": "WEB",
      "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10350"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1328"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PC92-542G-JRP5

Vulnerability from github – Published: 2024-05-16 09:33 – Updated: 2024-05-16 09:33
VLAI
Details

Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30293"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-16T09:15:11Z",
    "severity": "HIGH"
  },
  "details": "Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-pc92-542g-jrp5",
  "modified": "2024-05-16T09:33:08Z",
  "published": "2024-05-16T09:33:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30293"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/animate/apsb24-36.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PC9F-29P9-88XF

Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2024-07-03 18:40
VLAI
Details

HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:15:33Z",
    "severity": "CRITICAL"
  },
  "details": "HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.",
  "id": "GHSA-pc9f-29p9-88xf",
  "modified": "2024-07-03T18:40:26Z",
  "published": "2024-05-14T15:32:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29164"
    },
    {
      "type": "WEB",
      "url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCF4-RWP2-6PV4

Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31
VLAI
Details

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T15:15:22Z",
    "severity": "HIGH"
  },
  "details": "InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-pcf4-rwp2-6pv4",
  "modified": "2024-08-14T15:31:18Z",
  "published": "2024-08-14T15:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39389"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCWC-J2M8-3J5J

Vulnerability from github – Published: 2024-01-08 21:30 – Updated: 2024-01-08 21:30
VLAI
Details

A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-08T21:15:10Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-pcwc-j2m8-3j5j",
  "modified": "2024-01-08T21:30:34Z",
  "published": "2024-01-08T21:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7218"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.249852"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.249852"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PF4H-WCFC-95M7

Vulnerability from github – Published: 2025-07-31 15:35 – Updated: 2025-11-26 15:34
VLAI
Details

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-10042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-31T15:15:34Z",
    "severity": "CRITICAL"
  },
  "details": "A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.",
  "id": "GHSA-pf4h-wcfc-95m7",
  "modified": "2025-11-26T15:34:09Z",
  "published": "2025-07-31T15:35:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-10042"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/27747"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PF4W-4444-Q95V

Vulnerability from github – Published: 2026-06-26 09:30 – Updated: 2026-06-26 09:30
VLAI
Details

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T08:16:24Z",
    "severity": "CRITICAL"
  },
  "details": "An unauthenticated\nstack-based buffer overflow vulnerability exists in ssvr in GeoVision\nGV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by\ninsufficient bounds checking when parsing RTSP Digest authentication fields. A\nremote attacker may exploit this vulnerability by sending a crafted RTSP\nrequest containing overly long authentication data, resulting in memory\ncorruption, denial of service, or potentially arbitrary code execution.",
  "id": "GHSA-pf4w-4444-q95v",
  "modified": "2026-06-26T09:30:47Z",
  "published": "2026-06-26T09:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57880"
    },
    {
      "type": "WEB",
      "url": "https://www.geovision.com.tw/cyber_security.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFC9-F9J3-73FH

Vulnerability from github – Published: 2023-01-12 00:30 – Updated: 2023-01-23 18:30
VLAI
Details

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015864, the value for the id key is copied using strcpy to the buffer at $sp+0x290.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-11T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015864, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.",
  "id": "GHSA-pfc9-f9j3-73fh",
  "modified": "2023-01-23T18:30:19Z",
  "published": "2023-01-12T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16262"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFJF-FVQX-MC5Q

Vulnerability from github – Published: 2024-04-17 15:30 – Updated: 2024-07-03 18:34
VLAI
Details

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-32313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T13:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function.",
  "id": "GHSA-pfjf-fvqx-mc5q",
  "modified": "2024-07-03T18:34:46Z",
  "published": "2024-04-17T15:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32313"
    },
    {
      "type": "WEB",
      "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWanParameterSetting.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFRW-8J6P-XMX6

Vulnerability from github – Published: 2024-04-02 09:30 – Updated: 2024-08-27 18:31
VLAI
Details

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-02T08:15:59Z",
    "severity": "CRITICAL"
  },
  "details": "Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.",
  "id": "GHSA-pfrw-8j6p-xmx6",
  "modified": "2024-08-27T18:31:34Z",
  "published": "2024-04-02T09:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31002"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/939"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-31002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.