CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5212 vulnerabilities reference this CWE, most recent first.
GHSA-R9C9-3F78-4C7M
Vulnerability from github – Published: 2024-03-22 09:31 – Updated: 2024-03-22 09:31A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-2813"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-22T07:15:47Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-r9c9-3f78-4c7m",
"modified": "2024-03-22T09:31:14Z",
"published": "2024-03-22T09:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2813"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.257668"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.257668"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R9F5-Q3CF-PMQJ
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19956.
{
"affected": [],
"aliases": [
"CVE-2023-35710"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T02:15:33Z",
"severity": "HIGH"
},
"details": "Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19956.",
"id": "GHSA-r9f5-q3cf-pmqj",
"modified": "2024-05-03T03:30:52Z",
"published": "2024-05-03T03:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35710"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-873"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R9HP-MJ25-9RXR
Vulnerability from github – Published: 2025-05-08 21:32 – Updated: 2025-05-12 21:31TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.
{
"affected": [],
"aliases": [
"CVE-2025-45789"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-08T20:15:30Z",
"severity": "MODERATE"
},
"details": "TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.",
"id": "GHSA-r9hp-mj25-9rxr",
"modified": "2025-05-12T21:31:08Z",
"published": "2025-05-08T21:32:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45789"
},
{
"type": "WEB",
"url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3100R-3/README.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R9RW-VQ28-JHQH
Vulnerability from github – Published: 2026-02-05 18:30 – Updated: 2026-02-05 18:30Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.
{
"affected": [],
"aliases": [
"CVE-2020-37120"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-05T17:16:06Z",
"severity": "HIGH"
},
"details": "Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.",
"id": "GHSA-r9rw-vq28-jhqh",
"modified": "2026-02-05T18:30:31Z",
"published": "2026-02-05T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37120"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200109194722/http://www.rubomedical.com/dicom_viewer.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/48351"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/rubo-dicom-viewer-buffer-overflow-seh"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RC4X-JW53-834Q
Vulnerability from github – Published: 2024-04-18 00:30 – Updated: 2025-11-04 21:31A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_submit_report().
{
"affected": [],
"aliases": [
"CVE-2023-4234"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T23:15:07Z",
"severity": "HIGH"
},
"details": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_submit_report().",
"id": "GHSA-rc4x-jw53-834q",
"modified": "2025-11-04T21:31:28Z",
"published": "2024-04-18T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4234"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255399"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBTPKR3LYTTLROPXF77FL4SPLXVHNC4T"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VG6FHQITWUNHBDGPXUQ77SZK5O5BYIBZ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RC55-898M-34HX
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.
{
"affected": [],
"aliases": [
"CVE-2017-9647"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-07T08:29:00Z",
"severity": "HIGH"
},
"details": "A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.",
"id": "GHSA-rc55-898m-34hx",
"modified": "2022-05-13T01:36:06Z",
"published": "2022-05-13T01:36:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9647"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100132"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RC8C-8RR9-CJJ8
Vulnerability from github – Published: 2025-11-04 09:31 – Updated: 2025-11-04 15:31In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800.
{
"affected": [],
"aliases": [
"CVE-2025-20749"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-04T07:15:51Z",
"severity": "MODERATE"
},
"details": "In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800.",
"id": "GHSA-rc8c-8rr9-cjj8",
"modified": "2025-11-04T15:31:35Z",
"published": "2025-11-04T09:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20749"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RC96-Q2XM-FG7C
Vulnerability from github – Published: 2024-04-25 12:30 – Updated: 2024-04-25 12:30A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261984. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-4165"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-25T12:15:07Z",
"severity": "HIGH"
},
"details": "A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261984. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-rc96-q2xm-fg7c",
"modified": "2024-04-25T12:30:50Z",
"published": "2024-04-25T12:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4165"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/G3V15/modifyDhcpRule.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.261984"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.261984"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.318589"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RCQV-JPC6-VW57
Vulnerability from github – Published: 2026-05-21 09:32 – Updated: 2026-05-21 09:32A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.
{
"affected": [],
"aliases": [
"CVE-2026-44056"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-21T08:16:21Z",
"severity": "MODERATE"
},
"details": "A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.",
"id": "GHSA-rcqv-jpc6-vw57",
"modified": "2026-05-21T09:32:09Z",
"published": "2026-05-21T09:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44056"
},
{
"type": "WEB",
"url": "https://netatalk.io/security/CVE-2026-44056"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF2F-PHPV-M2GX
Vulnerability from github – Published: 2025-05-19 09:31 – Updated: 2025-05-19 09:31V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::get_ProgramFile_name function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2025-47758"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-19T08:15:23Z",
"severity": "HIGH"
},
"details": "V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::get_ProgramFile_name function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.",
"id": "GHSA-rf2f-phpv-m2gx",
"modified": "2025-05-19T09:31:09Z",
"published": "2025-05-19T09:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47758"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97228144"
},
{
"type": "WEB",
"url": "https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.