VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 2 of 40
  • CVE-2010-20049CriAug 20, 2025
    risk 0.68cvss epss 0.01

    LeapFTP < 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured…

  • CVE-2017-3195CriDec 16, 2017
    risk 0.68cvss 9.8epss 0.21

    Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.

  • CVE-2013-2597HigKEVAug 31, 2014
    risk 0.67cvss 8.4epss 0.02

    Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an…

  • CVE-2024-33512CriMay 1, 2024
    risk 0.66cvss 9.8epss 0.15

    There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).…

  • CVE-2024-33511CriMay 1, 2024
    risk 0.66cvss 9.8epss 0.15

    There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful…

  • CVE-2025-54328CriApr 6, 2026
    risk 0.65cvss 10.0epss 0.01

    An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while…

  • CVE-2010-10014HigAug 20, 2025
    risk 0.65cvss epss 0.01

    Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the…

  • CVE-2011-10016CriAug 13, 2025
    risk 0.65cvss epss 0.00

    Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer…

  • CVE-2012-10043CriAug 8, 2025
    risk 0.65cvss epss 0.00

    A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe…

  • CVE-2012-10031HigAug 5, 2025
    risk 0.65cvss epss 0.01

    BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a…

  • CVE-2025-34108HigJul 15, 2025
    risk 0.65cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the…

  • CVE-2025-34107HigJul 15, 2025
    risk 0.65cvss epss 0.01

    A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible…

  • CVE-2024-36435CriJul 11, 2024
    risk 0.65cvss 9.8epss 0.01

    An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code…

  • CVE-2023-3943CriMay 21, 2024
    risk 0.65cvss 10.0epss 0.01

    Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. …

  • CVE-2018-14829CriSep 20, 2018
    risk 0.65cvss 9.8epss 0.16

    Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential…

  • CVE-2018-5002HigKEVJul 9, 2018
    risk 0.65cvss 7.8epss 0.25

    Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2026-44815CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-27671CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This…

  • CVE-2026-11499CriJun 8, 2026
    risk 0.64cvss 9.8epss 0.07

    A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from…

  • CVE-2018-25427CriJun 1, 2026
    risk 0.64cvss 9.8epss 0.01

    Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the…