VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 21 of 40
  • CVE-2020-37142HigFeb 5, 2026
    risk 0.55cvss 8.4epss 0.00

    10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add'…

  • CVE-2026-0660HigFeb 4, 2026
    risk 0.55cvss 8.4epss 0.00

    A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2020-37013HigJan 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode…

  • CVE-2020-37001HigJan 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception…

  • CVE-2020-36971HigJan 28, 2026
    risk 0.55cvss 8.4epss 0.00

    Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system.

  • CVE-2020-36965HigJan 28, 2026
    risk 0.55cvss 8.4epss 0.00

    docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler (SEH) overwrite to execute…

  • CVE-2021-47881HigJan 23, 2026
    risk 0.55cvss 8.4epss 0.00

    dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to…

  • CVE-2024-35333HigMay 29, 2024
    risk 0.55cvss 8.4epss 0.00

    A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially…

  • CVE-2026-10898HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-41927HigMay 4, 2026
    risk 0.54cvss epss 0.00

    WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a…

  • CVE-2026-26239HigJun 10, 2026
    risk 0.53cvss 8.1epss 0.00

    A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5…

  • CVE-2026-29972HigMay 8, 2026
    risk 0.53cvss 8.2epss 0.01

    nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server response to the caller-provided buffer…

  • CVE-2026-26354HigApr 22, 2026
    risk 0.53cvss 8.1epss 0.01

    Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An…

  • CVE-2025-4425HigJul 30, 2025
    risk 0.53cvss 8.2epss 0.00

    The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/home

  • CVE-2025-1533HigMay 12, 2025
    risk 0.53cvss epss 0.00

    A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS…

  • CVE-2024-45413HigSep 16, 2024
    risk 0.53cvss 8.1epss 0.00

    The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated…

  • CVE-2024-33599HigMay 6, 2024
    risk 0.53cvss 8.1epss 0.01

    nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15…

  • CVE-2023-5403HigApr 17, 2024
    risk 0.53cvss 8.1epss 0.01

    Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.

  • CVE-2023-5401HigApr 17, 2024
    risk 0.53cvss 8.1epss 0.01

    Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading…

  • CVE-2023-5395HigApr 17, 2024
    risk 0.53cvss 8.1epss 0.01

    Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.