CWE-121
Stack-based Buffer Overflow
Description
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Hierarchy (View 1000)
CVEs mapped to this weakness (790)
page 24 of 40| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5602 | Hig | 0.51 | 7.8 | 0.00 | Jul 23, 2024 | A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed… | ||
| CVE-2024-37997 | Hig | 0.51 | 7.8 | 0.00 | Jul 9, 2024 | A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter… | ||
| CVE-2018-14800 | Hig | 0.51 | 7.8 | 0.02 | Oct 3, 2018 | Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. | ||
| CVE-2017-15101 | Hig | 0.51 | 7.8 | 0.02 | Jul 27, 2018 | A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. | ||
| CVE-2018-1046 | Hig | 0.51 | 7.8 | 0.01 | Jul 16, 2018 | pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution.… | ||
| CVE-2018-8839 | Hig | 0.51 | 7.8 | 0.00 | Apr 30, 2018 | Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code… | ||
| CVE-2018-7514 | Hig | 0.51 | 7.8 | 0.00 | Apr 17, 2018 | Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator… | ||
| CVE-2018-5476 | Hig | 0.51 | 7.8 | 0.02 | Mar 15, 2018 | A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute… | ||
| CVE-2017-16751 | Hig | 0.51 | 7.8 | 0.02 | Mar 15, 2018 | A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute… | ||
| CVE-2017-16739 | Hig | 0.51 | 7.8 | 0.02 | Jan 12, 2018 | An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution. | ||
| CVE-2017-12188 | Hig | 0.51 | 7.8 | 0.00 | Oct 11, 2017 | arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service… | ||
| CVE-2026-44634 | Hig | 0.50 | — | 0.00 | Jun 10, 2026 | SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write… | ||
| CVE-2026-44048 | Hig | 0.50 | 8.8 | 0.00 | May 21, 2026 | A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service. | ||
| CVE-2026-34464 | Hig | 0.50 | 8.8 | 0.00 | May 5, 2026 | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer using wcscat without verifying null… | ||
| CVE-2026-34459 | Hig | 0.50 | 8.8 | 0.00 | May 5, 2026 | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process… | ||
| CVE-2026-42468 | Hig | 0.50 | 8.8 | 0.00 | May 1, 2026 | Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted PCAP input. | ||
| CVE-2026-37536 | Hig | 0.50 | 8.8 | 0.00 | May 1, 2026 | miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) receives memcpy at offset 1+pid_length with payload_length bytes.… | ||
| CVE-2026-41429 | Hig | 0.50 | 8.8 | 0.00 | Apr 24, 2026 | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the… | ||
| CVE-2026-4747 | Hig | 0.50 | 8.8 | 0.02 | Mar 26, 2026 | Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. … | ||
| CVE-2025-34457 | Hig | 0.50 | — | 0.00 | Dec 22, 2025 | wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length… |
- risk 0.51cvss 7.8epss 0.00
A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed…
- risk 0.51cvss 7.8epss 0.00
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter…
- risk 0.51cvss 7.8epss 0.02
Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.
- risk 0.51cvss 7.8epss 0.02
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.
- risk 0.51cvss 7.8epss 0.01
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution.…
- risk 0.51cvss 7.8epss 0.00
Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code…
- risk 0.51cvss 7.8epss 0.00
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator…
- risk 0.51cvss 7.8epss 0.02
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute…
- risk 0.51cvss 7.8epss 0.02
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute…
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.
- risk 0.51cvss 7.8epss 0.00
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service…
- risk 0.50cvss —epss 0.00
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write…
- risk 0.50cvss 8.8epss 0.00
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.
- risk 0.50cvss 8.8epss 0.00
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer using wcscat without verifying null…
- risk 0.50cvss 8.8epss 0.00
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process…
- risk 0.50cvss 8.8epss 0.00
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted PCAP input.
- risk 0.50cvss 8.8epss 0.00
miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) receives memcpy at offset 1+pid_length with payload_length bytes.…
- risk 0.50cvss 8.8epss 0.00
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the…
- risk 0.50cvss 8.8epss 0.02
Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. …
- risk 0.50cvss —epss 0.00
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length…