CWE-121
Stack-based Buffer Overflow
Description
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Hierarchy (View 1000)
CVEs mapped to this weakness (790)
page 30 of 40| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38509 | Hig | 0.47 | 7.2 | 0.01 | Jul 26, 2024 | A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. | ||
| CVE-2024-31163 | Hig | 0.47 | 7.2 | 0.01 | Jun 14, 2024 | ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. | ||
| CVE-2024-3079 | — | Hig | 0.47 | 7.2 | 0.01 | Jun 14, 2024 | Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. | |
| CVE-2026-49759 | Hig | 0.46 | 8.2 | 0.01 | Jun 10, 2026 | Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks… | ||
| CVE-2026-9669 | Hig | 0.46 | — | 0.00 | Jun 8, 2026 | bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to… | ||
| CVE-2026-6665 | Hig | 0.46 | 8.1 | 0.00 | May 9, 2026 | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow. | ||
| CVE-2026-32195 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-26386 | Hig | 0.46 | — | 0.00 | Jan 28, 2026 | Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of… | ||
| CVE-2025-23388 | Hig | 0.46 | 8.2 | 0.01 | Apr 11, 2025 | A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. | ||
| CVE-2024-55577 | Hig | 0.46 | 7.0 | 0.00 | Jan 15, 2025 | Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software processes a file which is specially crafted by an attacker, arbitrary code may be executed. As a result, the attacker may obtain or alter information of the user environment or… | ||
| CVE-2026-54502 | hig | 0.45 | — | — | Jun 19, 2026 | ### Summary `Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `dump.h` calls `memset(indent_str, ' ', (size_t)opts->indent)` without validating the size. When `opts->indent` is set to `INT_MAX`… | ||
| CVE-2026-5295 | Hig | 0.45 | 8.0 | 0.00 | Apr 9, 2026 | A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) recipient, the function copies an ASN.1-parsed OID into a fixed… | ||
| CVE-2025-59365 | — | Med | 0.45 | — | 0.00 | Nov 25, 2025 | A stack buffer overflow vulnerability has been identified in certain router models. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router… | |
| CVE-2024-41882 | Med | 0.45 | — | 0.01 | Dec 24, 2024 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for… | ||
| CVE-2024-56139 | Med | 0.45 | — | 0.00 | Dec 17, 2024 | pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their… | ||
| CVE-2024-23933 | Med | 0.45 | 6.8 | 0.01 | Sep 23, 2024 | Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this… | ||
| CVE-2017-14016 | Med | 0.45 | 6.3 | 0.16 | Nov 6, 2017 | A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary… | ||
| CVE-2026-6240 | Med | 0.44 | — | 0.00 | Jun 6, 2026 | A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive… | ||
| CVE-2026-6239 | Med | 0.44 | — | 0.00 | Jun 6, 2026 | A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request… | ||
| CVE-2025-59613 | Med | 0.44 | 6.7 | 0.00 | Jun 1, 2026 | Memory Corruption when output buffer size is smaller than input buffer size during data copying operation. |
- risk 0.47cvss 7.2epss 0.01
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.
- risk 0.47cvss 7.2epss 0.01
ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.
- risk 0.47cvss 7.2epss 0.01
Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.
- risk 0.46cvss 8.2epss 0.01
Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks…
- risk 0.46cvss —epss 0.00
bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to…
- risk 0.46cvss 8.1epss 0.00
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.
- risk 0.46cvss 7.0epss 0.00
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss —epss 0.00
Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of…
- risk 0.46cvss 8.2epss 0.01
A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
- risk 0.46cvss 7.0epss 0.00
Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software processes a file which is specially crafted by an attacker, arbitrary code may be executed. As a result, the attacker may obtain or alter information of the user environment or…
- risk 0.45cvss —epss —
### Summary `Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `dump.h` calls `memset(indent_str, ' ', (size_t)opts->indent)` without validating the size. When `opts->indent` is set to `INT_MAX`…
- risk 0.45cvss 8.0epss 0.00
A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) recipient, the function copies an ASN.1-parsed OID into a fixed…
- risk 0.45cvss —epss 0.00
A stack buffer overflow vulnerability has been identified in certain router models. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router…
- risk 0.45cvss —epss 0.01
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for…
- risk 0.45cvss —epss 0.00
pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their…
- risk 0.45cvss 6.8epss 0.01
Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this…
- risk 0.45cvss 6.3epss 0.16
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary…
- risk 0.44cvss —epss 0.00
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive…
- risk 0.44cvss —epss 0.00
A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request…
- risk 0.44cvss 6.7epss 0.00
Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.