VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 31 of 40
  • CVE-2025-59612MedJun 1, 2026
    risk 0.44cvss 6.7epss 0.00

    Memory corruption in windows drivers while sending incorrect trusted application request

  • CVE-2026-42919MedMay 13, 2026
    risk 0.44cvss 6.7epss 0.00

    A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical…

  • CVE-2026-34462HigMay 5, 2026
    risk 0.44cvss 7.8epss 0.00

    Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandler) copy a WCHAR boxname[34] field from request structures into WCHAR[40] stack…

  • CVE-2026-34461HigMay 5, 2026
    risk 0.44cvss 7.8epss 0.00

    Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_INI_RUN_SBIE_CTRL message is handled before normal sandbox and impersonation…

  • CVE-2026-26951MedApr 20, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially…

  • CVE-2026-35553MedApr 13, 2026
    risk 0.44cvss 6.7epss 0.00

    Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.

  • CVE-2026-39853HigApr 9, 2026
    risk 0.44cvss 7.8epss 0.00

    osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code copies the digest value from a…

  • CVE-2026-33491HigMar 26, 2026
    risk 0.44cvss 7.8epss 0.00

    Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause a compiler crash or potentially execute arbitrary code by providing a specially…

  • CVE-2025-9336MedOct 13, 2025
    risk 0.44cvss epss 0.00

    A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the…

  • CVE-2024-4550MedSep 13, 2024
    risk 0.44cvss 6.7epss 0.00

    A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.

  • CVE-2024-3100MedSep 13, 2024
    risk 0.44cvss 6.7epss 0.00

    A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.

  • CVE-2023-52162MedJun 3, 2024
    risk 0.44cvss 6.7epss 0.01

    Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires authentication.

  • CVE-2017-12732MedOct 5, 2017
    risk 0.44cvss 6.8epss 0.01

    A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.

  • CVE-2017-9647MedAug 7, 2017
    risk 0.43cvss 6.6epss 0.01

    A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid,…

  • CVE-2026-36798MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP…

  • CVE-2026-36777MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36773MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-36772MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-62858MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the…

  • CVE-2026-1871MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core…