VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 40 of 40
  • CVE-2014-9190Jan 10, 2015
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.

  • CVE-2014-5407Sep 15, 2014
    risk 0.00cvss epss 0.00

    Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.

  • CVE-2014-0770Apr 12, 2014
    risk 0.00cvss epss 0.03

    By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.

  • CVE-2014-0768Apr 12, 2014
    risk 0.00cvss epss 0.03

    An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.

  • CVE-2014-0767Apr 12, 2014
    risk 0.00cvss epss 0.03

    An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely.

  • CVE-2014-0766Apr 12, 2014
    risk 0.00cvss epss 0.03

    An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code.

  • CVE-2014-0765Apr 12, 2014
    risk 0.00cvss epss 0.03

    To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.

  • CVE-2014-0764Apr 12, 2014
    risk 0.00cvss epss 0.03

    By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.

  • CVE-2014-0774Feb 28, 2014
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed…

  • CVE-2014-0753Jan 21, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.