VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 5 of 40
  • CVE-2024-58299CriDec 12, 2025
    risk 0.64cvss 9.8epss 0.01

    PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access.

  • CVE-2025-62691CriNov 25, 2025
    risk 0.64cvss 9.8epss 0.01

    Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege.

  • CVE-2024-45162CriOct 29, 2025
    risk 0.64cvss 9.8epss 0.00

    A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field.

  • CVE-2025-10392CriSep 14, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now…

  • CVE-2025-40795CriSep 9, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer…

  • CVE-2011-10015CriAug 13, 2025
    risk 0.64cvss epss 0.00

    Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking.…

  • CVE-2011-10008HigJul 31, 2025
    risk 0.64cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack…

  • CVE-2025-41687CriJul 23, 2025
    risk 0.64cvss 9.8epss 0.01

    An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

  • CVE-2025-7921CriJul 21, 2025
    risk 0.64cvss 9.8epss 0.01

    Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and potentially execute arbitrary code.

  • CVE-2025-41426CriMay 21, 2025
    risk 0.64cvss 9.8epss 0.01

    Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device.

  • CVE-2025-3714CriMay 9, 2025
    risk 0.64cvss 9.8epss 0.01

    The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

  • CVE-2025-3711CriMay 9, 2025
    risk 0.64cvss 9.8epss 0.01

    The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

  • CVE-2025-3710CriMay 9, 2025
    risk 0.64cvss 9.8epss 0.01

    The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

  • CVE-2024-43663CriJan 9, 2025
    risk 0.64cvss 9.8epss 0.01

    There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High – Given the prevalence of these buffer overflows, and the clear error…

  • CVE-2024-43661CriJan 9, 2025
    risk 0.64cvss 9.8epss 0.00

    The .so library, which is used by , is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the action of the .exe CGI binary or to…

  • CVE-2024-48871CriDec 6, 2024
    risk 0.64cvss 9.8epss 0.01

    The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution.

  • CVE-2024-52544CriDec 3, 2024
    risk 0.64cvss 9.8epss 0.01

    An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.

  • CVE-2024-45415CriSep 16, 2024
    risk 0.64cvss 9.8epss 0.00

    The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it…

  • CVE-2024-45414CriSep 16, 2024
    risk 0.64cvss 9.8epss 0.00

    The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the…

  • CVE-2024-45158CriSep 5, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits…