VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 2 of 29
  • CVE-2025-34523CriAug 27, 2025
    risk 0.64cvss 9.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By…

  • CVE-2025-53766CriAug 12, 2025
    risk 0.64cvss 9.8epss 0.07

    Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

  • CVE-2025-40906CriMay 16, 2025
    risk 0.64cvss 9.8epss 0.01

    BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of…

  • CVE-2024-49775CriDec 16, 2024
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS…

  • CVE-2024-40754CriSep 10, 2024
    risk 0.64cvss 9.8epss 0.00

    Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.

  • CVE-2024-33698CriSep 10, 2024
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All…

  • CVE-2024-22857CriMar 7, 2024
    risk 0.64cvss 9.8epss 0.02

    Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. So a check was missing in zlog_rule_new() while copying the record_name from file_path + 1…

  • CVE-2021-33485CriAug 3, 2021
    risk 0.64cvss 9.8epss 0.01

    CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

  • CVE-2019-5482CriSep 16, 2019
    risk 0.64cvss 9.8epss 0.18

    Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

  • CVE-2018-14794CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.02

    Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer.

  • CVE-2018-14813CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2018-10617CriJun 18, 2018
    risk 0.64cvss 9.8epss 0.04

    Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or…

  • CVE-2018-8871CriMay 25, 2018
    risk 0.64cvss 9.8epss 0.04

    In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.

  • CVE-2018-8845CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.06

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been…

  • CVE-2017-9636CriApr 17, 2018
    risk 0.64cvss 9.8epss 0.04

    Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.

  • CVE-2017-7555CriAug 17, 2017
    risk 0.64cvss 9.8epss 0.05

    Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible…

  • CVE-2026-42904CriJun 9, 2026
    risk 0.62cvss 9.6epss 0.00

    Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

  • CVE-2026-6296CriApr 15, 2026
    risk 0.62cvss 9.6epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2025-34164CriAug 30, 2025
    risk 0.61cvss epss 0.01

    A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or execute arbitrary code.

  • CVE-2017-13090HigOct 27, 2017
    risk 0.60cvss 8.8epss 0.37

    The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries…