CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5212 vulnerabilities reference this CWE, most recent first.
GHSA-VQJW-HPH4-9R56
Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2025-11-04 21:30Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.
{
"affected": [],
"aliases": [
"CVE-2023-25112"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-06T15:15:14Z",
"severity": "HIGH"
},
"details": "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.",
"id": "GHSA-vqjw-hph4-9r56",
"modified": "2025-11-04T21:30:36Z",
"published": "2023-07-06T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25112"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1716"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQP5-2QC7-5HWG
Vulnerability from github – Published: 2024-04-17 15:30 – Updated: 2024-07-03 18:34Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.
{
"affected": [],
"aliases": [
"CVE-2024-32287"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T14:15:08Z",
"severity": "MODERATE"
},
"details": "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.",
"id": "GHSA-vqp5-2qc7-5hwg",
"modified": "2024-07-03T18:34:49Z",
"published": "2024-04-17T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32287"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromqossetting.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VR3R-85RJ-X4P4
Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2022-04-01 00:01A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-23803"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-16T17:15:00Z",
"severity": "HIGH"
},
"details": "A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-vr3r-85rj-x4p4",
"modified": "2022-04-01T00:01:09Z",
"published": "2022-02-17T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23803"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00009.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EMCGSSP3FIWCSL2KXVXLF35JYZKZE5Q"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1453"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5214"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VR5H-9PPX-X962
Vulnerability from github – Published: 2026-02-11 21:30 – Updated: 2026-02-11 21:30Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.
{
"affected": [],
"aliases": [
"CVE-2020-37183"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T21:16:11Z",
"severity": "HIGH"
},
"details": "Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.",
"id": "GHSA-vr5h-9ppx-x962",
"modified": "2026-02-11T21:30:41Z",
"published": "2026-02-11T21:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37183"
},
{
"type": "WEB",
"url": "https://www.alloksoft.com"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/47910"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/allok-rm-rmvb-to-avi-mpeg-dvd-converter-stack-overflow-seh"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VR74-Q73P-P5RH
Vulnerability from github – Published: 2024-06-20 15:31 – Updated: 2024-11-01 15:31A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-6189"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T14:15:12Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-vr74-q73p-p5rh",
"modified": "2024-11-01T15:31:46Z",
"published": "2024-06-20T15:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6189"
},
{
"type": "WEB",
"url": "https://military-hail-377.notion.site/Tenda-A301V2-0-stack-overflow-c95f23f03b2b4eb5b8ffd3912e9982fd"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.269160"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.269160"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.355264"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VRMC-7FQR-49C6
Vulnerability from github – Published: 2024-05-01 15:30 – Updated: 2024-05-01 15:30There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
{
"affected": [],
"aliases": [
"CVE-2024-33511"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T15:15:15Z",
"severity": "CRITICAL"
},
"details": "There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba\u0027s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. \n\n",
"id": "GHSA-vrmc-7fqr-49c6",
"modified": "2024-05-01T15:30:37Z",
"published": "2024-05-01T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33511"
},
{
"type": "WEB",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRWW-7RMP-3XRM
Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-01 18:31A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more characters. The vulnerability is caused by a bounds check that fails to account for the 2x expansion that occurs when password bytes are converted to hexadecimal.
{
"affected": [],
"aliases": [
"CVE-2026-42482"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T14:16:22Z",
"severity": "CRITICAL"
},
"details": "A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more characters. The vulnerability is caused by a bounds check that fails to account for the 2x expansion that occurs when password bytes are converted to hexadecimal.",
"id": "GHSA-vrww-7rmp-3xrm",
"modified": "2026-05-01T18:31:23Z",
"published": "2026-05-01T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42482"
},
{
"type": "WEB",
"url": "https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV44-RH9Q-4CC8
Vulnerability from github – Published: 2024-08-15 18:31 – Updated: 2024-08-15 21:31Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
{
"affected": [],
"aliases": [
"CVE-2024-42974"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-15T17:15:20Z",
"severity": "MODERATE"
},
"details": "Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.",
"id": "GHSA-vv44-rh9q-4cc8",
"modified": "2024-08-15T21:31:19Z",
"published": "2024-08-15T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42974"
},
{
"type": "WEB",
"url": "https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromwebExcptypemanFilter.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV86-F2P5-M8XV
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18823.
{
"affected": [],
"aliases": [
"CVE-2023-44404"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:53Z",
"severity": "HIGH"
},
"details": "D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18823.",
"id": "GHSA-vv86-f2p5-m8xv",
"modified": "2024-05-03T03:31:04Z",
"published": "2024-05-03T03:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44404"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1502"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV86-JPFF-556F
Vulnerability from github – Published: 2025-04-23 21:30 – Updated: 2025-11-03 21:33Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.
{
"affected": [],
"aliases": [
"CVE-2025-46398"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-23T21:15:16Z",
"severity": "HIGH"
},
"details": "Stack-overflow\u00a0in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.",
"id": "GHSA-vv86-jpff-556f",
"modified": "2025-11-03T21:33:41Z",
"published": "2025-04-23T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46398"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-46398"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362055"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/mcj/tickets/191"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.