Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5204 vulnerabilities reference this CWE, most recent first.

CVE-2026-39853 (GCVE-0-2026-39853)

Vulnerability from cvelistv5 – Published: 2026-04-09 15:50 – Updated: 2026-04-09 16:15
VLAI
Title
osslsigncode has a Stack Buffer Overflow via Unbounded Digest Copy During Signature Verification
Summary
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code copies the digest value from a parsed SpcIndirectDataContent structure into a fixed-size stack buffer (mdbuf[EVP_MAX_MD_SIZE], 64 bytes) without validating that the source length fits within the destination buffer. This pattern is present in the verification handlers for PE, MSI, CAB, and script files. An attacker can craft a malicious signed file with an oversized digest field in SpcIndirectDataContent. When a user verifies such a file with osslsigncode verify, the unbounded memcpy can overflow the stack buffer and corrupt adjacent stack state. This vulnerability is fixed in 2.12.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
mtrojnar osslsigncode Affected: < 2.12
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-39853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T16:13:50.325421Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-09T16:15:19.583Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "osslsigncode",
          "vendor": "mtrojnar",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code copies the digest value from a parsed SpcIndirectDataContent structure into a fixed-size stack buffer  (mdbuf[EVP_MAX_MD_SIZE], 64 bytes) without validating that the source length fits within the destination buffer. This pattern is present in the verification handlers for PE, MSI, CAB, and script files. An attacker can craft a malicious signed file with an oversized digest field in SpcIndirectDataContent. When a user verifies such a file with osslsigncode verify, the unbounded memcpy can overflow the stack buffer and corrupt adjacent stack state. This vulnerability is fixed in 2.12."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T15:50:26.548Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mtrojnar/osslsigncode/security/advisories/GHSA-hx87-8754-xvh4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mtrojnar/osslsigncode/security/advisories/GHSA-hx87-8754-xvh4"
        },
        {
          "name": "https://github.com/mtrojnar/osslsigncode/commit/cbee1e723c5a8547302bd841ad9943ed8144db68",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mtrojnar/osslsigncode/commit/cbee1e723c5a8547302bd841ad9943ed8144db68"
        },
        {
          "name": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.12",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.12"
        }
      ],
      "source": {
        "advisory": "GHSA-hx87-8754-xvh4",
        "discovery": "UNKNOWN"
      },
      "title": "osslsigncode has a Stack Buffer Overflow via Unbounded Digest Copy During Signature Verification"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-39853",
    "datePublished": "2026-04-09T15:50:26.548Z",
    "dateReserved": "2026-04-07T19:13:20.378Z",
    "dateUpdated": "2026-04-09T16:15:19.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39461 (GCVE-0-2026-39461)

Vulnerability from cvelistv5 – Published: 2026-05-21 09:20 – Updated: 2026-05-22 03:55
VLAI
Title
select(2) file descriptor set overflow causes stack overflow
Summary
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024). An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
FreeBSD FreeBSD Affected: 15.0-RELEASE , < p9 (release)
Affected: 14.4-RELEASE , < p5 (release)
Affected: 14.3-RELEASE , < p14 (release)
Create a notification for this product.
Date Public
2026-05-20 23:00
Credits
Joshua Rogers of AISLE Research Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-39461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-21T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T03:55:38.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "libcasper"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "p9",
              "status": "affected",
              "version": "15.0-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p5",
              "status": "affected",
              "version": "14.4-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p14",
              "status": "affected",
              "version": "14.3-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joshua Rogers of AISLE Research Team"
        }
      ],
      "datePublic": "2026-05-20T23:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available.  However, it does not verify that its socket descriptor fits within select(2)\u0027s descriptor set size limit of FD_SETSIZE (1024).\n\nAn attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption.  If the target application runs with setuid root privileges, this could be used to escalate local privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-21T09:20:26.126Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:22.libcasper.asc"
        }
      ],
      "title": "select(2) file descriptor set overflow causes stack overflow",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2026-39461",
    "datePublished": "2026-05-21T09:20:26.126Z",
    "dateReserved": "2026-04-28T15:08:10.637Z",
    "dateUpdated": "2026-05-22T03:55:38.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39457 (GCVE-0-2026-39457)

Vulnerability from cvelistv5 – Published: 2026-04-30 08:01 – Updated: 2026-05-01 03:55
VLAI
Title
Stack overflow via select() file descriptor set overflow
Summary
When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able to force a libnv application to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, can trigger stack corruption. If the target application is setuid-root, then this could be used to elevate local privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
FreeBSD FreeBSD Affected: 15.0-RELEASE , < p7 (release)
Affected: 14.4-RELEASE , < p3 (release)
Affected: 14.3-RELEASE , < p12 (release)
Affected: 13.5-RELEASE , < p13 (release)
Create a notification for this product.
Date Public
2026-04-29 19:00
Credits
Joshua Rogers of AISLE Research Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-39457",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-01T03:55:51.194Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "libnv"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "p7",
              "status": "affected",
              "version": "15.0-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p3",
              "status": "affected",
              "version": "14.4-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p12",
              "status": "affected",
              "version": "14.3-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p13",
              "status": "affected",
              "version": "13.5-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joshua Rogers of AISLE Research Team"
        }
      ],
      "datePublic": "2026-04-29T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "When exchanging data over a socket, libnv uses select(2) to wait for data to arrive.  However, it does not verify whether the provided socket descriptor fits in select(2)\u0027s file descriptor set size limit of FD_SETSIZE (1024).\n\nAn attacker who is able to force a libnv application to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, can trigger stack corruption.  If the target application is setuid-root, then this could be used to elevate local privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T08:01:49.015Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc"
        }
      ],
      "title": "Stack overflow via select() file descriptor set overflow",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2026-39457",
    "datePublished": "2026-04-30T08:01:49.015Z",
    "dateReserved": "2026-04-28T15:08:10.626Z",
    "dateUpdated": "2026-05-01T03:55:51.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35553 (GCVE-0-2026-35553)

Vulnerability from cvelistv5 – Published: 2026-04-13 04:03 – Updated: 2026-04-13 15:00
VLAI
Summary
Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based buffer overflow
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35553",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T15:00:14.215479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T15:00:22.042Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TOSRFEC.SYS",
          "vendor": "Dynabook Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DRFEC.SYS",
          "vendor": "Dynabook Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "v11.0.0.0 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based buffer overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T04:03:43.009Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://global.sharp/corporate/info/product-security/advisory-list/2026-001/"
        },
        {
          "url": "https://corporate.jp.sharp/info/product-security/advisory-list/2026-001/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU96334293/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2026-35553",
    "datePublished": "2026-04-13T04:03:43.009Z",
    "dateReserved": "2026-04-03T08:21:59.910Z",
    "dateUpdated": "2026-04-13T15:00:22.042Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35085 (GCVE-0-2026-35085)

Vulnerability from cvelistv5 – Published: 2026-06-03 10:42 – Updated: 2026-07-03 08:53
VLAI
Title
Stack buffer overflow in method gdv-serverconfig
Summary
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
Credits
Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35085",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T12:38:10.423532Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T12:38:18.598Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Single-A",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-A Profibus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-A x-link",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Single-X",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X CAN",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X DALI",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X KNX",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X M-Bus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X PROFINET",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X x-link",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X KNX+DALI",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X KNX+LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X KNX+M-Bus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+DALI",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+KNX",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+M-Bus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.\u003c/p\u003e"
            }
          ],
          "value": "A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-03T08:53:29.811Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
        }
      ],
      "source": {
        "advisory": "VDE-2026-039",
        "defect": [
          "CERT@VDE#642009"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Stack buffer overflow in method gdv-serverconfig",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-35085",
    "datePublished": "2026-06-03T10:42:22.835Z",
    "dateReserved": "2026-04-01T08:28:27.142Z",
    "dateUpdated": "2026-07-03T08:53:29.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35084 (GCVE-0-2026-35084)

Vulnerability from cvelistv5 – Published: 2026-06-03 10:42 – Updated: 2026-07-03 08:53
VLAI
Title
Stack buffer overflow in method dali-devconfig
Summary
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
Credits
Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35084",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T19:14:32.995589Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T19:14:54.458Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Single-A",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-A Profibus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-A x-link",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Single-X",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X CAN",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X DALI",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X KNX",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X M-Bus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X PROFINET",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X x-link",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X KNX+DALI",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X KNX+LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X KNX+M-Bus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+DALI",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+KNX",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+M-Bus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.\u003c/p\u003e"
            }
          ],
          "value": "A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-03T08:53:13.982Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
        }
      ],
      "source": {
        "advisory": "VDE-2026-039",
        "defect": [
          "CERT@VDE#642009"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Stack buffer overflow in method dali-devconfig",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-35084",
    "datePublished": "2026-06-03T10:42:03.287Z",
    "dateReserved": "2026-04-01T08:28:27.142Z",
    "dateUpdated": "2026-07-03T08:53:13.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35083 (GCVE-0-2026-35083)

Vulnerability from cvelistv5 – Published: 2026-06-03 10:41 – Updated: 2026-07-03 08:52
VLAI
Title
Stack buffer overflow in method bac-deviceobject
Summary
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
Create a notification for this product.
Credits
Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35083",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T13:13:32.326556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T14:07:23.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Single-A",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-A Profibus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-A x-link",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Single-X",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X CAN",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X DALI",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X KNX",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X M-Bus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X PROFINET",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Double-X x-link",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X KNX+DALI",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X KNX+LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X KNX+M-Bus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+DALI",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+KNX",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+LON",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Triple-X PROFINET+M-Bus",
          "vendor": "MBS",
          "versions": [
            {
              "lessThan": "V6_00_07",
              "status": "affected",
              "version": "V1_00_00",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "V6_00_07",
                  "versionStartIncluding": "V1_00_00",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.\u003c/p\u003e"
            }
          ],
          "value": "A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-03T08:52:40.177Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
        }
      ],
      "source": {
        "advisory": "VDE-2026-039",
        "defect": [
          "CERT@VDE#642009"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Stack buffer overflow in method bac-deviceobject",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-35083",
    "datePublished": "2026-06-03T10:41:44.226Z",
    "dateReserved": "2026-04-01T08:28:27.142Z",
    "dateUpdated": "2026-07-03T08:52:40.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34708 (GCVE-0-2026-34708)

Vulnerability from cvelistv5 – Published: 2026-06-09 17:49 – Updated: 2026-06-10 03:59
VLAI
Title
InCopy | Stack-based Buffer Overflow (CWE-121)
Summary
InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
Impacted products
Vendor Product Version
Adobe InCopy Affected: 0 , ≤ 20.5.3 (semver)
Create a notification for this product.
Date Public
2026-06-09 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34708",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T03:59:04.694Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InCopy",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "20.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-06-09T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow (CWE-121)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T17:49:15.646Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/incopy/apsb26-59.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "InCopy | Stack-based Buffer Overflow (CWE-121)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-34708",
    "datePublished": "2026-06-09T17:49:15.646Z",
    "dateReserved": "2026-03-30T17:30:36.498Z",
    "dateUpdated": "2026-06-10T03:59:04.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34702 (GCVE-0-2026-34702)

Vulnerability from cvelistv5 – Published: 2026-06-09 17:43 – Updated: 2026-06-10 03:59
VLAI
Title
InDesign Desktop | Stack-based Buffer Overflow (CWE-121)
Summary
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
Impacted products
Vendor Product Version
Adobe InDesign Desktop Affected: 0 , ≤ 20.5.3 (semver)
Create a notification for this product.
Date Public
2026-06-09 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34702",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T03:59:38.542Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InDesign Desktop",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "20.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-06-09T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow (CWE-121)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T17:43:47.708Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/indesign/apsb26-58.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "InDesign Desktop | Stack-based Buffer Overflow (CWE-121)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-34702",
    "datePublished": "2026-06-09T17:43:47.708Z",
    "dateReserved": "2026-03-30T17:30:36.498Z",
    "dateUpdated": "2026-06-10T03:59:38.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34697 (GCVE-0-2026-34697)

Vulnerability from cvelistv5 – Published: 2026-06-09 17:43 – Updated: 2026-06-10 03:59
VLAI
Title
InDesign Desktop | Stack-based Buffer Overflow (CWE-121)
Summary
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
Impacted products
Vendor Product Version
Adobe InDesign Desktop Affected: 0 , ≤ 20.5.3 (semver)
Create a notification for this product.
Date Public
2026-06-09 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T03:59:40.762Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InDesign Desktop",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "20.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-06-09T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow (CWE-121)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T17:43:49.338Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/indesign/apsb26-58.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "InDesign Desktop | Stack-based Buffer Overflow (CWE-121)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-34697",
    "datePublished": "2026-06-09T17:43:49.338Z",
    "dateReserved": "2026-03-30T17:30:36.497Z",
    "dateUpdated": "2026-06-10T03:59:40.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.