CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5206 vulnerabilities reference this CWE, most recent first.
GHSA-XCR7-93GF-W336
Vulnerability from github – Published: 2026-01-15 18:31 – Updated: 2026-01-15 18:31A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
{
"affected": [],
"aliases": [
"CVE-2025-70309"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-15T17:16:06Z",
"severity": "MODERATE"
},
"details": "A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.",
"id": "GHSA-xcr7-93gf-w336",
"modified": "2026-01-15T18:31:33Z",
"published": "2026-01-15T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70309"
},
{
"type": "WEB",
"url": "https://github.com/zakkanijia/POC/blob/main/gpac_rawpcm/GPAC_RFPCM.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF5R-2W26-PX54
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-16 18:31Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
{
"affected": [],
"aliases": [
"CVE-2025-71026"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T16:16:05Z",
"severity": "HIGH"
},
"details": "Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.",
"id": "GHSA-xf5r-2w26-px54",
"modified": "2026-01-16T18:31:23Z",
"published": "2026-01-13T18:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71026"
},
{
"type": "WEB",
"url": "https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-3/9/1.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF6J-84WR-6VQ4
Vulnerability from github – Published: 2023-10-16 06:32 – Updated: 2024-04-04 08:39TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
{
"affected": [],
"aliases": [
"CVE-2023-36947"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-16T05:15:49Z",
"severity": "CRITICAL"
},
"details": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.",
"id": "GHSA-xf6j-84wr-6vq4",
"modified": "2024-04-04T08:39:05Z",
"published": "2023-10-16T06:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36947"
},
{
"type": "WEB",
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF72-GH36-PGMJ
Vulnerability from github – Published: 2024-07-24 21:31 – Updated: 2024-07-26 15:31Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.
{
"affected": [],
"aliases": [
"CVE-2024-41459"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-24T21:15:12Z",
"severity": "CRITICAL"
},
"details": "Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.",
"id": "GHSA-xf72-gh36-pgmj",
"modified": "2024-07-26T15:31:50Z",
"published": "2024-07-24T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41459"
},
{
"type": "WEB",
"url": "https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/QuickIndex/QuickIndex.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF9V-776M-HM72
Vulnerability from github – Published: 2025-02-14 18:30 – Updated: 2026-01-15 15:31Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
{
"affected": [],
"aliases": [
"CVE-2025-26507"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-14T17:15:22Z",
"severity": "MODERATE"
},
"details": "Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.",
"id": "GHSA-xf9v-776m-hm72",
"modified": "2026-01-15T15:31:14Z",
"published": "2025-02-14T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26507"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XFCH-762X-Q3V9
Vulnerability from github – Published: 2022-02-08 00:00 – Updated: 2026-01-13 18:31Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.
{
"affected": [],
"aliases": [
"CVE-2021-36193"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-02T12:15:00Z",
"severity": "HIGH"
},
"details": "Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.",
"id": "GHSA-xfch-762x-q3v9",
"modified": "2026-01-13T18:31:01Z",
"published": "2022-02-08T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36193"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-21-132"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XFF8-MRV9-VJ9C
Vulnerability from github – Published: 2024-12-05 15:31 – Updated: 2024-12-05 18:31A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
{
"affected": [],
"aliases": [
"CVE-2024-45318"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-05T14:15:21Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.",
"id": "GHSA-xff8-mrv9-vj9c",
"modified": "2024-12-05T18:31:02Z",
"published": "2024-12-05T15:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45318"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XFJ4-W5M6-X8F6
Vulnerability from github – Published: 2025-05-20 21:30 – Updated: 2025-05-21 15:30FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function.
{
"affected": [],
"aliases": [
"CVE-2025-44886"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T20:15:42Z",
"severity": "CRITICAL"
},
"details": "FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function.",
"id": "GHSA-xfj4-w5m6-x8f6",
"modified": "2025-05-21T15:30:32Z",
"published": "2025-05-20T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44886"
},
{
"type": "WEB",
"url": "https://lafdrew.github.io/2025/04/20/web-acl-mgmt-Rules-Edit-post-ruleEditName"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XG38-J8WW-G8HG
Vulnerability from github – Published: 2024-08-15 18:31 – Updated: 2024-08-15 21:31Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
{
"affected": [],
"aliases": [
"CVE-2024-42979"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-15T17:15:21Z",
"severity": "MODERATE"
},
"details": "Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.",
"id": "GHSA-xg38-j8ww-g8hg",
"modified": "2024-08-15T21:31:19Z",
"published": "2024-08-15T18:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42979"
},
{
"type": "WEB",
"url": "https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/frmL7ProtForm.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XG64-R9FM-3HRF
Vulnerability from github – Published: 2026-04-30 21:30 – Updated: 2026-05-05 03:31CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-40949"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T21:16:32Z",
"severity": "MODERATE"
},
"details": "CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access \nWindows client prior to 14.50. Attackers with local control of the \nWindows client can use it to trigger a denial of service.",
"id": "GHSA-xg64-r9fm-3hrf",
"modified": "2026-05-05T03:31:40Z",
"published": "2026-04-30T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40949"
},
{
"type": "WEB",
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40949"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.