CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5204 vulnerabilities reference this CWE, most recent first.
GHSA-XGRC-MQ5C-7XJC
Vulnerability from github – Published: 2025-03-19 18:30 – Updated: 2025-03-19 18:30Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects:
-
LoadMaster: 7.2.40.0 and above
-
ECS: All versions
-
Multi-Tenancy: 7.1.35.4 and above
{
"affected": [],
"aliases": [
"CVE-2025-1758"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-19T16:15:30Z",
"severity": "MODERATE"
},
"details": "Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects:\n\n* LoadMaster: 7.2.40.0 and above\n\n* ECS: All versions\n\n* Multi-Tenancy: 7.1.35.4 and above",
"id": "GHSA-xgrc-mq5c-7xjc",
"modified": "2025-03-19T18:30:51Z",
"published": "2025-03-19T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1758"
},
{
"type": "WEB",
"url": "https://docs.progress.com/bundle/release-notes_loadmaster-7-2-61-1/page/Security-Updates.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XH57-2H8M-3798
Vulnerability from github – Published: 2024-08-15 18:31 – Updated: 2024-08-15 21:31Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
{
"affected": [],
"aliases": [
"CVE-2024-42973"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-15T17:15:20Z",
"severity": "MODERATE"
},
"details": "Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.",
"id": "GHSA-xh57-2h8m-3798",
"modified": "2024-08-15T21:31:19Z",
"published": "2024-08-15T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42973"
},
{
"type": "WEB",
"url": "https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSetIpBind.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XH92-VQM9-V66R
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2025-29840"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T17:15:54Z",
"severity": "HIGH"
},
"details": "Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-xh92-vqm9-v66r",
"modified": "2025-05-13T18:30:54Z",
"published": "2025-05-13T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29840"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29840"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XHG5-M3MP-PF34
Vulnerability from github – Published: 2024-04-23 21:30 – Updated: 2024-04-23 21:30A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-4066"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-23T21:15:49Z",
"severity": "HIGH"
},
"details": "A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-xhg5-m3mp-pf34",
"modified": "2024-04-23T21:30:34Z",
"published": "2024-04-23T21:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4066"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/fromAdvSetMacMtuWan.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.261792"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.261792"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.316495"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XHJ4-39F6-QQCQ
Vulnerability from github – Published: 2025-11-13 21:31 – Updated: 2025-11-14 18:31A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another 512-byte buffer containing a 29-byte constant. Input exceeding 481 bytes triggers a stack buffer overflow, allowing an attacker who can control /proc/version content to potentially execute arbitrary code on the device.
{
"affected": [],
"aliases": [
"CVE-2025-60679"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-13T20:15:51Z",
"severity": "HIGH"
},
"details": "A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another 512-byte buffer containing a 29-byte constant. Input exceeding 481 bytes triggers a stack buffer overflow, allowing an attacker who can control /proc/version content to potentially execute arbitrary code on the device.",
"id": "GHSA-xhj4-39f6-qqcq",
"modified": "2025-11-14T18:31:35Z",
"published": "2025-11-13T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60679"
},
{
"type": "WEB",
"url": "https://github.com/yifan20020708/SGTaint-0-day/blob/main/DLink/DLink-DIR-816/CVE-2025-60679.md"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"type": "WEB",
"url": "http://d-link.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XHRC-9R99-5P7F
Vulnerability from github – Published: 2025-12-11 18:30 – Updated: 2025-12-11 18:30Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3
{
"affected": [],
"aliases": [
"CVE-2025-66043"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-11T17:15:58Z",
"severity": "CRITICAL"
},
"details": "Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3",
"id": "GHSA-xhrc-9r99-5p7f",
"modified": "2025-12-11T18:30:45Z",
"published": "2025-12-11T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66043"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJ57-M8W7-83WF
Vulnerability from github – Published: 2024-04-19 18:31 – Updated: 2025-11-04 18:30Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.
{
"affected": [],
"aliases": [
"CVE-2023-51792"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-19T17:15:52Z",
"severity": "LOW"
},
"details": "Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.",
"id": "GHSA-xj57-m8w7-83wf",
"modified": "2025-11-04T18:30:49Z",
"published": "2024-04-19T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51792"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libde265/issues/427"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libde265"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XJ6F-GH33-GMGG
Vulnerability from github – Published: 2025-05-20 21:30 – Updated: 2025-05-21 15:30FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function.
{
"affected": [],
"aliases": [
"CVE-2025-44887"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T20:15:42Z",
"severity": "CRITICAL"
},
"details": "FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function.",
"id": "GHSA-xj6f-gh33-gmgg",
"modified": "2025-05-21T15:30:32Z",
"published": "2025-05-20T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44887"
},
{
"type": "WEB",
"url": "https://lafdrew.github.io/2025/04/20/web-radiusSrv-post-radIp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJ8C-VCC9-5MFQ
Vulnerability from github – Published: 2024-01-12 21:30 – Updated: 2024-01-12 21:30NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
{
"affected": [],
"aliases": [
"CVE-2023-31024"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T19:15:09Z",
"severity": "CRITICAL"
},
"details": "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.",
"id": "GHSA-xj8c-vcc9-5mfq",
"modified": "2024-01-12T21:30:19Z",
"published": "2024-01-12T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31024"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJPW-QMP3-4X22
Vulnerability from github – Published: 2025-02-14 00:30 – Updated: 2025-03-17 21:30A Stack buffer overflow in the arguments parameter in Immunity Inc. Immunity Debugger v1.85 allows attackers to execute arbitrary code via a crafted input that exceeds the buffer size.
{
"affected": [],
"aliases": [
"CVE-2024-53311"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-13T23:15:10Z",
"severity": "MODERATE"
},
"details": "A Stack buffer overflow in the arguments parameter in Immunity Inc. Immunity Debugger v1.85 allows attackers to execute arbitrary code via a crafted input that exceeds the buffer size.",
"id": "GHSA-xjpw-qmp3-4x22",
"modified": "2025-03-17T21:30:30Z",
"published": "2025-02-14T00:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53311"
},
{
"type": "WEB",
"url": "https://github.com/ufist/vulnerability-research/blob/main/CVE-2024-53311/CVE-2024-53311.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.