Stack Overflow
Monthly
Stack overflow in PgBouncer before 1.25.2 enables malicious PostgreSQL backend servers to trigger remote code execution via SCRAM authentication nonce manipulation. The flaw stems from incorrect strlcat() return value checking during SCRAM client-final-message construction. Remote unauthenticated exploitation is possible (CVSS 8.1, AV:N/PR:N) but requires high attack complexity - specifically, the attacker must control or compromise the backend PostgreSQL server PgBouncer connects to. No public exploit identified at time of analysis; EPSS and KEV data not available in this assessment.
Buffer overflow in CROSS crypto_sign_open() function allows remote attackers to corrupt memory via malformed signature input due to integer underflow in message length validation. The vulnerability affects the reference implementation prior to commit fc6b7e7, enabling potential code execution or denial of service when processing untrusted signatures. The flaw exists in the core cryptographic signing operation with no authentication required, making it exploitable in any system integrating this algorithm for signature verification.
Stack-based buffer overflow in Tenda CX12L router firmware 16.03.53.12 allows authenticated remote attackers to achieve full system compromise via the PPTP server configuration interface. The vulnerability resides in the formSetPPTPServer function within /goform/SetPptpServerCfg and is exploitable over the network with low attack complexity. A public proof-of-concept exploit exists on GitHub, significantly lowering the barrier to exploitation, though CISA has not yet added this to the KEV catalog indicating no confirmed widespread active exploitation at this time.
Stack buffer overflow in kosma minmea 0.3.0 allows remote unauthenticated attackers to cause denial of service through crafted NMEA field data. The minmea_scan function's format specifier copies data to caller-provided buffers without size validation, enabling memory corruption when processing untrusted NMEA GPS sentences. CVSS 7.5 (High) with network attack vector and low complexity, though impact is currently limited to availability (DoS). Public exploit demonstration exists via GitHub Gist reference. EPSS data not available, not listed in CISA KEV at time of analysis.
Stack-based buffer overflow in nanoMODBUS v1.22.0 and earlier allows malicious Modbus TCP servers to execute arbitrary code on clients via oversized responses. When client applications call nmbs_read_holding_registers() or nmbs_read_input_registers(), the library fails to validate byte_count before writing server data to the caller's buffer, enabling up to 248 bytes of controlled overflow. No active exploitation confirmed (not in CISA KEV), but proof-of-concept code is publicly available and the vulnerability is automatable (SSVC) with network attack vector (CVSS AV:N/AC:L/PR:N). EPSS data not provided, but the combination of public POC, low complexity, and RCE potential warrants immediate attention for systems using nanoMODBUS as a client.
Stack-based buffer overflow in WatchGuard Agent discovery service on Windows enables adjacent attackers without authentication to crash the agent via crafted network packets. CVSS 7.1 (High) reflects adjacent network attack vector with high integrity impact. The vulnerability targets the discovery service component used for agent enrollment and network communication. No CISA KEV listing or public exploit code identified at time of analysis, though the local network attack vector limits exposure to adjacent attackers.
Stack-based buffer overflow in WatchGuard Agent's discovery service allows adjacent network attackers to crash the agent service without authentication. Affects Windows installations prior to version 1.25.03.0000. Vendor patch released addressing the vulnerability. SSVC framework indicates no active exploitation observed and manual exploitation required. While CVSS 7.1 (High) reflects network-adjacent access with high availability impact, actual risk is limited to denial-of-service - no code execution or data compromise possible per the CVSS vector (VC:N/VI:N/VA:H).
Stack-based buffer overflow in Sandboxie-Plus SbieSvc service enables sandboxed processes to escape isolation and execute code as SYSTEM. Affected versions 1.17.2 and earlier allow malicious sandboxed code to overflow a fixed 160-wide-character stack buffer in NamedPipeServer::OpenHandler via crafted named pipe open requests, bypassing the fundamental security boundary Sandboxie provides. Fixed in version 1.17.3. EPSS data unavailable, no CISA KEV listing or public exploit identified at time of analysis, but the security boundary violation represents a complete defeat of Sandboxie's core function.
Stack-based buffer overflow in Sandboxie-Plus ProcessServer handlers allows local authenticated attackers to execute arbitrary code as SYSTEM or crash the SbieSvc service. The vulnerability affects versions 1.17.2 and earlier, stems from unsafe wcscpy operations on unchecked WCHAR fields from service pipe requests, and has been patched in version 1.17.3. The service pipe's NULL DACL permits any local process to connect and trigger the flaw before authorization checks execute, enabling privilege escalation from low-privileged local accounts. No public exploit code identified at time of analysis, though the technical details in the GitHub advisory provide sufficient information for skilled attackers to develop exploits.
Local privilege escalation to SYSTEM in Sandboxie-Plus 1.17.2 and earlier allows low-privileged interactive users to trigger stack buffer overflow in SbieSvc service via unauthenticated IPC, bypassing sandbox isolation controls. The vulnerability exists in the RunSbieCtrl handler which processes crafted messages before security checks and copies unbounded input into a 128-character stack buffer. Fixed in version 1.17.3. EPSS data unavailable; not listed in CISA KEV at time of analysis, but publicly disclosed via GitHub Security Advisory with technical details sufficient for exploit development.
Stack buffer overflow in Sandboxie-Plus SbieSvc proxy service enables SYSTEM privilege escalation from sandboxed processes, including Security Hardened Sandboxes. Attackers chain an information disclosure (returning up to 32KB uninitialized stack memory with ASLR/stack cookie bypass) with an unbounded memcpy overflow in the GetRawInputDeviceInfoSlave IPC handler. Intel CET shadow stacks block ROP exploitation but not the information leak itself. Vendor-released patch available in version 1.17.3. No public exploit identified at time of analysis, but attack complexity is rated high (AC:H) with low privilege requirements (PR:L), making this viable for motivated attackers targeting sandbox environments.
Stack-based buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated remote attackers with high privileges to execute arbitrary code via malformed ID parameter to yyxz.asp administrative interface. Public exploit code exists on GitHub, demonstrating reliable exploitation. CVSS 7.3 (High) reflects network attack vector but requires admin-level authentication, limiting real-world exposure to compromised credentials or insider scenarios.
Stack-based buffer overflow in EFM ipTIME NAS1dual 1.5.24 allows remote unauthenticated attackers to achieve complete system compromise via the get_csrf_whites function in /cgi/advanced/misc_main.cgi. Public exploit code exists on GitHub, demonstrating practical exploitability despite lack of vendor response to responsible disclosure. CVSS 8.9 (Critical) with EPSS data unavailable; attack requires no authentication, low complexity, and no user interaction (AV:N/AC:L/PR:N/UI:N), making this a high-priority remote attack surface.
Stack-based buffer overflow in WDR201A WiFi Extender firewall.cgi and makeRequest.cgi binaries enables remote unauthenticated attackers to execute arbitrary code through crafted POST requests with oversized Content-Length headers. The vulnerability affects hardware version 2.1 running firmware LFMZX28040922V1.02, with publicly available proof-of-concept exploit code documented via AI-assisted vulnerability research. CVSS 8.3 with high attack complexity indicates exploitation requires advanced technical skills, though the network vector and lack of authentication requirements make this a significant risk for exposed IoT devices.
Stack overflow in Flipper Zero Firmware (commit ad2a80) enables local arbitrary code execution with high privileges through exploitation of the Main function. SSVC framework confirms POC availability and total technical impact. CVSS 8.4 reflects local attack vector with no authentication barrier. No vendor-released patch identified at time of analysis, though GitHub issue tracking indicates developer awareness.
Stack-based buffer overflow in JS8Call allows remote code execution via crafted radio transmission containing an oversized Maidenhead grid locator. CVSS 10.0 reflects network-reachable attack with no authentication required. Both JS8Call (through 2.3.1) and JS8Call-improved (before 3.0) are affected by the overflow in grid2deg function within APRSISClient.cpp. Vendor patch available for JS8Call-improved 3.0+; JS8Call project status unclear. No confirmed active exploitation or public POC identified at time of analysis, though attack vector is straightforward for actors with radio transmission capabilities.
Stack buffer overflow in miaofng/uds-c library allows adjacent network attackers to execute arbitrary code via crafted diagnostic payload. The send_diagnostic_request function allocates only 6 bytes for MAX_DIAGNOSTIC_PAYLOAD_SIZE but accepts up to 7 bytes of payload (MAX_UDS_REQUEST_PAYLOAD_LENGTH), enabling 4-byte overflow when combined with pid_length=2. Affects commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a from October 2016 and likely later versions unless patched. No CISA KEV listing or EPSS data indicates exploitation remains theoretical; vulnerability appears in automotive diagnostic library with limited deployment exposure.
Stack buffer overflow in AGL agl-service-can-low-level's uds-c library enables remote code execution on vulnerable automotive ECUs. The send_diagnostic_request function copies up to 7 bytes into a 6-byte stack buffer without bounds checking, allowing 1-4 bytes of controlled stack corruption. On 32-bit ARM ECUs without stack canaries (common in automotive deployments), attackers can overwrite return addresses to achieve arbitrary code execution. CVSS 7.5 with network attack vector and no authentication required indicates critical exposure, though CVSS impact vector (C:N/I:N/A:H) appears inconsistent with RCE capability described - vendor assessment may undervalue confidentiality/integrity impact of code execution.
Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows unauthenticated network attackers to execute arbitrary code or crash the system by sending malformed CANswitch frames with invalid DLC (Data Length Code) values. The buffer overflow occurs in the canformat_canswitch.cpp parser module which fails to validate frame length parameters before processing, enabling memory corruption. A proof-of-concept exploit is publicly available on GitHub, and SSVC assessment indicates the vulnerability is automatable with partial technical impact, though no active exploitation has been confirmed by CISA KEV at time of analysis.
Buffer overflow in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 enables remote code execution when processing malicious PCAP files. The canformat_pcap.cpp parser fails to validate the phdr.len field, allowing attackers to overflow stack buffers and execute arbitrary code with high confidentiality, integrity, and availability impact. Public proof-of-concept code exists (GitHub Gist), though no active exploitation is confirmed by CISA KEV. SSVC assessment indicates automatable exploitation despite requiring user interaction to open crafted PCAP files.
Stack buffer overflow in AGL agl-service-can-low-level through version 17.1.12 enables remote code execution on automotive ECUs. The vulnerability exists in the uds-c library's send_diagnostic_request function, where a miscalculation between buffer size (6 bytes) and copy length (7 bytes) allows 1-4 bytes of controlled stack overflow. On 32-bit ARM automotive systems without stack protection, attackers can overwrite return addresses to achieve arbitrary code execution. CVSS 7.5 High severity with network attack vector and no authentication required, though CVSS impact ratings (C:N/I:N/A:H) appear inconsistent with the RCE capability described. No public exploit identified at time of analysis, EPSS data unavailable.
Remote code execution in cannelloni v2.0.0 allows unauthenticated network attackers to crash the service or execute arbitrary code by sending malformed CAN FD frames that trigger buffer overflows in two separate parsing functions (parseCANFrame in parser.cpp and decodeFrame in decoder.cpp). The CVSS score of 9.8 reflects network-accessible exploitation requiring no authentication or user interaction, with complete system compromise possible. Public proof-of-concept code exists (GitHub Gist reference), elevating immediate exploitation risk despite no CISA KEV listing, suggesting targeted rather than mass exploitation scenarios.
Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows network-based attackers to execute arbitrary code or crash the system without authentication. A buffer overflow in the GVRET CAN data parser (canformat_gvret.cpp) fails to validate length fields in binary frames, enabling memory corruption. CVSS 10.0 reflects unauthenticated network vector with scope change, but no public exploit or active exploitation confirmed at time of analysis. EPSS data unavailable; real-world risk depends on OVMS3 deployment exposure (typically vehicle telematics environments).
Remote unauthenticated attackers can crash socketcand 0.4.2 daemon by sending a malformed CAN bus name that triggers a stack-based buffer overflow in the main function's socketcand.c implementation. The CVSS vector indicates network-accessible denial of service with no authentication required. A publicly available proof-of-concept exists (GitHub Gist reference), but CISA KEV status is not confirmed, and EPSS data is unavailable. The low attack complexity (AC:L) and network attack vector (AV:N) make this readily exploitable against exposed instances, though the impact is currently limited to availability (A:H) with no confirmed confidentiality or integrity impacts.
Buffer overflow in Absolute Secure Access server (versions before 14.50) allows authenticated remote attackers with modified client software to crash the server through specially crafted messages. This denial-of-service vulnerability requires low-privilege authentication and presents moderate real-world risk given the client modification prerequisite. EPSS data not available; no confirmed active exploitation or public proof-of-concept identified at time of analysis.
Buffer overflow in Absolute Secure Access Windows client versions prior to 14.50 allows local attackers with high privileges to trigger denial of service by exploiting improper memory handling. The vulnerability requires local access and elevated administrative privileges, limiting exploitation to authenticated users already possessing administrative control of the affected system. Vendor-released patch: version 14.50 or later.
Buffer overflow in Absolute Secure Access Windows client prior to version 14.50 allows local attackers to cause denial of service by triggering a system blue screen. The vulnerability requires local access to the affected system and can be exploited without user interaction or authentication. A vendor patch is available.
Buffer overflow in Absolute Secure Access prior to version 14.50 allows remote attackers to cause denial of service by sending a cryptographically valid message to the client, potentially overwriting memory. The vulnerability requires network access and user interaction (UI:P), making it a moderate-complexity attack with low availability impact. Vendor has released a patch available as of the CVE disclosure.
Buffer overflow in Secure Access message parsing prior to version 14.50 allows remote attackers with control of a modified server to send specially crafted packets that corrupt memory, potentially causing denial of service or limited information disclosure. Attack requires network access, high complexity, and user interaction; CVSS 2.3 reflects limited real-world impact despite the vulnerability class.
Stack corruption in FreeBSD libnv library allows local authenticated attackers to elevate privileges to root when exploiting setuid-root applications. The vulnerability stems from libnv's select(2) implementation failing to validate socket descriptors against FD_SETSIZE limits (1024), enabling descriptor exhaustion attacks that corrupt stack memory. Confirmed by FreeBSD Security Advisory SA-26:16 with patches available across all stable branches. EPSS score of 0.02% indicates low observed exploitation probability, and no active exploitation or public POC identified at time of analysis.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via stack buffer overflow in the AMR-NB codec decoder allows local attackers with user interaction to crash the application. The vulnerability requires opening a specially crafted network capture file, making it exploitable in scenarios where users are tricked into opening untrusted PCAP files or when Wireshark auto-opens recent captures.
Stack buffer overflow in Wireshark's BEEP protocol dissector causes denial of service when processing malformed network packets. Versions 4.6.0-4.6.4 and 4.4.0-4.4.14 are vulnerable; a local user with the ability to interact with Wireshark or supply crafted BEEP traffic can trigger a crash via a specially crafted packet that requires user interaction to open or process. No public exploit code or active exploitation has been identified at time of analysis.
Stack buffer overflow in Wireshark's ZigBee protocol dissector (versions 4.6.0-4.6.4 and 4.4.0-4.4.14) causes application crash and denial of service when processing malformed ZigBee packets. An attacker must trick a user into opening a crafted packet capture file or visiting a malicious webpage serving the packet, since the vulnerability requires local file access and user interaction. No active exploitation has been publicly reported.
Stack buffer overflow in Wireshark HTTP protocol dissector (versions 4.6.0-4.6.4 and 4.4.0-4.4.14) causes application crash when processing malformed HTTP packets, resulting in denial of service. Local attackers with ability to trigger packet analysis via user interaction can crash the application and disrupt network traffic inspection workflows.
Stack-based buffer overflow in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 allows authenticated remote attackers to execute arbitrary code with elevated privileges via crafted SafeMacFilter requests. The vulnerability resides in function sub_427C3C at endpoint /goform/SafeMacFilter, where insufficient input validation of the 'page' parameter enables memory corruption. Public exploit code exists on GitHub (Axelioc/CVE), significantly lowering the barrier to exploitation for attackers with valid router credentials. CVSS 7.4 reflects high confidentiality, integrity, and availability impact requiring only low-privilege authentication.
Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintf(dst_buf + 2*i, "%.2x", src_buf[i]) on platforms where char is treated as signed and the compiled code sign-extends bytes before the variadic call. For input bytes such as 0xFF, the formatting can emit "ffffffff" (8 chars) instead of "ff" (2 chars), causing an out-of-bounds write past a fixed 2049-byte stack buffer. The vulnerable path is reachable remotely prior to any agent authentication/registration logic via TCP/1514 when an oversized length prefix causes the “unexpected message (hex)” diagnostic path to run. Additionally, the same unauthenticated oversized-message diagnostic path logs an attacker-controlled hex dump to /var/ossec/logs/ossec.log for each trigger, allowing remote log amplification that can degrade monitoring fidelity and consume disk/I/O. This log amplification is reachable even without triggering the sign-extension overflow (e.g., using bytes < 0x80). This issue has been patched in version 4.14.4.
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function.
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14 allows authenticated remote attackers to execute arbitrary code via crafted HTTP requests to the /goform/WrlclientSet endpoint. The vulnerability resides in the fromWrlclientSet function of the httpd component, triggered by malicious 'Go' parameter input. Publicly available proof-of-concept exploit code increases immediate exploitation risk for exposed devices. EPSS data not provided, but public POC and low attack complexity (AC:L) indicate elevated real-world risk despite authentication requirement (PR:L).
Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14(408) allows authenticated remote attackers to execute arbitrary code via crafted 'Go' parameter to the /goform/WrlExtraSet endpoint in the httpd service. A public proof-of-concept exploit exists (GitHub), enabling reliable exploitation despite low attack complexity. CVSS 7.4 (High) severity reflects significant impact potential, though exploitation requires valid user credentials (PR:L), limiting mass-scale attacks to scenarios where default/weak credentials are common in Tenda routers.
Memory corruption in arduino-esp32's NBNS packet handler allows adjacent network attackers to achieve remote code execution on ESP32-family microcontrollers without authentication. Affects all versions prior to 3.3.8 when NetBIOS is explicitly enabled via NBNS.begin(). The parser trusts attacker-controlled name_len field from UDP port 137 traffic, writing unbounded data to fixed-size buffers. EPSS data not available, no CISA KEV listing, but GitHub security advisory confirms the vulnerability with patch released in version 3.3.8.
Unchecked directory name buffer in Delta Electronics AS320T enables remote code execution without authentication. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms this is a remotely exploitable stack buffer overflow (CWE-121) requiring no user interaction or credentials. Delta Electronics disclosed this vulnerability in security advisory PCSA-2026-00006, affecting an industrial automation product. No EPSS score or KEV status available at time of analysis, but the trivial exploitation requirements (network accessible, no authentication, low complexity) present immediate risk to exposed AS320T devices.
Remote code execution in Delta Electronics AS320T allows unauthenticated network attackers to exploit an unchecked buffer overflow in filename processing to execute arbitrary code with high impact to confidentiality, integrity, and availability. The CVSS 9.8 critical score reflects network-accessible attack surface with no authentication or user interaction required. No EPSS or KEV data available at time of analysis, but vendor advisory confirms multiple related vulnerabilities affecting the same product line.
Stack-based buffer overflow in rust-openssl's MdCtxRef::digest_final() allows safe Rust code to corrupt memory when EVP_DigestFinal() writes beyond the provided output buffer boundary. The vulnerability occurs when the output buffer is smaller than EVP_MD_CTX_size(ctx), causing EVP_DigestFinal() to write past the buffer end and corrupt stack memory. Vendor-released patch available in version 0.10.78 via GitHub commit 826c3888. No public exploit identified at time of analysis, but exploitable from memory-safe Rust code paths, violating Rust's safety guarantees.
Stack-based buffer overflow in Dell PowerProtect Data Domain DD OS allows remote unauthenticated attackers to execute arbitrary commands on vulnerable appliances. Affects Feature Release versions 7.7.1.0-8.6, LTS2025 (8.3.1.0-8.3.1.10), and LTS2024 (7.13.1.0-7.13.1.60). Despite network-accessible attack vector (AV:N/PR:N), high attack complexity (AC:H) indicates specialized exploit conditions. CISA SSVC framework rates exploitation as 'none' and automatable as 'no', suggesting manual, targeted exploitation rather than mass scanning. No active exploitation confirmed at time of analysis. Dell has released patches across all affected release tracks (DSA-2026-060).
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.
Storable versions before 3.05 for Perl has a stack overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Stack-based buffer overflow in Dell PowerProtect Data Domain versions 7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allows high-privileged local attackers to execute arbitrary commands as root. The vulnerability requires local access and elevated privileges, limiting exposure to insider threats or compromised administrative accounts rather than remote attackers. No public exploit has been identified at time of analysis.
Remote code execution in ASUSTOR ADM (4.1.0-4.3.3.RR42 and 5.0.0-5.1.2.REO1) allows authenticated high-privilege attackers to execute arbitrary code via stack-based buffer overflow in VPN client components. The vulnerability combines unbounded sscanf() calls with format string weaknesses (printf with user-controlled data), exploitable due to absent PIE and stack canary protections. EPSS exploitation probability is low (0.23%, 46th percentile) with no public exploit code identified at time of analysis, suggesting limited real-world targeting despite high CVSS score.
Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier) enables authenticated remote attackers to execute arbitrary code on the device via maliciously crafted redirect URLs. Reported by JPCERT with vendor advisories published, though EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV), and SSVC assessment marks exploitation status as 'none' despite the critical nature of remote code execution capability.
Stack-based buffer overflow in editorconfig-core-c library (versions ≤0.12.10) enables local attackers to crash applications or potentially execute arbitrary code via maliciously crafted .editorconfig files and directory structures. This incomplete fix for CVE-2023-0341 left the l_pattern[8194] stack buffer unprotected while only addressing the pcre_str buffer in version 0.12.6. Patched in version 0.12.11. No active exploitation confirmed (not in CISA KEV), but publicly exploitable with local access and minimal complexity (CVSS AV:L/AC:L/PR:N).
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.
Remote unauthenticated code execution in Openfind MailGates (5.0-6.0) and MailAudit (5.0-6.0) via stack-based buffer overflow allows complete system compromise. Attackers can send crafted network requests to exploit CWE-121 buffer overflow conditions without authentication, achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor patches available (MailGates 6.1.10.054, 5.2.10.099; MailAudit 6.1.10.054, 5.2.10.099). CVSS 9.3 with network attack vector (AV:N), low complexity (AC:L), and no privileges required (PR:N) creates critical exposure for internet-facing mail security appliances. EPSS data unavailable; no confirmed active exploitation or public POC identified at time of analysis.
Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
Denial of service via stack buffer overflow in .NET (versions 8.0, 9.0, 10.0) and Visual Studio 2022 (versions 17.12, 17.14) allows unauthenticated remote attackers to crash affected applications over the network. The vulnerability has a CVSS score of 7.5 (High) with low attack complexity and no privileges required. Vendor-released patches are available from Microsoft (MSRC). No public exploit identified at time of analysis, and the issue is not confirmed actively exploited.
Stack-based buffer overflow in the Windows Kernel enables low-privileged local attackers to escalate to SYSTEM privileges on Windows 11 version 26H1 (build 10.0.28000.0 through 10.0.28000.1835). Despite CVSS 7.0 (High), the attack complexity is high (AC:H) and requires local access with low-level privileges (PR:L). Vendor-released patch available via Microsoft Security Response Center (build 10.0.28000.1836). No public exploit identified at time of analysis, though CWE-121 stack overflows are well-understood vulnerability classes with established exploitation techniques.
Memory corruption in Python's asyncio introspection and profiling.sampling modules (3.14-3.15) allows a local attacker with high privileges to read and write arbitrary memory in a connected privileged Python process via remote debugging. Exploitation requires persistent, repeated connections and high tolerance for crashes due to ASLR; no public exploit code has been identified. SSVC framework rates technical impact as total, but exploitation remains none-indicating low real-world priority despite severe capability impact.
Stack-based buffer overflow in Tenda F456 1.0.0.5 router's formwebtypelibrary function allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/webtypelibrary endpoint via manipulation of the 'menufacturer' or 'Go' parameters. Public exploit code exists on GitHub (EPSS 0.05%, 14th percentile), indicating low likelihood of mass exploitation but confirmed weaponization capability. No vendor patch identified at time of analysis.
Stack-based buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve complete device compromise via crafted input to the 'page' parameter in the fromqossetting QoS configuration handler. Publicly available exploit code exists (GitHub POC), CVSS 7.4 (High), EPSS 0.05% (low exploitation probability). Not actively exploited per CISA KEV. This is a classic IoT router vulnerability affecting the web management interface at /goform/qossetting, requiring valid authentication credentials but enabling full device takeover once authenticated.
Stack-based buffer overflow in Tenda F456 router firmware v1.0.0.5 allows authenticated remote attackers to achieve code execution with high integrity and availability impact via crafted 'page' parameter to the /goform/NatStaticSetting endpoint's fromNatStaticSetting function. Public exploit code exists (EPSS 0.05%, 14th percentile), indicating low observed exploitation probability despite proof-of-concept availability. No active exploitation confirmed via CISA KEV at time of analysis.
Stack-based buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to achieve complete system compromise via crafted input to the wireless security settings handler. Public exploit code is available, but EPSS exploitation probability remains very low (0.05%, 14th percentile), and no active exploitation has been reported. The vulnerability requires authenticated access to the router's administrative interface, limiting opportunistic exploitation.
Stack-based buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code via the /goform/exeCommand endpoint. The vulnerability has a publicly available proof-of-concept exploit and affects the fromexeCommand function through manipulation of the cmdinput parameter. EPSS probability is low (0.05%, 14th percentile), indicating minimal observed exploitation activity despite POC availability. Not listed in CISA KEV, confirming no widespread active exploitation detected.
Stack-based buffer overflow in Totolink A3002MU router firmware B20211125.1046 allows authenticated remote attackers to execute arbitrary code via crafted 'wan-url' parameter in /boafrm/formWlanSetup endpoint. Publicly available exploit code exists (PoC on GitHub). EPSS score of 0.08% (23rd percentile) indicates low observed exploitation probability despite public exploit, likely due to authentication requirement (PR:L) and narrow attack surface of legacy consumer router product.
Stack-based buffer overflow in TOTOLINK A7000R router (firmware ≤9.1.0u.6115) allows authenticated remote attackers to achieve complete system compromise via the setWiFiEasyGuestCfg CGI function. The vulnerability exists in /cgi-bin/cstecgi.cgi where unsanitized input to the ssid5g parameter triggers memory corruption, enabling arbitrary code execution with device privileges. Publicly available exploit code exists, significantly lowering the barrier to exploitation for authenticated attackers on the network.
Stack-based buffer overflow in Dynabook Bluetooth ACPI drivers (tosrfec.sys, drfec.sys) allows local administrators to execute arbitrary code by manipulating specific registry values. This CVSS 8.4 vulnerability requires high privileges (administrative access) but enables complete system compromise with low attack complexity. No public exploit identified at time of analysis, though the attack surface is limited to users who already possess elevated credentials.
Stack overflow in tinyobjloader's experimental MTL file parser (tinyobj_loader_opt.h) allows local attackers to trigger denial of service by supplying a malformed .mtl file. The vulnerability affects the library's material file parsing logic and crashes the application via stack memory corruption, though with EPSS score of 0.01% and no confirmed active exploitation, real-world risk is minimal despite the moderate CVSS 6.2 rating.
Stack-based buffer overflow in Tenda F451 wireless router (firmware 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the frmL7ImForm function handling the 'page' parameter at /goform/L7Im endpoint. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 8.8 (High) reflects network-accessible attack vector with low complexity, requiring only low-privilege authentication. No vendor-released patch identified at time of analysis.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSetIpBind function accessible via /goform/SetIpBind endpoint, where manipulation of the 'page' parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation despite requiring low-privilege authentication. CVSS 8.8 severity reflects network accessibility, low attack complexity, and complete system compromise potential.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows remote authenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromqossetting function's handling of the 'qos' parameter in /goform/qossetting endpoint. Publicly available exploit code (GitHub PoC) significantly lowers the barrier to exploitation. CVSS 7.4 (High) with low attack complexity and network attack vector indicates elevated risk for exposed devices, though low-privilege authentication is required.
Stack-based buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromSafeUrlFilter function handling the 'page' parameter in /goform/SafeUrlFilter endpoint. Publicly available exploit code exists (GitHub POC), significantly lowering exploitation barrier. With CVSS 8.8 (Critical) and low attack complexity, this represents a serious risk to deployed devices, though exploitation requires authenticated access (PR:L) to the router's web interface.
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise via the SafeMacFilter function. The vulnerability is exploitable over the network with low complexity, requiring only basic user credentials. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier for exploitation. CVSS 8.8 (High) severity with potential for code execution, data theft, and device takeover.
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 enables authenticated remote attackers to execute arbitrary code with high privileges via crafted 'entrys' parameter to the /goform/addressNat endpoint. The vulnerability resides in the fromAddressNat function of the httpd component. Public exploit code is available (GitHub), with EPSS indicating moderate exploitation probability. Requires low-privilege authentication (PR:L) but has low attack complexity (AC:L), making it accessible to attackers with basic router credentials.
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in the httpd component's frmL7ProtForm function when processing the 'page' parameter in /goform/L7Prot. Publicly available exploit code exists (GitHub POC published), enabling attackers with low-privilege credentials to achieve full system compromise. CVSS 8.8 (High) with low attack complexity and no user interaction required. No vendor-released patch identified at time of analysis.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to achieve full system compromise via crafted HTTP requests to the wireless client configuration endpoint. The vulnerability (CVSS 8.8) exists in the WrlclientSet function within the httpd service and requires only low-privilege authentication. Publicly available exploit code has been published on GitHub, significantly lowering the barrier to exploitation, though no active exploitation is confirmed in CISA KEV at time of analysis.
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise through the DHCP client list function. The vulnerability exists in the httpd service's /goform/DhcpListClient endpoint via the 'page' parameter. Publicly available exploit code exists (GitHub POC published), enabling low-complexity attacks that can result in full confidentiality, integrity, and availability compromise. CVSS 8.8 reflects high impact across all security objectives with minimal attack complexity, though low-privileged authentication is required.
Stack-based buffer overflow in ChargePoint Home Flex electric vehicle chargers enables network-adjacent attackers to execute arbitrary code as root via malformed OCPP messages. Unauthenticated exploitation allows complete device compromise through improper length validation in OCPP getpreq message handling. Attack complexity is high (CVSS AC:H), requiring local network access. No public exploit identified at time of analysis.
Stack-based buffer overflow in Notepad++ 8.9.3 file drop handler allows local authenticated users to cause application crash and potentially execute code by dragging and dropping a directory path of exactly 259 characters without a trailing backslash, triggering unbounded buffer write via automatic backslash and null terminator appending. CVSS 6.0 (High) reflects local attack vector and high complexity; no public exploit code or active KEV status identified, but upstream fix is confirmed available.
Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 enables authenticated remote attackers to execute arbitrary code or crash the device. The vulnerability resides in the decodePwd function within /goform/WizardHandle POST request handler, triggered by manipulating the WANS parameter. Attack requires low-privilege authentication but no user interaction. CVSS 8.8 (High) reflects potential for complete system compromise. Publicly available exploit code exists; no confirmed active exploitation (CISA KEV).
Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 allows authenticated remote attackers to execute arbitrary code via crafted PPPOEPassword parameter to formQuickIndex endpoint. Attack requires low-privilege credentials but no user interaction, enabling complete device compromise. Publicly available exploit code exists. CVSS 8.8 reflects network-accessible attack path with high impact to confidentiality, integrity, and availability.
Stack buffer overflow in wolfSSL's PKCS7 implementation allows local attackers to cause a denial of service or potentially execute code by crafting a CMS EnvelopedData message with an oversized OID in an OtherRecipientInfo recipient structure. The vulnerability affects wolfSSL when compiled with --enable-pkcs7 (disabled by default) and only when an application explicitly registers an ORI decrypt callback, significantly limiting real-world exposure. No public exploit code or active exploitation has been identified at time of analysis.
Stack-based buffer overflow in Tenda F451 wireless router firmware 1.0.0.7 allows authenticated remote attackers to execute arbitrary code via crafted page parameter to fromRouteStatic function in /goform/RouteStatic endpoint. Attack requires low-privilege authenticated access to web management interface with no user interaction. Publicly available exploit code exists. Exploitation yields complete compromise of router confidentiality, integrity, and availability.
Stack buffer overflow in osslsigncode <2.12 allows local attackers to execute arbitrary code during signature verification. The vulnerability affects PE, MSI, CAB, and script file verification handlers that copy digest values from SpcIndirectDataContent structures into fixed 64-byte stack buffers without length validation. Attackers craft malicious signed files with oversized digest fields triggering memcpy overflow when users verify files via osslsigncode verify command, corrupting stack state and enabling code execution with high confidentiality, integrity, and availability impact.
Stack-based buffer overflow in Tenda AC15 router firmware 15.03.05.18 websGetVar function allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/SysToolChangePwd endpoint where manipulation of oldPwd, newPwd, or cfmPwd parameters triggers memory corruption. Publicly available exploit code exists. Exploitation requires low-privilege authenticated access but no user interaction, making it readily exploitable once credentials are obtained.
Stack-based buffer overflow in D-Link DIR-645 router (versions 1.01, 1.02, 1.03) via hedwigcgi_main function in /cgi-bin/hedwig.cgi allows authenticated remote attackers to achieve complete system compromise. Exploitation requires low-privilege credentials but no user interaction. Publicly available exploit code exists. Product is end-of-life with no vendor support, making remediation limited to device replacement or network isolation.
Stack-based buffer overflow in TP-Link Archer AX53 v1.0 tmpServer module enables authenticated adjacent attackers to execute arbitrary code via malicious configuration file. Exploitation triggers segmentation fault, permits device state modification, sensitive data exposure, and integrity compromise. Affects firmware versions before 1.7.1 Build 20260213. Requires high privileges and adjacent network access. No public exploit identified at time of analysis.
Stack-based buffer overflow in Delta Electronics ASDA-Soft allows local attackers with no privileges to execute arbitrary code by tricking users into opening a malicious file. The vulnerability achieves complete system compromise (confidentiality, integrity, availability all rated High in CVSS) through user interaction with crafted input. No public exploit identified at time of analysis, though the low attack complexity and lack of required privileges increase realistic exploitation risk once details emerge.
Stack-based buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 allows unauthenticated remote attackers to trigger denial-of-service conditions by sending malformed name parameter values to the /url_member.asp endpoint. The vulnerability enables network-accessible attackers to crash the device without authentication or user interaction, disrupting availability of routing services. No public exploit identified at time of analysis.
Stack overflow in PgBouncer before 1.25.2 enables malicious PostgreSQL backend servers to trigger remote code execution via SCRAM authentication nonce manipulation. The flaw stems from incorrect strlcat() return value checking during SCRAM client-final-message construction. Remote unauthenticated exploitation is possible (CVSS 8.1, AV:N/PR:N) but requires high attack complexity - specifically, the attacker must control or compromise the backend PostgreSQL server PgBouncer connects to. No public exploit identified at time of analysis; EPSS and KEV data not available in this assessment.
Buffer overflow in CROSS crypto_sign_open() function allows remote attackers to corrupt memory via malformed signature input due to integer underflow in message length validation. The vulnerability affects the reference implementation prior to commit fc6b7e7, enabling potential code execution or denial of service when processing untrusted signatures. The flaw exists in the core cryptographic signing operation with no authentication required, making it exploitable in any system integrating this algorithm for signature verification.
Stack-based buffer overflow in Tenda CX12L router firmware 16.03.53.12 allows authenticated remote attackers to achieve full system compromise via the PPTP server configuration interface. The vulnerability resides in the formSetPPTPServer function within /goform/SetPptpServerCfg and is exploitable over the network with low attack complexity. A public proof-of-concept exploit exists on GitHub, significantly lowering the barrier to exploitation, though CISA has not yet added this to the KEV catalog indicating no confirmed widespread active exploitation at this time.
Stack buffer overflow in kosma minmea 0.3.0 allows remote unauthenticated attackers to cause denial of service through crafted NMEA field data. The minmea_scan function's format specifier copies data to caller-provided buffers without size validation, enabling memory corruption when processing untrusted NMEA GPS sentences. CVSS 7.5 (High) with network attack vector and low complexity, though impact is currently limited to availability (DoS). Public exploit demonstration exists via GitHub Gist reference. EPSS data not available, not listed in CISA KEV at time of analysis.
Stack-based buffer overflow in nanoMODBUS v1.22.0 and earlier allows malicious Modbus TCP servers to execute arbitrary code on clients via oversized responses. When client applications call nmbs_read_holding_registers() or nmbs_read_input_registers(), the library fails to validate byte_count before writing server data to the caller's buffer, enabling up to 248 bytes of controlled overflow. No active exploitation confirmed (not in CISA KEV), but proof-of-concept code is publicly available and the vulnerability is automatable (SSVC) with network attack vector (CVSS AV:N/AC:L/PR:N). EPSS data not provided, but the combination of public POC, low complexity, and RCE potential warrants immediate attention for systems using nanoMODBUS as a client.
Stack-based buffer overflow in WatchGuard Agent discovery service on Windows enables adjacent attackers without authentication to crash the agent via crafted network packets. CVSS 7.1 (High) reflects adjacent network attack vector with high integrity impact. The vulnerability targets the discovery service component used for agent enrollment and network communication. No CISA KEV listing or public exploit code identified at time of analysis, though the local network attack vector limits exposure to adjacent attackers.
Stack-based buffer overflow in WatchGuard Agent's discovery service allows adjacent network attackers to crash the agent service without authentication. Affects Windows installations prior to version 1.25.03.0000. Vendor patch released addressing the vulnerability. SSVC framework indicates no active exploitation observed and manual exploitation required. While CVSS 7.1 (High) reflects network-adjacent access with high availability impact, actual risk is limited to denial-of-service - no code execution or data compromise possible per the CVSS vector (VC:N/VI:N/VA:H).
Stack-based buffer overflow in Sandboxie-Plus SbieSvc service enables sandboxed processes to escape isolation and execute code as SYSTEM. Affected versions 1.17.2 and earlier allow malicious sandboxed code to overflow a fixed 160-wide-character stack buffer in NamedPipeServer::OpenHandler via crafted named pipe open requests, bypassing the fundamental security boundary Sandboxie provides. Fixed in version 1.17.3. EPSS data unavailable, no CISA KEV listing or public exploit identified at time of analysis, but the security boundary violation represents a complete defeat of Sandboxie's core function.
Stack-based buffer overflow in Sandboxie-Plus ProcessServer handlers allows local authenticated attackers to execute arbitrary code as SYSTEM or crash the SbieSvc service. The vulnerability affects versions 1.17.2 and earlier, stems from unsafe wcscpy operations on unchecked WCHAR fields from service pipe requests, and has been patched in version 1.17.3. The service pipe's NULL DACL permits any local process to connect and trigger the flaw before authorization checks execute, enabling privilege escalation from low-privileged local accounts. No public exploit code identified at time of analysis, though the technical details in the GitHub advisory provide sufficient information for skilled attackers to develop exploits.
Local privilege escalation to SYSTEM in Sandboxie-Plus 1.17.2 and earlier allows low-privileged interactive users to trigger stack buffer overflow in SbieSvc service via unauthenticated IPC, bypassing sandbox isolation controls. The vulnerability exists in the RunSbieCtrl handler which processes crafted messages before security checks and copies unbounded input into a 128-character stack buffer. Fixed in version 1.17.3. EPSS data unavailable; not listed in CISA KEV at time of analysis, but publicly disclosed via GitHub Security Advisory with technical details sufficient for exploit development.
Stack buffer overflow in Sandboxie-Plus SbieSvc proxy service enables SYSTEM privilege escalation from sandboxed processes, including Security Hardened Sandboxes. Attackers chain an information disclosure (returning up to 32KB uninitialized stack memory with ASLR/stack cookie bypass) with an unbounded memcpy overflow in the GetRawInputDeviceInfoSlave IPC handler. Intel CET shadow stacks block ROP exploitation but not the information leak itself. Vendor-released patch available in version 1.17.3. No public exploit identified at time of analysis, but attack complexity is rated high (AC:H) with low privilege requirements (PR:L), making this viable for motivated attackers targeting sandbox environments.
Stack-based buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated remote attackers with high privileges to execute arbitrary code via malformed ID parameter to yyxz.asp administrative interface. Public exploit code exists on GitHub, demonstrating reliable exploitation. CVSS 7.3 (High) reflects network attack vector but requires admin-level authentication, limiting real-world exposure to compromised credentials or insider scenarios.
Stack-based buffer overflow in EFM ipTIME NAS1dual 1.5.24 allows remote unauthenticated attackers to achieve complete system compromise via the get_csrf_whites function in /cgi/advanced/misc_main.cgi. Public exploit code exists on GitHub, demonstrating practical exploitability despite lack of vendor response to responsible disclosure. CVSS 8.9 (Critical) with EPSS data unavailable; attack requires no authentication, low complexity, and no user interaction (AV:N/AC:L/PR:N/UI:N), making this a high-priority remote attack surface.
Stack-based buffer overflow in WDR201A WiFi Extender firewall.cgi and makeRequest.cgi binaries enables remote unauthenticated attackers to execute arbitrary code through crafted POST requests with oversized Content-Length headers. The vulnerability affects hardware version 2.1 running firmware LFMZX28040922V1.02, with publicly available proof-of-concept exploit code documented via AI-assisted vulnerability research. CVSS 8.3 with high attack complexity indicates exploitation requires advanced technical skills, though the network vector and lack of authentication requirements make this a significant risk for exposed IoT devices.
Stack overflow in Flipper Zero Firmware (commit ad2a80) enables local arbitrary code execution with high privileges through exploitation of the Main function. SSVC framework confirms POC availability and total technical impact. CVSS 8.4 reflects local attack vector with no authentication barrier. No vendor-released patch identified at time of analysis, though GitHub issue tracking indicates developer awareness.
Stack-based buffer overflow in JS8Call allows remote code execution via crafted radio transmission containing an oversized Maidenhead grid locator. CVSS 10.0 reflects network-reachable attack with no authentication required. Both JS8Call (through 2.3.1) and JS8Call-improved (before 3.0) are affected by the overflow in grid2deg function within APRSISClient.cpp. Vendor patch available for JS8Call-improved 3.0+; JS8Call project status unclear. No confirmed active exploitation or public POC identified at time of analysis, though attack vector is straightforward for actors with radio transmission capabilities.
Stack buffer overflow in miaofng/uds-c library allows adjacent network attackers to execute arbitrary code via crafted diagnostic payload. The send_diagnostic_request function allocates only 6 bytes for MAX_DIAGNOSTIC_PAYLOAD_SIZE but accepts up to 7 bytes of payload (MAX_UDS_REQUEST_PAYLOAD_LENGTH), enabling 4-byte overflow when combined with pid_length=2. Affects commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a from October 2016 and likely later versions unless patched. No CISA KEV listing or EPSS data indicates exploitation remains theoretical; vulnerability appears in automotive diagnostic library with limited deployment exposure.
Stack buffer overflow in AGL agl-service-can-low-level's uds-c library enables remote code execution on vulnerable automotive ECUs. The send_diagnostic_request function copies up to 7 bytes into a 6-byte stack buffer without bounds checking, allowing 1-4 bytes of controlled stack corruption. On 32-bit ARM ECUs without stack canaries (common in automotive deployments), attackers can overwrite return addresses to achieve arbitrary code execution. CVSS 7.5 with network attack vector and no authentication required indicates critical exposure, though CVSS impact vector (C:N/I:N/A:H) appears inconsistent with RCE capability described - vendor assessment may undervalue confidentiality/integrity impact of code execution.
Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows unauthenticated network attackers to execute arbitrary code or crash the system by sending malformed CANswitch frames with invalid DLC (Data Length Code) values. The buffer overflow occurs in the canformat_canswitch.cpp parser module which fails to validate frame length parameters before processing, enabling memory corruption. A proof-of-concept exploit is publicly available on GitHub, and SSVC assessment indicates the vulnerability is automatable with partial technical impact, though no active exploitation has been confirmed by CISA KEV at time of analysis.
Buffer overflow in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 enables remote code execution when processing malicious PCAP files. The canformat_pcap.cpp parser fails to validate the phdr.len field, allowing attackers to overflow stack buffers and execute arbitrary code with high confidentiality, integrity, and availability impact. Public proof-of-concept code exists (GitHub Gist), though no active exploitation is confirmed by CISA KEV. SSVC assessment indicates automatable exploitation despite requiring user interaction to open crafted PCAP files.
Stack buffer overflow in AGL agl-service-can-low-level through version 17.1.12 enables remote code execution on automotive ECUs. The vulnerability exists in the uds-c library's send_diagnostic_request function, where a miscalculation between buffer size (6 bytes) and copy length (7 bytes) allows 1-4 bytes of controlled stack overflow. On 32-bit ARM automotive systems without stack protection, attackers can overwrite return addresses to achieve arbitrary code execution. CVSS 7.5 High severity with network attack vector and no authentication required, though CVSS impact ratings (C:N/I:N/A:H) appear inconsistent with the RCE capability described. No public exploit identified at time of analysis, EPSS data unavailable.
Remote code execution in cannelloni v2.0.0 allows unauthenticated network attackers to crash the service or execute arbitrary code by sending malformed CAN FD frames that trigger buffer overflows in two separate parsing functions (parseCANFrame in parser.cpp and decodeFrame in decoder.cpp). The CVSS score of 9.8 reflects network-accessible exploitation requiring no authentication or user interaction, with complete system compromise possible. Public proof-of-concept code exists (GitHub Gist reference), elevating immediate exploitation risk despite no CISA KEV listing, suggesting targeted rather than mass exploitation scenarios.
Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows network-based attackers to execute arbitrary code or crash the system without authentication. A buffer overflow in the GVRET CAN data parser (canformat_gvret.cpp) fails to validate length fields in binary frames, enabling memory corruption. CVSS 10.0 reflects unauthenticated network vector with scope change, but no public exploit or active exploitation confirmed at time of analysis. EPSS data unavailable; real-world risk depends on OVMS3 deployment exposure (typically vehicle telematics environments).
Remote unauthenticated attackers can crash socketcand 0.4.2 daemon by sending a malformed CAN bus name that triggers a stack-based buffer overflow in the main function's socketcand.c implementation. The CVSS vector indicates network-accessible denial of service with no authentication required. A publicly available proof-of-concept exists (GitHub Gist reference), but CISA KEV status is not confirmed, and EPSS data is unavailable. The low attack complexity (AC:L) and network attack vector (AV:N) make this readily exploitable against exposed instances, though the impact is currently limited to availability (A:H) with no confirmed confidentiality or integrity impacts.
Buffer overflow in Absolute Secure Access server (versions before 14.50) allows authenticated remote attackers with modified client software to crash the server through specially crafted messages. This denial-of-service vulnerability requires low-privilege authentication and presents moderate real-world risk given the client modification prerequisite. EPSS data not available; no confirmed active exploitation or public proof-of-concept identified at time of analysis.
Buffer overflow in Absolute Secure Access Windows client versions prior to 14.50 allows local attackers with high privileges to trigger denial of service by exploiting improper memory handling. The vulnerability requires local access and elevated administrative privileges, limiting exploitation to authenticated users already possessing administrative control of the affected system. Vendor-released patch: version 14.50 or later.
Buffer overflow in Absolute Secure Access Windows client prior to version 14.50 allows local attackers to cause denial of service by triggering a system blue screen. The vulnerability requires local access to the affected system and can be exploited without user interaction or authentication. A vendor patch is available.
Buffer overflow in Absolute Secure Access prior to version 14.50 allows remote attackers to cause denial of service by sending a cryptographically valid message to the client, potentially overwriting memory. The vulnerability requires network access and user interaction (UI:P), making it a moderate-complexity attack with low availability impact. Vendor has released a patch available as of the CVE disclosure.
Buffer overflow in Secure Access message parsing prior to version 14.50 allows remote attackers with control of a modified server to send specially crafted packets that corrupt memory, potentially causing denial of service or limited information disclosure. Attack requires network access, high complexity, and user interaction; CVSS 2.3 reflects limited real-world impact despite the vulnerability class.
Stack corruption in FreeBSD libnv library allows local authenticated attackers to elevate privileges to root when exploiting setuid-root applications. The vulnerability stems from libnv's select(2) implementation failing to validate socket descriptors against FD_SETSIZE limits (1024), enabling descriptor exhaustion attacks that corrupt stack memory. Confirmed by FreeBSD Security Advisory SA-26:16 with patches available across all stable branches. EPSS score of 0.02% indicates low observed exploitation probability, and no active exploitation or public POC identified at time of analysis.
Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via stack buffer overflow in the AMR-NB codec decoder allows local attackers with user interaction to crash the application. The vulnerability requires opening a specially crafted network capture file, making it exploitable in scenarios where users are tricked into opening untrusted PCAP files or when Wireshark auto-opens recent captures.
Stack buffer overflow in Wireshark's BEEP protocol dissector causes denial of service when processing malformed network packets. Versions 4.6.0-4.6.4 and 4.4.0-4.4.14 are vulnerable; a local user with the ability to interact with Wireshark or supply crafted BEEP traffic can trigger a crash via a specially crafted packet that requires user interaction to open or process. No public exploit code or active exploitation has been identified at time of analysis.
Stack buffer overflow in Wireshark's ZigBee protocol dissector (versions 4.6.0-4.6.4 and 4.4.0-4.4.14) causes application crash and denial of service when processing malformed ZigBee packets. An attacker must trick a user into opening a crafted packet capture file or visiting a malicious webpage serving the packet, since the vulnerability requires local file access and user interaction. No active exploitation has been publicly reported.
Stack buffer overflow in Wireshark HTTP protocol dissector (versions 4.6.0-4.6.4 and 4.4.0-4.4.14) causes application crash when processing malformed HTTP packets, resulting in denial of service. Local attackers with ability to trigger packet analysis via user interaction can crash the application and disrupt network traffic inspection workflows.
Stack-based buffer overflow in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 allows authenticated remote attackers to execute arbitrary code with elevated privileges via crafted SafeMacFilter requests. The vulnerability resides in function sub_427C3C at endpoint /goform/SafeMacFilter, where insufficient input validation of the 'page' parameter enables memory corruption. Public exploit code exists on GitHub (Axelioc/CVE), significantly lowering the barrier to exploitation for attackers with valid router credentials. CVSS 7.4 reflects high confidentiality, integrity, and availability impact requiring only low-privilege authentication.
Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintf(dst_buf + 2*i, "%.2x", src_buf[i]) on platforms where char is treated as signed and the compiled code sign-extends bytes before the variadic call. For input bytes such as 0xFF, the formatting can emit "ffffffff" (8 chars) instead of "ff" (2 chars), causing an out-of-bounds write past a fixed 2049-byte stack buffer. The vulnerable path is reachable remotely prior to any agent authentication/registration logic via TCP/1514 when an oversized length prefix causes the “unexpected message (hex)” diagnostic path to run. Additionally, the same unauthenticated oversized-message diagnostic path logs an attacker-controlled hex dump to /var/ossec/logs/ossec.log for each trigger, allowing remote log amplification that can degrade monitoring fidelity and consume disk/I/O. This log amplification is reachable even without triggering the sign-extension overflow (e.g., using bytes < 0x80). This issue has been patched in version 4.14.4.
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function.
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14 allows authenticated remote attackers to execute arbitrary code via crafted HTTP requests to the /goform/WrlclientSet endpoint. The vulnerability resides in the fromWrlclientSet function of the httpd component, triggered by malicious 'Go' parameter input. Publicly available proof-of-concept exploit code increases immediate exploitation risk for exposed devices. EPSS data not provided, but public POC and low attack complexity (AC:L) indicate elevated real-world risk despite authentication requirement (PR:L).
Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14(408) allows authenticated remote attackers to execute arbitrary code via crafted 'Go' parameter to the /goform/WrlExtraSet endpoint in the httpd service. A public proof-of-concept exploit exists (GitHub), enabling reliable exploitation despite low attack complexity. CVSS 7.4 (High) severity reflects significant impact potential, though exploitation requires valid user credentials (PR:L), limiting mass-scale attacks to scenarios where default/weak credentials are common in Tenda routers.
Memory corruption in arduino-esp32's NBNS packet handler allows adjacent network attackers to achieve remote code execution on ESP32-family microcontrollers without authentication. Affects all versions prior to 3.3.8 when NetBIOS is explicitly enabled via NBNS.begin(). The parser trusts attacker-controlled name_len field from UDP port 137 traffic, writing unbounded data to fixed-size buffers. EPSS data not available, no CISA KEV listing, but GitHub security advisory confirms the vulnerability with patch released in version 3.3.8.
Unchecked directory name buffer in Delta Electronics AS320T enables remote code execution without authentication. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms this is a remotely exploitable stack buffer overflow (CWE-121) requiring no user interaction or credentials. Delta Electronics disclosed this vulnerability in security advisory PCSA-2026-00006, affecting an industrial automation product. No EPSS score or KEV status available at time of analysis, but the trivial exploitation requirements (network accessible, no authentication, low complexity) present immediate risk to exposed AS320T devices.
Remote code execution in Delta Electronics AS320T allows unauthenticated network attackers to exploit an unchecked buffer overflow in filename processing to execute arbitrary code with high impact to confidentiality, integrity, and availability. The CVSS 9.8 critical score reflects network-accessible attack surface with no authentication or user interaction required. No EPSS or KEV data available at time of analysis, but vendor advisory confirms multiple related vulnerabilities affecting the same product line.
Stack-based buffer overflow in rust-openssl's MdCtxRef::digest_final() allows safe Rust code to corrupt memory when EVP_DigestFinal() writes beyond the provided output buffer boundary. The vulnerability occurs when the output buffer is smaller than EVP_MD_CTX_size(ctx), causing EVP_DigestFinal() to write past the buffer end and corrupt stack memory. Vendor-released patch available in version 0.10.78 via GitHub commit 826c3888. No public exploit identified at time of analysis, but exploitable from memory-safe Rust code paths, violating Rust's safety guarantees.
Stack-based buffer overflow in Dell PowerProtect Data Domain DD OS allows remote unauthenticated attackers to execute arbitrary commands on vulnerable appliances. Affects Feature Release versions 7.7.1.0-8.6, LTS2025 (8.3.1.0-8.3.1.10), and LTS2024 (7.13.1.0-7.13.1.60). Despite network-accessible attack vector (AV:N/PR:N), high attack complexity (AC:H) indicates specialized exploit conditions. CISA SSVC framework rates exploitation as 'none' and automatable as 'no', suggesting manual, targeted exploitation rather than mass scanning. No active exploitation confirmed at time of analysis. Dell has released patches across all affected release tracks (DSA-2026-060).
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.
Storable versions before 3.05 for Perl has a stack overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Stack-based buffer overflow in Dell PowerProtect Data Domain versions 7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allows high-privileged local attackers to execute arbitrary commands as root. The vulnerability requires local access and elevated privileges, limiting exposure to insider threats or compromised administrative accounts rather than remote attackers. No public exploit has been identified at time of analysis.
Remote code execution in ASUSTOR ADM (4.1.0-4.3.3.RR42 and 5.0.0-5.1.2.REO1) allows authenticated high-privilege attackers to execute arbitrary code via stack-based buffer overflow in VPN client components. The vulnerability combines unbounded sscanf() calls with format string weaknesses (printf with user-controlled data), exploitable due to absent PIE and stack canary protections. EPSS exploitation probability is low (0.23%, 46th percentile) with no public exploit code identified at time of analysis, suggesting limited real-world targeting despite high CVSS score.
Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier) enables authenticated remote attackers to execute arbitrary code on the device via maliciously crafted redirect URLs. Reported by JPCERT with vendor advisories published, though EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV), and SSVC assessment marks exploitation status as 'none' despite the critical nature of remote code execution capability.
Stack-based buffer overflow in editorconfig-core-c library (versions ≤0.12.10) enables local attackers to crash applications or potentially execute arbitrary code via maliciously crafted .editorconfig files and directory structures. This incomplete fix for CVE-2023-0341 left the l_pattern[8194] stack buffer unprotected while only addressing the pcre_str buffer in version 0.12.6. Patched in version 0.12.11. No active exploitation confirmed (not in CISA KEV), but publicly exploitable with local access and minimal complexity (CVSS AV:L/AC:L/PR:N).
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.
Remote unauthenticated code execution in Openfind MailGates (5.0-6.0) and MailAudit (5.0-6.0) via stack-based buffer overflow allows complete system compromise. Attackers can send crafted network requests to exploit CWE-121 buffer overflow conditions without authentication, achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor patches available (MailGates 6.1.10.054, 5.2.10.099; MailAudit 6.1.10.054, 5.2.10.099). CVSS 9.3 with network attack vector (AV:N), low complexity (AC:L), and no privileges required (PR:N) creates critical exposure for internet-facing mail security appliances. EPSS data unavailable; no confirmed active exploitation or public POC identified at time of analysis.
Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
Denial of service via stack buffer overflow in .NET (versions 8.0, 9.0, 10.0) and Visual Studio 2022 (versions 17.12, 17.14) allows unauthenticated remote attackers to crash affected applications over the network. The vulnerability has a CVSS score of 7.5 (High) with low attack complexity and no privileges required. Vendor-released patches are available from Microsoft (MSRC). No public exploit identified at time of analysis, and the issue is not confirmed actively exploited.
Stack-based buffer overflow in the Windows Kernel enables low-privileged local attackers to escalate to SYSTEM privileges on Windows 11 version 26H1 (build 10.0.28000.0 through 10.0.28000.1835). Despite CVSS 7.0 (High), the attack complexity is high (AC:H) and requires local access with low-level privileges (PR:L). Vendor-released patch available via Microsoft Security Response Center (build 10.0.28000.1836). No public exploit identified at time of analysis, though CWE-121 stack overflows are well-understood vulnerability classes with established exploitation techniques.
Memory corruption in Python's asyncio introspection and profiling.sampling modules (3.14-3.15) allows a local attacker with high privileges to read and write arbitrary memory in a connected privileged Python process via remote debugging. Exploitation requires persistent, repeated connections and high tolerance for crashes due to ASLR; no public exploit code has been identified. SSVC framework rates technical impact as total, but exploitation remains none-indicating low real-world priority despite severe capability impact.
Stack-based buffer overflow in Tenda F456 1.0.0.5 router's formwebtypelibrary function allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/webtypelibrary endpoint via manipulation of the 'menufacturer' or 'Go' parameters. Public exploit code exists on GitHub (EPSS 0.05%, 14th percentile), indicating low likelihood of mass exploitation but confirmed weaponization capability. No vendor patch identified at time of analysis.
Stack-based buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve complete device compromise via crafted input to the 'page' parameter in the fromqossetting QoS configuration handler. Publicly available exploit code exists (GitHub POC), CVSS 7.4 (High), EPSS 0.05% (low exploitation probability). Not actively exploited per CISA KEV. This is a classic IoT router vulnerability affecting the web management interface at /goform/qossetting, requiring valid authentication credentials but enabling full device takeover once authenticated.
Stack-based buffer overflow in Tenda F456 router firmware v1.0.0.5 allows authenticated remote attackers to achieve code execution with high integrity and availability impact via crafted 'page' parameter to the /goform/NatStaticSetting endpoint's fromNatStaticSetting function. Public exploit code exists (EPSS 0.05%, 14th percentile), indicating low observed exploitation probability despite proof-of-concept availability. No active exploitation confirmed via CISA KEV at time of analysis.
Stack-based buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to achieve complete system compromise via crafted input to the wireless security settings handler. Public exploit code is available, but EPSS exploitation probability remains very low (0.05%, 14th percentile), and no active exploitation has been reported. The vulnerability requires authenticated access to the router's administrative interface, limiting opportunistic exploitation.
Stack-based buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code via the /goform/exeCommand endpoint. The vulnerability has a publicly available proof-of-concept exploit and affects the fromexeCommand function through manipulation of the cmdinput parameter. EPSS probability is low (0.05%, 14th percentile), indicating minimal observed exploitation activity despite POC availability. Not listed in CISA KEV, confirming no widespread active exploitation detected.
Stack-based buffer overflow in Totolink A3002MU router firmware B20211125.1046 allows authenticated remote attackers to execute arbitrary code via crafted 'wan-url' parameter in /boafrm/formWlanSetup endpoint. Publicly available exploit code exists (PoC on GitHub). EPSS score of 0.08% (23rd percentile) indicates low observed exploitation probability despite public exploit, likely due to authentication requirement (PR:L) and narrow attack surface of legacy consumer router product.
Stack-based buffer overflow in TOTOLINK A7000R router (firmware ≤9.1.0u.6115) allows authenticated remote attackers to achieve complete system compromise via the setWiFiEasyGuestCfg CGI function. The vulnerability exists in /cgi-bin/cstecgi.cgi where unsanitized input to the ssid5g parameter triggers memory corruption, enabling arbitrary code execution with device privileges. Publicly available exploit code exists, significantly lowering the barrier to exploitation for authenticated attackers on the network.
Stack-based buffer overflow in Dynabook Bluetooth ACPI drivers (tosrfec.sys, drfec.sys) allows local administrators to execute arbitrary code by manipulating specific registry values. This CVSS 8.4 vulnerability requires high privileges (administrative access) but enables complete system compromise with low attack complexity. No public exploit identified at time of analysis, though the attack surface is limited to users who already possess elevated credentials.
Stack overflow in tinyobjloader's experimental MTL file parser (tinyobj_loader_opt.h) allows local attackers to trigger denial of service by supplying a malformed .mtl file. The vulnerability affects the library's material file parsing logic and crashes the application via stack memory corruption, though with EPSS score of 0.01% and no confirmed active exploitation, real-world risk is minimal despite the moderate CVSS 6.2 rating.
Stack-based buffer overflow in Tenda F451 wireless router (firmware 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the frmL7ImForm function handling the 'page' parameter at /goform/L7Im endpoint. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 8.8 (High) reflects network-accessible attack vector with low complexity, requiring only low-privilege authentication. No vendor-released patch identified at time of analysis.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSetIpBind function accessible via /goform/SetIpBind endpoint, where manipulation of the 'page' parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation despite requiring low-privilege authentication. CVSS 8.8 severity reflects network accessibility, low attack complexity, and complete system compromise potential.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows remote authenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromqossetting function's handling of the 'qos' parameter in /goform/qossetting endpoint. Publicly available exploit code (GitHub PoC) significantly lowers the barrier to exploitation. CVSS 7.4 (High) with low attack complexity and network attack vector indicates elevated risk for exposed devices, though low-privilege authentication is required.
Stack-based buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromSafeUrlFilter function handling the 'page' parameter in /goform/SafeUrlFilter endpoint. Publicly available exploit code exists (GitHub POC), significantly lowering exploitation barrier. With CVSS 8.8 (Critical) and low attack complexity, this represents a serious risk to deployed devices, though exploitation requires authenticated access (PR:L) to the router's web interface.
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise via the SafeMacFilter function. The vulnerability is exploitable over the network with low complexity, requiring only basic user credentials. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier for exploitation. CVSS 8.8 (High) severity with potential for code execution, data theft, and device takeover.
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 enables authenticated remote attackers to execute arbitrary code with high privileges via crafted 'entrys' parameter to the /goform/addressNat endpoint. The vulnerability resides in the fromAddressNat function of the httpd component. Public exploit code is available (GitHub), with EPSS indicating moderate exploitation probability. Requires low-privilege authentication (PR:L) but has low attack complexity (AC:L), making it accessible to attackers with basic router credentials.
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in the httpd component's frmL7ProtForm function when processing the 'page' parameter in /goform/L7Prot. Publicly available exploit code exists (GitHub POC published), enabling attackers with low-privilege credentials to achieve full system compromise. CVSS 8.8 (High) with low attack complexity and no user interaction required. No vendor-released patch identified at time of analysis.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to achieve full system compromise via crafted HTTP requests to the wireless client configuration endpoint. The vulnerability (CVSS 8.8) exists in the WrlclientSet function within the httpd service and requires only low-privilege authentication. Publicly available exploit code has been published on GitHub, significantly lowering the barrier to exploitation, though no active exploitation is confirmed in CISA KEV at time of analysis.
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise through the DHCP client list function. The vulnerability exists in the httpd service's /goform/DhcpListClient endpoint via the 'page' parameter. Publicly available exploit code exists (GitHub POC published), enabling low-complexity attacks that can result in full confidentiality, integrity, and availability compromise. CVSS 8.8 reflects high impact across all security objectives with minimal attack complexity, though low-privileged authentication is required.
Stack-based buffer overflow in ChargePoint Home Flex electric vehicle chargers enables network-adjacent attackers to execute arbitrary code as root via malformed OCPP messages. Unauthenticated exploitation allows complete device compromise through improper length validation in OCPP getpreq message handling. Attack complexity is high (CVSS AC:H), requiring local network access. No public exploit identified at time of analysis.
Stack-based buffer overflow in Notepad++ 8.9.3 file drop handler allows local authenticated users to cause application crash and potentially execute code by dragging and dropping a directory path of exactly 259 characters without a trailing backslash, triggering unbounded buffer write via automatic backslash and null terminator appending. CVSS 6.0 (High) reflects local attack vector and high complexity; no public exploit code or active KEV status identified, but upstream fix is confirmed available.
Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 enables authenticated remote attackers to execute arbitrary code or crash the device. The vulnerability resides in the decodePwd function within /goform/WizardHandle POST request handler, triggered by manipulating the WANS parameter. Attack requires low-privilege authentication but no user interaction. CVSS 8.8 (High) reflects potential for complete system compromise. Publicly available exploit code exists; no confirmed active exploitation (CISA KEV).
Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 allows authenticated remote attackers to execute arbitrary code via crafted PPPOEPassword parameter to formQuickIndex endpoint. Attack requires low-privilege credentials but no user interaction, enabling complete device compromise. Publicly available exploit code exists. CVSS 8.8 reflects network-accessible attack path with high impact to confidentiality, integrity, and availability.
Stack buffer overflow in wolfSSL's PKCS7 implementation allows local attackers to cause a denial of service or potentially execute code by crafting a CMS EnvelopedData message with an oversized OID in an OtherRecipientInfo recipient structure. The vulnerability affects wolfSSL when compiled with --enable-pkcs7 (disabled by default) and only when an application explicitly registers an ORI decrypt callback, significantly limiting real-world exposure. No public exploit code or active exploitation has been identified at time of analysis.
Stack-based buffer overflow in Tenda F451 wireless router firmware 1.0.0.7 allows authenticated remote attackers to execute arbitrary code via crafted page parameter to fromRouteStatic function in /goform/RouteStatic endpoint. Attack requires low-privilege authenticated access to web management interface with no user interaction. Publicly available exploit code exists. Exploitation yields complete compromise of router confidentiality, integrity, and availability.
Stack buffer overflow in osslsigncode <2.12 allows local attackers to execute arbitrary code during signature verification. The vulnerability affects PE, MSI, CAB, and script file verification handlers that copy digest values from SpcIndirectDataContent structures into fixed 64-byte stack buffers without length validation. Attackers craft malicious signed files with oversized digest fields triggering memcpy overflow when users verify files via osslsigncode verify command, corrupting stack state and enabling code execution with high confidentiality, integrity, and availability impact.
Stack-based buffer overflow in Tenda AC15 router firmware 15.03.05.18 websGetVar function allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/SysToolChangePwd endpoint where manipulation of oldPwd, newPwd, or cfmPwd parameters triggers memory corruption. Publicly available exploit code exists. Exploitation requires low-privilege authenticated access but no user interaction, making it readily exploitable once credentials are obtained.
Stack-based buffer overflow in D-Link DIR-645 router (versions 1.01, 1.02, 1.03) via hedwigcgi_main function in /cgi-bin/hedwig.cgi allows authenticated remote attackers to achieve complete system compromise. Exploitation requires low-privilege credentials but no user interaction. Publicly available exploit code exists. Product is end-of-life with no vendor support, making remediation limited to device replacement or network isolation.
Stack-based buffer overflow in TP-Link Archer AX53 v1.0 tmpServer module enables authenticated adjacent attackers to execute arbitrary code via malicious configuration file. Exploitation triggers segmentation fault, permits device state modification, sensitive data exposure, and integrity compromise. Affects firmware versions before 1.7.1 Build 20260213. Requires high privileges and adjacent network access. No public exploit identified at time of analysis.
Stack-based buffer overflow in Delta Electronics ASDA-Soft allows local attackers with no privileges to execute arbitrary code by tricking users into opening a malicious file. The vulnerability achieves complete system compromise (confidentiality, integrity, availability all rated High in CVSS) through user interaction with crafted input. No public exploit identified at time of analysis, though the low attack complexity and lack of required privileges increase realistic exploitation risk once details emerge.
Stack-based buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 allows unauthenticated remote attackers to trigger denial-of-service conditions by sending malformed name parameter values to the /url_member.asp endpoint. The vulnerability enables network-accessible attackers to crash the device without authentication or user interaction, disrupting availability of routing services. No public exploit identified at time of analysis.