Skip to main content

Buffer Overflow

memory HIGH

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions.

How It Works

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions. This overwrites whatever data or code exists there, corrupting program state and potentially giving attackers control over execution flow.

Stack-based overflows are the most common variant. When a function allocates a fixed-size buffer on the stack and then copies user-controlled input without proper bounds checking, attackers can overflow past the buffer to overwrite the function's return address. When the function completes, instead of returning to legitimate code, execution jumps to attacker-specified memory containing malicious shellcode. Heap-based overflows work differently—they corrupt heap metadata like chunk size fields or free list pointers, leading to arbitrary memory writes when the allocator processes the corrupted structures.

Modern exploitation bypasses defensive mechanisms through techniques like Return-Oriented Programming (ROP), which chains together existing code snippets to avoid non-executable memory protections. Attackers may also use heap spraying to reliably position shellcode at predictable addresses, defeating address randomization.

Impact

  • Remote code execution — attacker gains ability to run arbitrary commands with the privileges of the vulnerable process
  • Privilege escalation — exploiting kernel or setuid program overflows to gain root/SYSTEM access
  • Denial of service — crashes and memory corruption that render systems unusable
  • Information disclosure — reading sensitive data from adjacent memory regions that should be inaccessible
  • Authentication bypass — overwriting security-critical variables like permission flags or user IDs

Real-World Examples

Fortinet FortiOS suffered a critical buffer overflow (CVE-2025-32756) that allowed unauthenticated remote attackers to execute code as root on firewalls and VPN gateways. Attackers actively exploited this to compromise enterprise network perimeters before patches were available.

The Slammer worm from 2003 exploited a stack overflow in Microsoft SQL Server, spreading to 75,000 hosts in ten minutes by sending a single malformed UDP packet that overwrote the return address with shellcode. No authentication was required.

OpenSSH historically contained a heap overflow in challenge-response authentication that allowed pre-authentication remote root compromise on Unix systems, demonstrating how memory corruption in privileged network services creates maximum impact scenarios.

Mitigation

  • Memory-safe languages — Rust, Go, and modern managed languages prevent buffer overflows by design through automatic bounds checking
  • Stack canaries — random values placed before return addresses that detect corruption before control transfer
  • Address Space Layout Randomization (ASLR) — randomizes memory locations making exploitation less reliable
  • Data Execution Prevention (DEP/NX) — marks memory regions as non-executable, preventing direct shellcode execution
  • Bounds checking — validate input sizes before copying, use safe functions like strncpy instead of strcpy
  • Fuzzing and static analysis — automated testing to discover overflows before deployment

Recent CVEs (36137)

EPSS 0% CVSS 7.8
HIGH This Week

After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Stack Overflow RCE Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of the write within a ~254-byte window past the heap allocation boundary. This vulnerability is fixed in 6.0.1698.0.

Memory Corruption Buffer Overflow Nanazip
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the file header drives an unbounded loop that reads past the end of a stack-allocated ZEALFS_V1_HEADER structure. This vulnerability is fixed in 6.0.1698.0.

Information Disclosure Buffer Overflow Nanazip
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process.

RCE Buffer Overflow Heap Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap Overflow RCE Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Illustrator
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Microsoft Buffer Overflow Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap Overflow RCE Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Integer Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Exploit Unlikely Act Now

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Stack Overflow Microsoft Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Stack Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

Heap Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Storage Spaces Controller enables authenticated users with low-level access to gain SYSTEM-level privileges by exploiting an integer overflow that leads to memory corruption. Affects Windows 10 (1607 through 22H2), Windows 11 (all versions through 26H1), and Windows Server 2012 R2. Microsoft has released security updates through their March 2026 Patch Tuesday. No active exploitation confirmed in CISA KEV at time of analysis, though the combination of low attack complexity (AC:L) and no user interaction requirement (UI:N) makes post-compromise exploitation straightforward for attackers who have already obtained initial access.

Integer Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Application Identity (AppID) Subsystem allows low-privileged authenticated users to execute code as SYSTEM via heap buffer overflow. Microsoft has released security patches across Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server 2012. CVSS 7.8 score reflects high impact to confidentiality, integrity, and availability. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. Requires existing local access with standard user privileges, limiting remote attack surface.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Win32K graphics subsystem allows authenticated users to gain SYSTEM-level access via integer overflow exploitation. Affects all supported Windows 10, Windows 11, and Windows Server 2012 versions. Microsoft has released patches through their March 2026 security update (MSRC guide confirms vendor-released fix). CVSS 7.8 reflects high impact across confidentiality, integrity, and availability. No public exploit code identified at time of analysis, and not listed in CISA KEV, indicating limited or no active exploitation despite the severity of potential impact.

Integer Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Message Queuing (MSMQ) allows remote unauthenticated attackers on adjacent networks to execute arbitrary code with high impact to confidentiality, integrity, and availability across multiple Windows versions. Microsoft released patches via their May 2026 security update. The vulnerability requires adjacent network access (same subnet/VLAN) but no authentication, user interaction, or special configuration, making it exploitable against default Windows installations where MSMQ service is enabled. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Kernel across Windows 10, Windows 11 (versions 22H3 through 26H1), and Windows Server 2022 allows authenticated local attackers to gain SYSTEM-level privileges through heap corruption. Microsoft has released patches addressing this CWE-122 heap-based buffer overflow. EPSS data not available for risk quantification, and no CISA KEV listing indicates exploitation has not been publicly confirmed, though the vulnerability's low attack complexity (AC:L) and minimal prerequisites (PR:L) make it attractive for post-compromise privilege escalation in targeted attacks.

Heap Overflow Microsoft Buffer Overflow +11
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft .NET Framework (versions 3.5 through 10.0) and Visual Studio 2017 occurs through heap-based buffer overflow exploitation requiring user interaction with a malicious file. Attackers without initial privileges can achieve high-level code execution and data access by convincing a user to open a specially crafted document or application. Microsoft has released patches across all affected .NET versions per MSRC advisory, indicating this is a vendor-confirmed issue requiring immediate remediation for systems where users process untrusted .NET content.

Heap Overflow Buffer Overflow Net 10 0 +13
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Fortinet FortiOS 7.2.0-7.2.11, 7.4.0-7.4.8, and 7.6.0-7.6.3 enables authenticated attackers to execute arbitrary code via malformed network packets. The out-of-bounds write vulnerability (CWE-787) affects FortiOS firewall appliances and requires only low-privilege credentials to exploit over the network. Fortinet published advisory FG-IR-26-123 confirming the vulnerability. No CISA KEV listing or public exploit code identified at time of analysis, though the straightforward network attack vector (AV:N/AC:L) suggests moderate weaponization potential once details emerge.

Fortinet Memory Corruption Buffer Overflow
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper buffer restrictions for some Display Virtualization for Windows OS driver software within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Buffer Overflow
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts.

Denial Of Service Buffer Overflow VMware +2
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

Buffer Overflow VMware RCE +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Denial Of Service Microsoft Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (high) impacts.

Denial Of Service Buffer Overflow VMware +2
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Buffer underflow in YAML::Syck for Perl versions before 1.38 allows remote unauthenticated attackers to trigger out-of-bounds memory reads when parsing specially crafted base60 (sexagesimal) YAML values. The vulnerability affects both integer and floating-point base60 handlers in perl_syck.h, where processing leftmost colon-separated segments causes a pointer to decrement past allocated buffer boundaries. EPSS exploitation probability is minimal (0.01%, 3rd percentile) with no active exploitation or public weaponized exploit identified. Vendor-released patch available in version 1.38, confirmed by CPANSec and upstream commit.

Buffer Overflow Yaml Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Heap buffer over-read in pam_authnft allows remote denial-of-service via crafted netlink messages. pam_authnft < 0.2.0-alpha contains a CWE-125 buffer over-read in the peer_lookup_tcp function when parsing NETLINK_SOCK_DIAG replies, allowing unauthenticated network attackers to trigger crashes by sending malformed netlink diagnostic messages that bypass message-size validation. This PAM module binds nftables firewall rules to authenticated sessions, so exploitation disrupts authentication infrastructure. Vendor-released patch: 0.2.0-alpha (GitHub PR #10). No public exploit identified at time of analysis.

Information Disclosure Buffer Overflow Pam Authnft
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 150.0.3 stems from a JIT (Just-In-Time) compiler miscompilation in the JavaScript engine, allowing remote attackers to trigger high-impact compromise of confidentiality, integrity, and availability when a user visits a malicious web page. The flaw carries a CVSS score of 8.8 and requires user interaction (loading attacker-controlled JavaScript), but no authentication. There is no public exploit identified at time of analysis, though a GitHub repository referenced from NVD suggests early proof-of-concept research, and EPSS scores the exploitation probability at only 0.02% despite the high CVSS severity.

Buffer Overflow Mozilla
NVD VulDB GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

Mozilla Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.3
HIGH Act Now

The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27349, ZDI-CAN-27389)

Heap Overflow Buffer Overflow Simcenter Femap
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Stack-based buffer overflow in Siemens Solid Edge SE2026 allows arbitrary code execution when users open malicious PAR files. Attackers must deliver a weaponized PAR file and convince the user to open it, after which code executes with user's privileges. All versions prior to V226.0 Update 5 are vulnerable. No active exploitation confirmed (not in CISA KEV), but the attack relies on user interaction with a common CAD file format, making social engineering feasible in engineering/manufacturing environments.

Stack Overflow Buffer Overflow Solid Edge Se2026
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Stack overflow in Zephyr RTOS network stack allows local attackers to trigger a denial of service by issuing an ICMP ping to the device's own IPv4 address via the `net ping` shell command, causing recursive re-entry of the input path on the same work-queue stack and exhausting stack memory. The vulnerability requires local access and user interaction to execute the shell command, affecting systems with Zephyr network functionality enabled.

Buffer Overflow Zephyr
NVD GitHub
EPSS 0% CVSS 7.5
HIGH Monitor

Remote unauthenticated attackers can crash Zyxel NWA1100-N access points running customized firmware version 1.00(AACE.1)C0 by sending malformed HTTP requests that trigger buffer overflows in five distinct web server functions (formWep, formWlAc, formPasswordSetup, formUpgradeCert, formDelcert). The vulnerability enables denial-of-service attacks with high CVSS 7.5 severity but is limited to an end-of-life product according to Zyxel's reference documentation. No public exploit code identified at time of analysis, and EPSS data is unavailable for this recent CVE.

Zyxel Buffer Overflow
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Memory corruption in OMEC Project AMF up to version 2.1.1 occurs in the NGAP Message Handler when processing malformed mobile identity payloads, allowing authenticated remote attackers to cause denial of service through buffer overflow. Publicly available exploit code exists; vendor released patched version 2.2.0 via GitHub PR #666. CVSS 4.3 (low severity) reflects authentication requirement (PR:L) and availability-only impact, but real-world exploitation risk depends on deployment context.

Buffer Overflow Amf
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section loading logic fails to validate that PointerToRawData plus copied size remains within the PE file buffer. An attacker can supply a malicious EFI PE binary via TFTP, USB, SD card, or network boot to trigger heap buffer overflow or out-of-bounds read from heap memory, potentially achieving code execution in bootloader context.

Integer Overflow RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a crafted file in the "caca" format. Depending on the build configuration and memory allocator, this may lead to memory corruption or remote code execution. This is the same vulnerability as CVE-2021-3410 but the fix at that time was not fully correct. Commit fb77acff9ba6bb01d53940da34fb10f20b156a23 fixes this vulnerability.

Heap Overflow RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigger heap out-of-bounds reads during boot-time filesystem parsing, potentially redirecting reads to arbitrary disk offsets.

Information Disclosure Buffer Overflow Barebox
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK packet without a proper 0xff end marker to cause the parser to read past valid packet data and potentially crash the system.

Information Disclosure Buffer Overflow Barebox
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in macOS allows remote unauthenticated attackers to cause system crashes and denial of service without user interaction. Affects macOS Sequoia versions prior to 15.7.7 and macOS Tahoe versions prior to 26.5. Apple has released patches addressing the vulnerability through improved bounds checking. Despite network-based attack vector and low complexity (CVSS 7.5), EPSS score of 0.05% (15th percentile) indicates minimal observed exploitation activity, and CISA SSVC framework confirms no active exploitation detected. Automatable attack path suggests potential for scanning-based campaigns if exploited.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Process memory corruption in Apple's image processing subsystem across iOS, iPadOS, macOS, tvOS, and visionOS allows remote attackers to extract confidential data from process memory via crafted images. The vulnerability affects all Apple operating systems prior to their respective May 2026 security updates. CVSS vector indicates network-based, unauthenticated exploitation requiring no user interaction beyond processing the image, though the CVSS score focuses on confidentiality impact (C:H) with no integrity or availability impact. EPSS score of 0.02% suggests low observed exploitation likelihood, with no CISA KEV listing or public POC identified at time of analysis. Apple has released patches across all affected platforms.

Apple Buffer Overflow
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Apple Buffer Overflow Ios And Ipados +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory corruption in Apple operating systems allows remote attackers to trigger unexpected app termination or corrupt process memory by delivering a maliciously crafted media file to users, requiring user interaction to open the file. Affects iOS/iPadOS 26.4 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploit identified at time of analysis; vendor-released patches are available across all affected platforms.

Apple Information Disclosure Buffer Overflow
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Improper bounds checking in Apple operating systems allows processing of maliciously crafted files to cause unexpected application termination (denial of service) on iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability affects multiple major OS versions and requires local file processing without user interaction, but has extremely low real-world exploitation probability (EPSS 0.02%) despite moderate CVSS score.

Apple Buffer Overflow
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Buffer overflow in Apple operating systems allows local unauthenticated users to cause unexpected system termination or read kernel memory without requiring user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions, with exploitation limited to local access. Vendor-released patches are available for all affected platforms, and EPSS scoring of 0.03% indicates exploitation remains unlikely despite the local attack vector.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Out-of-bounds read in Apple operating systems allows malicious applications to crash the system or leak kernel memory across iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5. The vulnerability requires local application execution but no user interaction, enabling information disclosure and denial-of-service attacks. Despite high CVSS 7.3 scoring, the EPSS probability is very low (0.02%, 5th percentile), indicating minimal observed exploitation activity. Vendor-released patches are available for all affected platforms.

Apple Information Disclosure Buffer Overflow
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.

Apple Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in Safari's WebKit engine across all Apple platforms allows remote attackers to trigger information disclosure via maliciously crafted web content delivered through network-accessible attack vectors requiring no authentication or user interaction. Despite the vendor description focusing on crash scenarios, the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates high confidentiality impact with no availability impact, suggesting potential memory disclosure rather than denial of service. Patched in iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation despite network-accessible attack vector.

Apple Buffer Overflow Ios And Ipados +3
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Memory corruption in Apple operating systems due to a race condition in locking mechanisms allows local authenticated attackers to cause unexpected app termination or potential denial of service. The vulnerability affects iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, tvOS 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. Vendor-released patches are available across all affected platforms, with no public exploit identified at time of analysis.

Apple Race Condition Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Integer overflow in Apple operating systems allows remote unauthenticated attackers to crash devices via maliciously crafted input, causing denial of service through system termination. Affects iOS/iPadOS versions prior to 18.7.9, macOS Sequoia prior to 15.7.7, macOS Sonoma prior to 14.8.7, and macOS Tahoe prior to 26.5. Apple has released patches for all affected platforms. Despite the network attack vector and lack of authentication requirements (CVSS AV:N/PR:N), EPSS exploitation probability is very low at 0.02% (5th percentile), and no public exploits or active exploitation have been identified. Not listed in CISA KEV, suggesting limited real-world targeting.

Integer Overflow Apple Buffer Overflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in WebKit across Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS) allows remote attackers to access sensitive information via malicious web content. CVSS vector indicates network-based exploitation requiring no user interaction or authentication (AV:N/AC:L/PR:N/UI:N), contradicting the description's 'process crash' outcome with the High Confidentiality impact rating. EPSS score of 0.02% (5th percentile) suggests low real-world exploitation probability. Vendor patches available for all affected platforms (version 26.5). SSVC framework rates this as automatable with partial technical impact but no observed exploitation.

Apple Buffer Overflow Ios And Ipados +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in Apple's image processing framework across iOS, iPadOS, macOS, tvOS, and watchOS allows remote attackers to cause denial of service through process memory corruption. Despite the CVSS 7.5 (High) rating and network attack vector, the vulnerability is rated low priority with only 2% EPSS exploitation probability (5th percentile), indicating minimal real-world threat activity. Apple has released patches in version 26.5 across all affected platforms. No active exploitation or public proof-of-concept has been identified at time of analysis.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

WebKit memory corruption vulnerability allows remote attackers to trigger denial-of-service process crashes across Apple's entire operating system ecosystem (iOS, iPadOS, macOS, tvOS, watchOS) when processing maliciously crafted web content. Despite a CVSS score of 7.5 suggesting high confidentiality impact, the vendor description indicates only process crash (availability impact), representing a scoring discrepancy that requires clarification. No active exploitation confirmed (not in CISA KEV), EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and vendor patches released across all affected platforms in version 26.5.

Apple Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Apple WebKit (iOS/iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5) allows unauthenticated network attackers to crash browser processes via maliciously crafted web content exploiting a memory handling flaw. CVSS 7.5 (High) reflects network-based attack with no authentication required, though impact is limited to availability (process crash). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. SSVC assessment confirms no active exploitation, but marks it as automatable, suggesting potential for future weaponization in drive-by attacks. Apple has released patches across all affected platforms.

Apple Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in Apple operating systems allows remote unauthenticated denial-of-service via malicious application. Apple has patched this vulnerability across all affected platforms (iOS/iPadOS, macOS, tvOS, visionOS, watchOS) in version 26.5 releases. Despite CVSS 7.5 HIGH rating, exploitation probability remains low (EPSS 2%, 5th percentile) with no public exploit code identified and no CISA KEV listing. The vulnerability is impact-limited to availability (denial-of-service) with no confidentiality or integrity compromise, though tags indicate potential information disclosure concerns that warrant verification against vendor advisories.

Apple Information Disclosure Buffer Overflow
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds write in Apple operating systems allows network-based unauthenticated attackers to corrupt kernel memory or cause denial of service without user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms, though the extremely low EPSS score (0.02%) suggests real-world exploitation risk is minimal despite the network attack vector.

Apple Memory Corruption Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in macOS kernel allows local applications to terminate the system or write to kernel memory, affecting macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x. Apple has released security updates patching this vulnerability. Despite the CVSS vector indicating network-based attack (AV:N), the description specifies 'an app may be able to' which confirms local application context, indicating a vector/description inconsistency. EPSS score of 0.02% (4th percentile) suggests low probability of mass exploitation, and no active exploitation or public POC identified at time of analysis.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Out-of-bounds write in Apple's file parsing component across iOS, iPadOS, and macOS enables remote code execution or denial of service via maliciously crafted files with no user interaction required. Exploitation probability is extremely low (EPSS 0.02%, 6th percentile) with no public exploit identified at time of analysis, despite the critical CVSS 7.3 score and network-based attack vector. Vendor patches available for all affected platforms (iOS/iPadOS 18.7.9, 26.5; macOS Sonoma 14.8.7, Sequoia 15.7.7, Tahoe 26.5). The CVSS vector indicating AV:N/PR:N/UI:N suggests automatic exploitation without user interaction, which contradicts the description's 'parsing a file' language - verify whether this requires user action to open/download the file or if background processes parse untrusted files automatically.

Apple Memory Corruption Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in Apple's image processing subsystem allows remote unauthenticated attackers to read sensitive process memory across all major Apple platforms (iOS, macOS, tvOS, visionOS, watchOS). CVSS 7.5 indicates network-exploitable, no-interaction attack surface, yet EPSS score of 0.02% (7th percentile) suggests low observed exploitation activity. Vendor-released patches available for all affected platforms as of March 2026. No active exploitation confirmed (not in CISA KEV), but the network attack vector and broad platform impact warrant priority patching for Apple ecosystem deployments.

Apple Buffer Overflow
NVD
Prev Page 21 of 402 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
36137

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy