Skip to main content

Buffer Overflow

memory HIGH

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions.

How It Works

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions. This overwrites whatever data or code exists there, corrupting program state and potentially giving attackers control over execution flow.

Stack-based overflows are the most common variant. When a function allocates a fixed-size buffer on the stack and then copies user-controlled input without proper bounds checking, attackers can overflow past the buffer to overwrite the function's return address. When the function completes, instead of returning to legitimate code, execution jumps to attacker-specified memory containing malicious shellcode. Heap-based overflows work differently—they corrupt heap metadata like chunk size fields or free list pointers, leading to arbitrary memory writes when the allocator processes the corrupted structures.

Modern exploitation bypasses defensive mechanisms through techniques like Return-Oriented Programming (ROP), which chains together existing code snippets to avoid non-executable memory protections. Attackers may also use heap spraying to reliably position shellcode at predictable addresses, defeating address randomization.

Impact

  • Remote code execution — attacker gains ability to run arbitrary commands with the privileges of the vulnerable process
  • Privilege escalation — exploiting kernel or setuid program overflows to gain root/SYSTEM access
  • Denial of service — crashes and memory corruption that render systems unusable
  • Information disclosure — reading sensitive data from adjacent memory regions that should be inaccessible
  • Authentication bypass — overwriting security-critical variables like permission flags or user IDs

Real-World Examples

Fortinet FortiOS suffered a critical buffer overflow (CVE-2025-32756) that allowed unauthenticated remote attackers to execute code as root on firewalls and VPN gateways. Attackers actively exploited this to compromise enterprise network perimeters before patches were available.

The Slammer worm from 2003 exploited a stack overflow in Microsoft SQL Server, spreading to 75,000 hosts in ten minutes by sending a single malformed UDP packet that overwrote the return address with shellcode. No authentication was required.

OpenSSH historically contained a heap overflow in challenge-response authentication that allowed pre-authentication remote root compromise on Unix systems, demonstrating how memory corruption in privileged network services creates maximum impact scenarios.

Mitigation

  • Memory-safe languages — Rust, Go, and modern managed languages prevent buffer overflows by design through automatic bounds checking
  • Stack canaries — random values placed before return addresses that detect corruption before control transfer
  • Address Space Layout Randomization (ASLR) — randomizes memory locations making exploitation less reliable
  • Data Execution Prevention (DEP/NX) — marks memory regions as non-executable, preventing direct shellcode execution
  • Bounds checking — validate input sizes before copying, use safe functions like strncpy instead of strcpy
  • Fuzzing and static analysis — automated testing to discover overflows before deployment

Recent CVEs (36139)

EPSS 0% CVSS 7.5
HIGH This Week

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minnify.

Buffer Overflow Text
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to achieve code execution via crafted requests to the /goform/WrlclientSet endpoint. The vulnerability exists in the fromWrlclientSet function of the httpd component. Public exploit code is available on GitHub, increasing practical exploitation risk despite requiring low-privilege authentication (CVSS 7.4, EPSS data not provided).

Buffer Overflow Tenda
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted HTTP requests to the /goform/Natlimit endpoint. Public exploit code exists on GitHub (Litengzheng/vuldb_new), demonstrating practical exploitability. EPSS data unavailable, but with POC published and AV:N/AC:L indicating straightforward network exploitation, this poses significant risk to internet-exposed router management interfaces with weak or default credentials.

Buffer Overflow Tenda
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to trigger buffer overflow via crafted mit_linktype parameter to /goform/QuickIndex endpoint in httpd service. Public exploit code exists on GitHub (Litengzheng/vuldb_new), enabling memory corruption with high impact to confidentiality, integrity, and availability. CVSS 7.4 reflects low attack complexity with network access requiring only low-privilege authentication. No vendor patch identified at time of analysis.

Buffer Overflow Tenda
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Remote authenticated attackers can execute arbitrary code on Tenda F456 router version 1.0.0.5 via buffer overflow in the DhcpListClient function of the httpd component. Exploitation requires low-privilege HTTP authentication and targets the web management interface. A public proof-of-concept exploit exists on GitHub (Litengzheng/vuldb_new), enabling straightforward weaponization. EPSS data unavailable, but the combination of remote attack vector, low complexity (AC:L), and publicly disclosed exploit code indicates elevated real-world exploitation risk for internet-exposed devices with default or weak credentials.

Buffer Overflow Tenda
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to compromise the device via buffer overflow in the httpd web management interface. Exploitation requires low-privilege credentials but enables complete device takeover (CVSS 7.4). A public proof-of-concept exploit exists on GitHub, significantly lowering the barrier to active exploitation despite requiring authentication.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Remote authenticated buffer overflow in Tenda F456 1.0.0.5 httpd allows attackers to compromise router integrity and availability via crafted WrlExtraSet requests. Exploitation occurs through the formWrlExtraSet function when manipulating the 'Go' parameter at /goform/WrlExtraSet endpoint. Public exploit code is available on GitHub (Litengzheng/vuldb_new), enabling straightforward weaponization. CVSS 7.4 (High) with CVSS v4.0 Exploit Maturity: Proof-of-Concept confirms exploitability. While requiring low-privilege authentication (PR:L), the network attack vector (AV:N) and low complexity (AC:L) make this accessible to remote attackers with basic router credentials, commonly obtained via credential stuffing or default password exploitation.

Buffer Overflow Tenda
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Remote authenticated buffer overflow in Tenda F456 1.0.0.5 router allows complete device compromise via the DHCP server configuration handler. A low-privileged attacker can send a crafted HTTP request with malicious 'dips' parameter to /goform/GstDhcpSetSer, triggering a buffer overflow in the httpd service that enables arbitrary code execution with full system control. Public exploit code is available on GitHub (EPSS exploitation probability data not provided, not listed in CISA KEV at time of analysis).

Buffer Overflow Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Buffer overflow in Moxa Secure Router's HTTPS management interface allows unauthenticated remote attackers to crash the web service via specially crafted requests with malformed length parameters. Exploitation causes denial-of-service requiring device reboot, with no confidentiality or integrity impact. CVSS 8.7 reflects high availability impact to the vulnerable component only. No public exploit code identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).

Buffer Overflow
NVD
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve full device compromise through the PPTP user management interface. The vulnerability exists in the fromPPTPUserSetting function within the httpd component, exploitable via manipulation of the 'delno' parameter sent to /goform/PPTPUserSetting. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing or widespread exploitation has been confirmed at time of analysis.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.0
HIGH This Week

A race condition in WinFsp enables local privilege escalation to SYSTEM through kernel heap overflow. Authenticated local attackers with low privileges can exploit this timing vulnerability to corrupt kernel memory and execute code at the highest privilege level. Patch available in WinFsp v2.2B1 per vendor release notes. EPSS data not available; no CISA KEV listing indicates exploitation not yet confirmed in the wild, though the vulnerability affects a Windows kernel-mode driver used for file system development.

Buffer Overflow Race Condition Winfsp
NVD GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to compromise device integrity and confidentiality via buffer overflow in the WAN configuration interface. The vulnerability exploits the fromAdvSetWan function's improper handling of the wanmode parameter, enabling complete device takeover. Public exploit code exists on GitHub (Litengzheng/vuldb_new), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network attack vector, low complexity (AC:L), and publicly available POC makes this a realistic threat to exposed management interfaces.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 router version 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSetIpBind function of the httpd daemon's /goform/SetIpBind endpoint, exploitable via malformed 'page' parameter input. Public exploit code exists on GitHub (Litengzheng/vuldb_new), elevating real-world risk despite requiring low-privilege authentication (CVSS 7.4, EPSS data not provided, not in CISA KEV at time of analysis).

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH Monitor

Stack-based buffer overflow in D-Link DIR-825 firmware 3.00b32's nmbd NetBIOS service allows adjacent network attackers to achieve complete device compromise without authentication. Public exploit code exists (SSVC: POC confirmed), though EPSS probability remains low (0.03%, 7th percentile) indicating limited observed exploitation attempts. This vulnerability affects end-of-life hardware no longer receiving vendor security updates, creating permanent risk for deployed devices.

Buffer Overflow D-Link
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC Monitor

Buffer overflow in D-Link DIR-825 router's miniupnpd service allows authenticated adjacent network attackers to achieve complete device compromise through malicious UPnP SOAP requests. Affects DIR-825 firmware versions up to 3.00b32, which D-Link no longer supports. Public exploit code exists (CVSS:4.0 7.3 High), but EPSS probability remains low at 0.03% (7th percentile), suggesting limited real-world exploitation activity. Remediation options are constrained as the product has reached end-of-life status.

Buffer Overflow D-Link
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 enables remote authenticated attackers to achieve arbitrary code execution via crafted HTTP requests to the /goform/setcfm endpoint in the httpd service. The vulnerability affects the funcname and funcpara1 parameters and has a publicly available exploit on GitHub, significantly lowering the barrier for exploitation. CVSS v4.0 base score of 7.4 reflects high confidentiality, integrity, and availability impact with low attack complexity, though the requirement for low-privilege authentication provides some defense. No vendor patch has been identified for this IoT router vulnerability.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the SafeUrlFilter functionality of the httpd web server component, triggered by manipulating the 'page' parameter. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing or widespread exploitation has been confirmed at time of analysis.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to overflow buffers in the httpd service via crafted menufacturer/Go parameters to the VirtualSer endpoint. Public exploit code exists on GitHub (Litengzheng/vuldb_new), enabling attackers with low-privilege credentials to achieve complete system compromise. While CVSS rates this 7.4 (High) with network attack vector and low complexity, the requirement for authentication (PR:L) moderates real-world risk compared to unauthenticated RCE - priority depends on whether default credentials are documented or credential stuffing is viable against target deployments.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code via malformed PPTP client parameters. The vulnerability resides in the fromPptpUserAdd function of the httpd web server component, specifically through manipulation of the opttype/usernamewith arguments. Public exploit code is available on GitHub, significantly lowering the barrier for exploitation against internet-exposed Tenda F456 devices with default or weak administrative credentials.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 router firmware version 1.0.0.5 enables authenticated remote attackers to achieve complete system compromise via crafted HTTP requests to the /goform/L7Prot endpoint. The vulnerability affects the frmL7ProtForm function in the httpd component, triggered by malicious 'page' parameter manipulation. Public exploit code exists on GitHub (Litengzheng/vuldb_new), significantly lowering the barrier to exploitation despite requiring low-privilege authentication (PR:L). CVSS 7.4 reflects high confidentiality, integrity, and availability impact with network attack vector and low complexity.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wansview
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Central Management Software
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Cewe Photoshow
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Prime95
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Restorator
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Project64
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Easyboot
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Softdisk
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Stylewriter
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Drive Power Manager
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Easy Photoresq
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Fathom
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Hd Tune Pro
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Ismartviewpro
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Icash
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Infiltrator Network Security Scanner
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Picajet Fx
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Pixgps
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Roboimport
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Faleemi Plus
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Crossfont
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Transmac
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Faleemi Desktop Software
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14 allows authenticated remote attackers to execute arbitrary code via crafted HTTP requests to the /goform/WrlclientSet endpoint. The vulnerability resides in the fromWrlclientSet function of the httpd component, triggered by malicious 'Go' parameter input. Publicly available proof-of-concept exploit code increases immediate exploitation risk for exposed devices. EPSS data not provided, but public POC and low attack complexity (AC:L) indicate elevated real-world risk despite authentication requirement (PR:L).

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14(408) allows authenticated remote attackers to execute arbitrary code via crafted 'Go' parameter to the /goform/WrlExtraSet endpoint in the httpd service. A public proof-of-concept exploit exists (GitHub), enabling reliable exploitation despite low attack complexity. CVSS 7.4 (High) severity reflects significant impact potential, though exploitation requires valid user credentials (PR:L), limiting mass-scale attacks to scenarios where default/weak credentials are common in Tenda routers.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve high-impact compromise of device confidentiality, integrity, and availability through crafted input to the SafeClientFilter function. A proof-of-concept exploit has been published on GitHub, increasing the likelihood of exploitation attempts against exposed management interfaces. While authentication is required (PR:L), the low attack complexity (AC:L) and network accessibility (AV:N) make this exploitable by attackers with basic router credentials.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 wireless router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution through the SafeEmailFilter function. The vulnerability requires low-privilege authentication but enables complete system compromise (confidentiality, integrity, and availability impact all rated High). A public exploit has been published on GitHub, significantly lowering the barrier for exploitation, though no CISA KEV listing or EPSS data indicates the attack remains targeted rather than widespread at this time.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 router version 1.0.0.5 allows authenticated remote attackers to achieve complete device compromise via crafted HTTP requests to the /goform/SafeMacFilter endpoint. The vulnerability resides in the fromSafeMacFilter function's improper validation of the 'page' parameter. Public exploit code is available on GitHub, significantly lowering the technical barrier for exploitation. CVSS 7.4 (High) reflects the network attack vector and high impact across confidentiality, integrity, and availability, though exploitation requires low-privilege authentication.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in Tenda F456 router firmware version 1.0.0.5 allows authenticated attackers to crash the device or execute arbitrary code via buffer overflow in the RouteStatic configuration handler. The vulnerability targets the 'page' parameter in /goform/RouteStatic endpoint and requires only low-privilege authentication (CVSS PR:L). A publicly available proof-of-concept exploit exists on GitHub, significantly lowering the technical barrier for exploitation. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low attack complexity (AC:L) and network-based attack vector (AV:N).

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to execute arbitrary code or crash the device by sending malformed HTTP requests to the /goform/addressNat endpoint. The vulnerability exists in the fromaddressNat function and is actively exploitable with publicly available proof-of-concept code. CVSS 7.4 with low attack complexity indicates straightforward exploitation once authenticated, while EPSS data (if available) would contextualize real-world exploitation likelihood beyond the confirmed POC availability.

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to crash the device or execute arbitrary code via buffer overflow in the fromP2pListFilter function. Exploitation requires low-privilege authentication (PR:L) and is network-accessible (AV:N) with low attack complexity (AC:L). Publicly available exploit code exists (CVSS E:P), significantly lowering the barrier to exploitation. EPSS data not provided, but public POC availability and router attack surface suggest moderate real-world risk for exposed management interfaces.

Buffer Overflow Tenda
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote authenticated attackers can execute arbitrary code on Tenda HG10 routers (firmware HG7_HG9_HG10re_300001138_en_xpon) by sending a malformed 'nextHop' parameter to the /boaform/formRouting endpoint in the Boa web service. This buffer overflow vulnerability has publicly available exploit code on GitHub and is rated 8.8 (High) with low attack complexity. EPSS data unavailable; not currently listed in CISA KEV. Successful exploitation requires only low-privilege authentication and grants full device compromise (confidentiality, integrity, and availability impact).

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packet_len bytes, while a later packet can still be selected for aggregation. Appending in this case can hit skb_put overflow conditions. Reject aggregation when the target skb tailroom cannot accommodate the new packet. The caller then falls back to creating a new forward packet instead of appending.

Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_netem: fix out-of-bounds access in packet corruption In netem_enqueue(), the packet corruption logic uses get_random_u32_below(skb_headlen(skb)) to select an index for modifying skb->data. When an AF_PACKET TX_RING sends fully non-linear packets over an IPIP tunnel, skb_headlen(skb) evaluates to 0. Passing 0 to get_random_u32_below() takes the variable-ceil slow path which returns an unconstrained 32-bit random integer. Using this unconstrained value as an offset into skb->data results in an out-of-bounds memory access. Fix this by verifying skb_headlen(skb) is non-zero before attempting to corrupt the linear data area. Fully non-linear packets will silently bypass the corruption logic.

Buffer Overflow Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Out-of-bounds memory read in Deskflow's clipboard deserialization allows authenticated remote peers to crash the application or potentially leak memory contents. The vulnerability affects versions prior to 1.26.0.138 and stems from insufficient validation of clipboard data structure during network transfer between connected machines. A malicious peer on the shared keyboard/mouse network can exploit this by sending specially crafted clipboard updates. CVSS 7.4 reflects network-based attack with low complexity requiring authenticated peer connection. No public exploit identified at time of analysis, though proof-of-concept code exists (CVSS E:P).

Buffer Overflow Deserialization Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote attackers can crash BACnet Stack-powered embedded devices (versions prior to 1.4.3) by sending malformed ReadPropertyMultiple (RPM) requests containing a 1-byte property payload with an extended tag marker (0xF9). The vulnerability triggers an out-of-bounds read in the RPM service decoder, causing denial-of-service on industrial building automation systems that use this open-source C library. Affects default configurations where ReadPropertyMultiple service is enabled. EPSS data and KEV status not available; no public exploit confirmed at time of analysis, though GitHub security advisory provides technical details that could facilitate reproduction.

Buffer Overflow Information Disclosure Bacnet Stack
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial of service in BACnet Stack library versions before 1.4.3 allows unauthenticated attackers to crash embedded building automation devices by sending a malformed ReadPropertyMultiple request with a truncated object identifier. The off-by-one buffer read vulnerability triggers crashes on resource-constrained BACnet devices running the default-enabled RPM service handler. CVSS v4.0 scores this 8.7 (High) based on network attack vector and high availability impact, though no public exploit code or active exploitation has been identified at time of analysis.

Buffer Overflow Information Disclosure Bacnet Stack
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Out-of-bounds read in BACnet Stack library versions before 1.4.3 allows unauthenticated remote attackers to crash embedded BACnet devices or disclose memory contents by sending malformed WritePropertyMultiple (WPM) service requests over BACnet/IP. The flaw affects building automation and industrial control systems using the vulnerable C library. No public exploit identified at time of analysis, though the CVSS v4.0 score of 8.7 reflects high availability impact and network-accessible attack surface with low complexity.

Buffer Overflow Information Disclosure Bacnet Stack
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in arduino-esp32's NBNS packet handler allows adjacent network attackers to achieve remote code execution on ESP32-family microcontrollers without authentication. Affects all versions prior to 3.3.8 when NetBIOS is explicitly enabled via NBNS.begin(). The parser trusts attacker-controlled name_len field from UDP port 137 traffic, writing unbounded data to fixed-size buffers. EPSS data not available, no CISA KEV listing, but GitHub security advisory confirms the vulnerability with patch released in version 3.3.8.

Buffer Overflow Stack Overflow Arduino Esp32
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Integer overflow in PJSIP 2.16 and earlier enables remote unauthenticated attackers to trigger memory corruption or application crashes via malicious SDP packets with asymmetric ptime values. The vulnerability causes undersized buffer allocation during media stream processing, creating conditions for memory corruption with potential code execution or denial of service. Fixed in version 2.17 with no public exploit identified at time of analysis, though CVSS 8.1 and network attack vector indicate significant risk for internet-facing VoIP/multimedia applications.

Buffer Overflow Integer Overflow Pjproject
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This vulnerability is fixed in 2.17.

Buffer Overflow Information Disclosure Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Integer overflow in Zserio serialization framework versions before 2.18.1 enables remote denial of service via network-accessible deserialization endpoints. Attackers can send crafted serialized data that triggers arithmetic overflow in BitStreamReader's setBitPosition() bounds check, causing the parser to read 512 MB from a buffer only a few bytes long and crash the process with segmentation fault. EPSS data not available, no active exploitation confirmed, but remote unauthenticated attack vector (CVSS AV:N/PR:N) makes this immediately exploitable against any application accepting untrusted Zserio-serialized input over network interfaces.

Buffer Overflow Integer Overflow Zserio
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Buffer overflow in rust-openssl 0.9.24 through 0.10.77 allows remote unauthenticated attackers to trigger memory corruption via crafted PSK (Pre-Shared Key) or cookie callback responses. The FFI trampolines in SslContextBuilder fail to validate closure-returned buffer sizes against allocated memory regions before passing values to OpenSSL, enabling out-of-bounds writes. Patch released in version 0.10.78. SSVC framework indicates no active exploitation detected, non-automatable attack requiring precise timing conditions (CVSS AT:P), with partial technical impact limited to confidentiality breach and minor availability disruption.

Buffer Overflow OpenSSL Rust Openssl
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

OpenPrinting CUPS before version 2.4.17 allows network-adjacent attackers to read up to 176 bytes of stack memory via a crafted SNMP response sent to the CUPS SNMP backend, with leaked data visible to authenticated users through IPP Get-Printer-Attributes responses and the web interface. The vulnerability requires adjacency on the network but no authentication, making it a low-severity information disclosure risk in environments where SNMP-enabled printers are accessible from untrusted networks.

Buffer Overflow Information Disclosure Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Integer underflow in Linux kernel stmmac network driver allows kernel memory disclosure and potential corruption via crafted network packets. The flaw occurs in chain mode jumbo frame handling when packets have small linear data but large total length from page fragments, causing buffer offset calculations to wrap to ~0xFFFFxxxx. This triggers massive loop iterations that DMA-map arbitrary kernel memory to the network hardware. On typical stmmac deployments (IOMMU-less embedded SoCs), attackers can remotely read kernel memory contents and potentially corrupt memory through hardware DMA operations. EPSS exploitation probability is low (0.02%) with no confirmed active exploitation, but CVSS 9.8 reflects the theoretical remote unauthenticated attack surface. Vendor patches available across all supported stable kernel branches (5.10.253, 5.15.203, 6.1.169, 6.6.135, 6.12.82, 6.18.23, 6.19.13, 7.0).

Buffer Overflow Linux Integer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap buffer overflow in Linux kernel rxrpc subsystem allows local authenticated users to trigger memory corruption via crafted RxGK tokens. Exploitable through unprivileged add_key() system call when raw key/ticket lengths >= 0xfffffffd cause integer wraparound in round_up(), bypassing bounds checks while memcpy() copies up to 4 GiB into zero-sized heap allocation. Vendor patches available for stable branches 6.18.23, 6.19.13, and mainline 7.0. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability despite local privilege escalation potential with CVSS 7.8.

Buffer Overflow Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Out-of-bounds read in Linux kernel's rxrpc rxgk authentication handler allows remote unauthenticated attackers to trigger information disclosure and denial of service via malformed RESPONSE authenticator packets. The vulnerability stems from incorrect pointer arithmetic in rxgk_verify_authenticator() that inflates the parser boundary check by a factor of four, allowing reads beyond kmalloc() buffer boundaries. Vendor patches available for kernel versions 6.18.23, 6.19.13, and 7.0. EPSS score of 0.02% (4th percentile) suggests low observed exploitation probability despite network attack vector, though KASAN reports confirm reproducibility.

Buffer Overflow Linux Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Linux kernel's rxrpc rxgk_verify_response() function allows remote unauthenticated attackers to bypass length validation checks and potentially achieve arbitrary code execution. The vulnerability exists in the rxrpc protocol implementation where token_len rounding occurs before validation, enabling buffer overflow conditions. With CVSS 9.8 (critical severity) and network attack vector requiring no authentication, this represents a significant exposure despite low EPSS score (0.02%, 4th percentile), suggesting limited real-world exploitation observed to date. Vendor patches are available across multiple stable kernel versions (6.18.23, 6.19.13, 7.0).

Buffer Overflow Linux Integer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Buffer overread in Linux kernel's rxgk_do_verify_authenticator() function allows remote unauthenticated attackers to trigger information disclosure and high-availability denial of service through network-accessible RxGK authentication handling. The vulnerability stems from improper buffer size validation before nonce verification in the RxRPC subsystem. Patches are available from the Linux kernel stable tree (versions 6.19.13, 6.18.23, and 7.0). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability, and no active exploitation or public POC has been identified. Despite the high CVSS base score of 8.2, real-world risk appears limited to environments using RxRPC with RxGK authentication.

Linux Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Shift-out-of-bounds vulnerability in Linux kernel HID core driver allows local authenticated attackers to cause denial of service via crafted HID device report descriptors with oversized fields that trigger undefined bit-shift operations in the s32ton() function. A malicious or malfunctioning HID device can supply a report_size value up to 256, causing shifts on 32-bit integers with exponents exceeding safe limits, crashing the kernel or triggering undefined behavior. CVSS 5.5 reflects local-only attack vector with low complexity and requirement for user/driver privileges to process HID output reports.

Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via skb_shared_info->frags[] buffer overflow in the CDC Phonet USB driver allows local attackers with USB device access to crash the kernel by sending unbounded sequences of full-page bulk transfers. A malicious or compromised USB modem device can trigger this overflow without authentication or user interaction. The vulnerability has a low EPSS score (0.02%) despite moderate CVSS (5.5), indicating exploitation requires specific local USB hardware control.

Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Linux kernel NFC-A digital target driver allows adjacent-network attackers to corrupt memory and potentially execute code. A malicious NFC peer device can trigger unbounded cascade loops during anti-collision protocol, writing beyond the 10-byte nfcid1 buffer with each iteration. EPSS score of 0.02% (5th percentile) indicates low likelihood of mass exploitation, but the adjacent attack vector (AV:A) limits exposure to proximity-based attacks. Vendor patches available across multiple stable kernel branches (6.12.83, 6.18.24, 6.19.14, 7.0.1). No active exploitation confirmed (not in CISA KEV); no public exploit identified at time of analysis.

Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer underflow in the Linux kernel's USB NCM gadget driver allows a malicious USB host to bypass buffer boundary checks and copy adjacent kernel memory into network packet buffers. The vulnerability exists in ncm_unwrap_ntb() where block_len values smaller than the NDP size cause unsigned integer underflow in bounds validation, enabling out-of-bounds memory read and potential information disclosure. Affected versions prior to Linux 6.12.83, 6.18.24, 6.19.14, and 7.0.1 require patching; exploitation requires local USB device attachment or administrative USB gadget configuration.

Buffer Overflow Linux Integer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory corruption via skb fragment array overflow in the USB Phonet gadget driver allows local attackers with device-level USB host capabilities to cause denial of service. The vulnerability exists in pn_rx_complete() which fails to enforce the MAX_SKB_FRAGS limit when processing unbounded full-page OUT transfers, causing heap memory corruption adjacent to the skb_shared_info structure. A malicious or misconfigured USB host sending continuous PAGE_SIZE byte transfers triggers the flaw in gadgets exposing the Phonet function, confirmed fixed in Linux 6.12.83, 6.18.24, 6.19.14, and 7.0.1.

Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in check_wsl_eas() The bounds check uses (u8 *)ea + nlen + 1 + vlen as the end of the EA name and value, but ea_data sits at offset sizeof(struct smb2_file_full_ea_info) = 8 from ea, not at offset 0. The strncmp() later reads ea->ea_data[0..nlen-1] and the value bytes follow at ea_data[nlen+1..nlen+vlen], so the actual end is ea->ea_data + nlen + 1 + vlen. Isn't pointer math fun? The earlier check (u8 *)ea > end - sizeof(*ea) only guarantees the 8-byte header is in bounds, but since the last EA is placed within 8 bytes of the end of the response, the name and value bytes are read past the end of iov. Fix this mess all up by using ea->ea_data as the base for the bounds check. An "untrusted" server can use this to leak up to 8 bytes of kernel heap into the EA name comparison and influence which WSL xattr the data is interpreted as.

Buffer Overflow Information Disclosure Linux +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds heap read in Linux kernel SMB client allows malicious SMB servers to leak kernel memory to userspace via crafted symlink error responses. When processing STATUS_STOPPED_ON_SYMLINK errors in SMB 3.1.1, inadequate bounds checking in smb2_check_message() and symlink_data() allows server-controlled ErrorDataLength values to trigger reads beyond buffer boundaries. The leaked heap bytes are UTF-16-decoded into the symlink target and exposed through readlink(2) syscalls (confidentiality impact), with potential for denial-of-service through memory corruption (availability impact). CVSS 8.1 (High) requires user interaction. EPSS score is very low at 0.02% (5th percentile), indicating minimal observed exploitation activity. Patches available in kernel versions 6.18.24, 6.19.14, and 7.0.1.

Buffer Overflow Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in Linux kernel USB/IP client allows malicious USB/IP servers to execute arbitrary code with kernel privileges via crafted RET_SUBMIT responses. A rogue server can specify a larger number_of_packets value than originally submitted, causing out-of-bounds writes when processing isochronous USB transfers. Patched in kernel versions 6.12.83, 6.18.24, 6.19.14, and 7.0.1. EPSS score of 0.02% (5th percentile) suggests low probability of widespread exploitation despite CVSS 9.8 criticality, indicating this is primarily a risk in environments using USB/IP with untrusted servers rather than a general internet-facing threat.

Buffer Overflow Linux Memory Corruption
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION Drop the WARN in sev_pin_memory() on npages overflowing an int, as the WARN is comically trivially to trigger from userspace, e.g. by doing: struct kvm_enc_region range = { .addr = 0, .size = -1ul, }; __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &range); Note, the checks in sev_mem_enc_register_region() that presumably exist to verify the incoming address+size are completely worthless, as both "addr" and "size" are u64s and SEV is 64-bit only, i.e. they _can't_ be greater than ULONG_MAX. That wart will be cleaned up in the near future. if (range->addr > ULONG_MAX || range->size > ULONG_MAX) return -EINVAL; Opportunistically add a comment to explain why the code calculates the number of pages the "hard" way, e.g. instead of just shifting @ulen.

Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds heap write in Linux kernel CAN gateway CRC8 checksum processing allows adjacent network attackers to corrupt kernel memory and potentially achieve code execution. The cgw_csum_crc8_rel() function in the CAN gateway subsystem uses raw negative index values instead of bounds-checked variables when accessing canfd_frame data, enabling writes up to 56 bytes before the heap object. Exploitation requires CAP_NET_ADMIN capability to configure CAN gateway CRC8 checksums. EPSS exploitation probability is very low (0.02%, 7th percentile) and no active exploitation has been reported. Vendor patches available across multiple kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0).

Buffer Overflow Linux Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Out-of-bounds memory access in Linux Kernel's KVM subsystem for LoongArch architecture allows local authenticated attackers with low privileges to read limited kernel memory and cause system crashes. The vulnerability stems from improper handling of empty EIOINTC coremap values in eiointc_update_sw_coremap(), resulting in invalid array indexing into kvm_arch::phyid_map::phys_map[]. While CVSS rates this 7.3 HIGH, the EPSS score of 0.02% (4th percentile) indicates minimal real-world exploitation activity. No active exploitation (not in CISA KEV) or public POC has been identified. Vendor patches are available across multiple stable kernel branches (6.18.21, 6.19.11, 7.0, and mainline).

Buffer Overflow Linux Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure storage access fixups for donated memory There are special cases where secure storage access exceptions happen in a kernel context for pages that don't have the PG_arch_1 bit set. That bit is set for non-exported guest secure storage (memory) but is absent on storage donated to the Ultravisor since the kernel isn't allowed to export donated pages. Prior to this patch we would try to export the page by calling arch_make_folio_accessible() which would instantly return since the arch bit is absent signifying that the page was already exported and no further action is necessary. This leads to secure storage access exception loops which can never be resolved. With this patch we unconditionally try to export and if that fails we fixup.

Buffer Overflow Information Disclosure Linux +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds array access in Linux kernel KVM subsystem on LoongArch allows local authenticated attackers with low privileges to execute arbitrary code, escalate privileges, or cause denial of service by passing negative cpuid values to kvm_get_vcpu_by_cpuid(). The function lacks bounds checking before indexing phyid_map::phys_map[], enabling read/write beyond array boundaries with container escape potential (CVSS scope change). Vendor patches available across multiple stable kernel branches (6.12.80, 6.18.21, 6.19.11). EPSS score of 0.02% indicates low automated exploitation likelihood, with no confirmed active exploitation or public POC at time of analysis.

Buffer Overflow Linux Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Invalid memory access in Open vSwitch conntrack FTP application-level gateway allows remote attackers to trigger a denial of service via crafted FTP traffic, affecting versions prior to a security patch. The vulnerability requires high attack complexity but can be exploited without authentication over the network, resulting in service unavailability rather than data compromise.

Buffer Overflow Red Hat Suse
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in libXpm's xpmNextWord() parser function can be triggered by a local attacker with low privileges, crashing any X11 application that processes a maliciously crafted XPM image file, resulting in a denial of service. The vulnerability was disclosed via the oss-security mailing list on 2026-04-21 by X.Org and is tracked under CWE-125. No public exploit code or CISA KEV listing has been identified at time of analysis, and the EPSS score was not provided in available intelligence.

Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unchecked directory name buffer in Delta Electronics AS320T enables remote code execution without authentication. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms this is a remotely exploitable stack buffer overflow (CWE-121) requiring no user interaction or credentials. Delta Electronics disclosed this vulnerability in security advisory PCSA-2026-00006, affecting an industrial automation product. No EPSS score or KEV status available at time of analysis, but the trivial exploitation requirements (network accessible, no authentication, low complexity) present immediate risk to exposed AS320T devices.

Buffer Overflow Stack Overflow As320T
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in Delta Electronics AS320T allows unauthenticated network attackers to exploit an unchecked buffer overflow in filename processing to execute arbitrary code with high impact to confidentiality, integrity, and availability. The CVSS 9.8 critical score reflects network-accessible attack surface with no authentication or user interaction required. No EPSS or KEV data available at time of analysis, but vendor advisory confirms multiple related vulnerabilities affecting the same product line.

Buffer Overflow Stack Overflow As320T
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Out-of-bounds read and write in OP-TEE OS PKCS#11 Trusted Application (versions 3.13.0-4.10.0) allows authenticated local attackers with low privileges to read up to 7 bytes beyond heap boundaries and write arbitrary attribute values outside allocated buffers, potentially compromising the integrity and confidentiality of the Trusted Execution Environment. The vulnerability affects Arm TrustZone-based TEE implementations running alongside Linux kernels on Cortex-A cores. Patches available in three upstream commits targeting version 4.11.0. EPSS data not provided; no CISA KEV status indicating targeted rather than widespread exploitation. CVSS 8.7 reflects high confidentiality/integrity impact with scope change, representing potential TEE compromise from the normal world.

Buffer Overflow Information Disclosure Linux
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.

Buffer Overflow Information Disclosure Denial Of Service +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.

Buffer Overflow Denial Of Service Red Hat Enterprise Linux 10 +4
NVD VulDB
Prev Page 26 of 402 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
36139

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy