Skip to main content

Buffer Overflow

memory HIGH

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions.

How It Works

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions. This overwrites whatever data or code exists there, corrupting program state and potentially giving attackers control over execution flow.

Stack-based overflows are the most common variant. When a function allocates a fixed-size buffer on the stack and then copies user-controlled input without proper bounds checking, attackers can overflow past the buffer to overwrite the function's return address. When the function completes, instead of returning to legitimate code, execution jumps to attacker-specified memory containing malicious shellcode. Heap-based overflows work differently—they corrupt heap metadata like chunk size fields or free list pointers, leading to arbitrary memory writes when the allocator processes the corrupted structures.

Modern exploitation bypasses defensive mechanisms through techniques like Return-Oriented Programming (ROP), which chains together existing code snippets to avoid non-executable memory protections. Attackers may also use heap spraying to reliably position shellcode at predictable addresses, defeating address randomization.

Impact

  • Remote code execution — attacker gains ability to run arbitrary commands with the privileges of the vulnerable process
  • Privilege escalation — exploiting kernel or setuid program overflows to gain root/SYSTEM access
  • Denial of service — crashes and memory corruption that render systems unusable
  • Information disclosure — reading sensitive data from adjacent memory regions that should be inaccessible
  • Authentication bypass — overwriting security-critical variables like permission flags or user IDs

Real-World Examples

Fortinet FortiOS suffered a critical buffer overflow (CVE-2025-32756) that allowed unauthenticated remote attackers to execute code as root on firewalls and VPN gateways. Attackers actively exploited this to compromise enterprise network perimeters before patches were available.

The Slammer worm from 2003 exploited a stack overflow in Microsoft SQL Server, spreading to 75,000 hosts in ten minutes by sending a single malformed UDP packet that overwrote the return address with shellcode. No authentication was required.

OpenSSH historically contained a heap overflow in challenge-response authentication that allowed pre-authentication remote root compromise on Unix systems, demonstrating how memory corruption in privileged network services creates maximum impact scenarios.

Mitigation

  • Memory-safe languages — Rust, Go, and modern managed languages prevent buffer overflows by design through automatic bounds checking
  • Stack canaries — random values placed before return addresses that detect corruption before control transfer
  • Address Space Layout Randomization (ASLR) — randomizes memory locations making exploitation less reliable
  • Data Execution Prevention (DEP/NX) — marks memory regions as non-executable, preventing direct shellcode execution
  • Bounds checking — validate input sizes before copying, use safe functions like strncpy instead of strcpy
  • Fuzzing and static analysis — automated testing to discover overflows before deployment

Recent CVEs (36140)

EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.

Buffer Overflow Denial Of Service Red Hat Enterprise Linux 10 +4
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Libgcrypt before version 1.12.2 contains a bounds-check vulnerability in Dilithium signing operations where writes to a static array lack proper bounds validation, potentially causing memory corruption and integrity loss. The vulnerability affects local attackers with non-privileged access on systems running vulnerable versions 1.12.0 and 1.12.1. While the vulnerability does not involve attacker-controlled data in the array writes themselves, the missing bounds check creates an integrity and availability risk through uncontrolled memory modification.

Buffer Overflow Memory Corruption Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Heap-based buffer overflow in Libgcrypt before 1.12.2 allows local attackers to trigger denial of service and corrupt memory via crafted ECDH ciphertext passed to gcry_pk_decrypt, affecting cryptographic operations in dependent applications including GnuPG. No public exploit code or active exploitation has been identified at time of analysis; vendor has released patched versions 1.10.4, 1.11.3, and 1.12.2 to resolve the vulnerability.

Buffer Overflow Memory Corruption Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Memory corruption in rust-openssl's key derivation functions allows heap or stack buffer overflow when applications pass undersized buffers to Deriver::derive or PkeyCtxRef::derive on OpenSSL 1.1.x. The vulnerability affects X25519, X448, DH, and HKDF-extract operations where OpenSSL ignores the caller-specified buffer length and unconditionally writes the full shared secret, causing safe Rust code to trigger memory corruption. Vendor patch available in v0.10.78; OpenSSL 3.x deployments are not affected as newer providers correctly validate buffer lengths.

Buffer Overflow OpenSSL
NVD GitHub VulDB
EPSS 0% CVSS 1.7
LOW PATCH Monitor

Buffer over-read in rust-openssl's password callback APIs allows information disclosure when a user-supplied callback returns a value larger than the provided buffer. The vulnerability affects rust-openssl bindings to OpenSSL 1.x and 2.x; OpenSSL 3.x implementations are not vulnerable. An attacker who controls the password callback can read sensitive data from adjacent memory regions.

Buffer Overflow Information Disclosure OpenSSL
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Out-of-bounds memory write in rust-openssl's AES key unwrap function allows attackers who control buffer sizes to corrupt memory via safe API misuse. The aes::unwrap_key() function contains an inverted bounds assertion that accepts undersized output buffers and rejects correctly sized ones, causing the function to write beyond allocated memory by in_.len() - 8 - out.len() bytes. Vendor patch available via GitHub PR #2604 and commit 718d07ff, released in openssl-v0.10.78. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept at time of analysis, but the logic flaw is clearly documented in vendor advisory GHSA-8c75-8mhr-p7r9.

Buffer Overflow Memory Corruption
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Stack-based buffer overflow in rust-openssl's MdCtxRef::digest_final() allows safe Rust code to corrupt memory when EVP_DigestFinal() writes beyond the provided output buffer boundary. The vulnerability occurs when the output buffer is smaller than EVP_MD_CTX_size(ctx), causing EVP_DigestFinal() to write past the buffer end and corrupt stack memory. Vendor-released patch available in version 0.10.78 via GitHub commit 826c3888. No public exploit identified at time of analysis, but exploitable from memory-safe Rust code paths, violating Rust's safety guarantees.

Buffer Overflow Stack Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

OpenVPN's TLS handshake race condition exposes confidential packet data from prior handshake sessions to authenticated remote attackers, affecting versions before 2.6.20 in the 2.6.x branch and before 2.7.2 in the 2.7.x branch. The CWE-125 out-of-bounds read flaw scores 6.1 under CVSS 4.0 with High confidentiality and availability impacts, though the AC:H (High Complexity) rating reflects that successful exploitation requires winning a narrow timing window, limiting opportunistic mass exploitation. No public exploit code has been identified at time of analysis and this CVE is not listed in CISA KEV; vendor-released patches for both stable branches were published April 22, 2026.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Stack-based buffer overflow in Dell PowerProtect Data Domain DD OS allows remote unauthenticated attackers to execute arbitrary commands on vulnerable appliances. Affects Feature Release versions 7.7.1.0-8.6, LTS2025 (8.3.1.0-8.3.1.10), and LTS2024 (7.13.1.0-7.13.1.60). Despite network-accessible attack vector (AV:N/PR:N), high attack complexity (AC:H) indicates specialized exploit conditions. CISA SSVC framework rates exploitation as 'none' and automatable as 'no', suggesting manual, targeted exploitation rather than mass scanning. No active exploitation confirmed at time of analysis. Dell has released patches across all affected release tracks (DSA-2026-060).

Buffer Overflow Stack Overflow Dell
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively large string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Memory Corruption Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Authentication Bypass RCE +1
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Memory corruption in GNU Emacs SVG/CSS processing allows local attackers to trigger denial of service or information disclosure by convincing users to open specially crafted SVG files. The vulnerability requires user interaction (file opening) and local access, but results in significant impact including service disruption and potential data leakage through memory corruption exploitation.

Information Disclosure Denial Of Service Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

DNSdist is vulnerable to denial of service via out-of-bounds write when processing crafted UDP responses from a rogue backend server. An attacker controlling a backend DNS server can send a specially crafted UDP response with a query ID set off-by-one from the maximum configured value, triggering memory corruption that crashes the DNS forwarder. The CVSS score of 6.5 reflects network attack vector with high complexity and absence of confidentiality impact, though availability and integrity are affected.

Denial Of Service Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

dnsdist's Discovery of Designated Resolvers (DDR) upgrade mechanism allows a rogue backend to send a crafted SVCB response that causes a denial of service via availability impact when DDR is explicitly enabled through the autoUpgrade (Lua) or auto_upgrade (YAML) configuration options. The vulnerability requires adjacent network access and high complexity exploitation conditions, affecting only deployments that have manually enabled DDR functionality-a non-default configuration.

Information Disclosure Buffer Overflow Dnsdist
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Out-of-bounds memory read in dnsdist allows remote attackers to trigger information disclosure or denial of service when custom Lua code invokes getDomainListByAddress() or getAddressListByDomain() functions on a crafted packet cache entry. The vulnerability requires network access but has high attack complexity, limiting real-world exploitation despite the remote attack vector.

Buffer Overflow Information Disclosure Suse
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel CXL (Compute Express Link) subsystem allows local authenticated attackers to corrupt memory and potentially execute arbitrary code or cause kernel panics. The flaw occurs in cxl_detach_ep() during device removal when parent port references are freed prematurely, before child operations complete. Affects Linux kernel 6.3 through 7.0-rc5; patched in versions 6.12.80, 6.18.21, 6.19.11, and 7.0. EPSS score of 0.02% indicates low exploitation probability. No active exploitation or public exploit code identified at time of analysis.

Use After Free Linux Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds memory access in Linux kernel perf subsystem allows local authenticated attackers with low privileges to achieve high confidentiality, integrity, and availability impact. The vulnerability occurs when group_sched_in() fails during performance monitoring event handling and event inheritance uses the wrong PMU (Performance Monitoring Unit) context, leading to improper rollback and memory corruption. Despite high CVSS score (7.8), EPSS probability indicates very low real-world exploitation likelihood (0.02%, 5th percentile). Vendor patches available across multiple stable kernel branches (6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0) per git.kernel.org commit references.

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Signed integer overflow in the Linux kernel's BPF interpreter enables local attackers with low privileges to achieve out-of-bounds memory access and potentially execute arbitrary code. The flaw occurs when the 32-bit signed division/modulo operations handle INT_MIN (0x80000000), causing the abs() macro to trigger undefined behavior that creates a mismatch between the verifier's abstract interpretation and the interpreter's runtime behavior. With an EPSS score of 0.02% and no confirmed active exploitation, the primary risk is to systems where unprivileged users can load BPF programs, though default kernel configurations typically restrict BPF to privileged users. Patches are available across multiple stable kernel branches (6.6.131, 6.12.80, 6.18.21, 6.19.11).

Buffer Overflow Linux Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak and out-of-bounds read in the asus_report_fixup() HID driver function allows local authenticated attackers with limited privileges to cause denial of service through memory exhaustion. The vulnerability affects the ASUS HID device driver across multiple Linux kernel versions, where kmemdup()-allocated buffers were not freed properly and an out-of-bounds read could access memory beyond the original descriptor size. A patch is available from Linux kernel maintainers switching to devm_kzalloc() for proper memory lifecycle management.

Buffer Overflow Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel module loader fails to validate ELF section index bounds in simplify_symbols(), causing kernel panic when processing modules with out-of-bounds st_shndx values such as SHN_XINDEX (0xffff). Local privileged attackers can crash the system by loading malformed or legitimately-crafted modules that exploit this missing bounds check, resulting in denial of service. The vulnerability affects all stable kernel versions from 2.6.12 through current releases; patches are available across multiple stable branches (5.15.203+, 6.1.168+, 6.6.131+, 6.12.80+, 6.18.21+, 6.19.11+, 7.0+).

Buffer Overflow Memory Corruption Linux
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Buffer over-read in Linux kernel Bluetooth L2CAP allows adjacent network attackers to disclose sensitive kernel memory and crash systems via malformed Enhanced Credit Based Connection Requests. Affects multiple stable kernel versions (6.12.x, 6.18.x, 6.19.x). Vendor patches available for all affected branches. EPSS score of 0.02% indicates low observed exploitation probability despite the network-adjacent attack vector and lack of required authentication. No public exploit identified at time of analysis.

Buffer Overflow Linux Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds memory write in Linux kernel iavf (Intel Adaptive Virtual Function) driver allows local authenticated attackers with low privileges to achieve high confidentiality, integrity, and availability impact via race condition during concurrent ethtool operations. The vulnerability stems from inconsistent use of queue counters (real_num_tx_queues vs num_active_queues vs num_tx_queues) across ethtool statistics functions, enabling memory corruption when changing network channels via 'ethtool -L' while simultaneously querying statistics with 'ethtool -S'. Patches available for kernel versions 6.12.80, 6.18.21, 6.19.11, and 7.0. EPSS exploitation probability is low (0.02%, 5th percentile) with no public exploit or active exploitation identified at time of analysis.

Buffer Overflow Debian Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds write in the Linux kernel macb Ethernet driver allows local authenticated users with low privileges to corrupt kernel memory, potentially leading to privilege escalation, denial of service, or information disclosure. The vulnerability affects the ethtool statistics collection path where gem_get_ethtool_stats() writes statistics for MACB_MAX_QUEUES regardless of the actual number of active queues, causing a 760-byte buffer overflow when fewer queues are configured. KASAN validation confirms heap corruption with a write beyond allocated vmalloc region boundaries. No active exploitation confirmed (not in CISA KEV), and EPSS score is low (0.03%, 10th percentile), indicating minimal observed exploitation activity. Patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0).

Buffer Overflow Linux Memory Corruption
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer overflow in Linux kernel RDMA/irdma depth calculation functions allows local authenticated users to trigger a denial of service via improper handling of U32_MAX values passed for SQ/RQ/SRQ size parameters. The vulnerability stems from depth calculations performed in 32-bit integers rather than 64-bit, enabling truncation that bypasses validation and returns success when allocation should fail, potentially causing system instability or resource exhaustion.

Buffer Overflow Integer Overflow Linux +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check __io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte SQEs on an IORING_SETUP_SQE_MIXED ring, needs to detect when the second half of the SQE would be past the end of the sq_sqes array. The current check tests (++sq_head & sq_mask) == 0, but sq_head is only incremented when a 128-byte SQE is encountered, not on every iteration. The actual array index is sq_idx = (i + sq_head) & sq_mask, which can be sq_mask (the last slot) while the wrap check passes. Fix by checking sq_idx directly. Keep the sq_head increment so the loop still skips the second half of the 128-byte SQE on the next iteration.

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A buffer validation flaw in Linux kernel's TDX guest driver (versions 6.7+) allows local authenticated attackers to leak kernel memory beyond allocated quote buffers into userspace, potentially crossing container isolation boundaries in multi-tenant TDX environments. The vulnerability stems from insufficient validation of host-controlled quote_buf->out_len values during remote attestation operations. Patches available for stable branches 6.12.80, 6.18.21, 6.19.11, and mainline 7.0. EPSS score of 0.02% (5th percentile) indicates low exploitation probability in the wild, with no public exploit code or active exploitation confirmed at time of analysis.

Linux Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds memory access in Linux kernel's IBM Virtual Fibre Channel (ibmvfc) driver allows adjacent network attackers to leak kernel memory contents. A compromised or malicious VIO server can supply a crafted num_written value exceeding max_targets in discover targets MAD responses, causing unbounded indexing into disc_buf[] and embedding out-of-bounds kernel data in subsequent PLOGI and Implicit Logout MADs sent back to the attacker. Vendor patches available across all maintained kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0). EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability. No public exploit code or CISA KEV listing identified at time of analysis.

Information Disclosure Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Linux Kernel ext4 filesystem allows authenticated users to trigger kernel crashes and potentially execute arbitrary code with high privileges. The vulnerability stems from improper handling of inline data conversion when truncate() operations exceed inline storage capacity in ext4 filesystems. Affected kernel versions include mainline through 7.0-rc3 and stable branches 5.10.x through 6.19.x, with vendor patches available across all active kernel series. EPSS exploitation probability is very low (0.02%, 7th percentile) and no public exploit identified at time of analysis, though CVSS 7.8 reflects high local impact if exploited.

Memory Corruption Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Linux kernel ext4 filesystem allows local attackers with user interaction to achieve arbitrary code execution via crafted extent tree metadata. The ext4_ext_correct_indexes() function fails to validate index pointer bounds when walking up the extent tree, enabling slab-out-of-bounds memory reads when processing malicious filesystem images. With CVSS 7.8 (high severity) but only 0.02% EPSS (5th percentile), this represents elevated theoretical risk with minimal observed real-world exploitation. Vendor patches available across multiple stable kernel branches (6.12.80, 6.18.21, 6.19.11, 7.0), and no public exploit code or active exploitation confirmed at time of analysis.

Buffer Overflow Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel idxd DMA engine driver allows local authenticated attackers to execute arbitrary code, disclose sensitive memory, or crash the system when Function Level Reset operations fail to allocate scratch memory. The vulnerability affects Linux kernels from commit 98d187a98903 through versions 6.14, 6.18.x before 6.18.21, and 6.19.x before 6.19.11. Vendor patches are available across stable branches with EPSS indicating 0.02% exploitation probability (4th percentile), suggesting limited active targeting despite the high CVSS 7.8 score. No CISA KEV listing or public exploit code identified at time of analysis.

Information Disclosure Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Read retry logic in the Linux kernel's netfs subsystem can incorrectly abandon all remaining subrequests due to an uninitialized or invalid pointer, potentially exposing unintended memory contents or causing denial of service through kernel crashes. Affects Linux kernel 6.12 through early 6.19 and 7.0 development branches. Vendor patches available for 6.18.21, 6.19.11, and mainline 7.0. EPSS score of 0.02% (4th percentile) indicates low real-world exploitation probability. Not listed in CISA KEV. CVSS 8.8 reflects network attack vector with user interaction required.

Information Disclosure Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap buffer overflow in GNU Binutils XCOFF linker allows arbitrary code execution when a local user processes a malicious object file. Red Hat Enterprise Linux versions 6 through 10 are confirmed affected via CPE data. CVSS 7.8 reflects local attack vector requiring user interaction (opening/linking the crafted file). No active exploitation confirmed (not in CISA KEV), and no public proof-of-concept identified at time of analysis. Real-world risk depends heavily on whether development workflows involve linking untrusted XCOFF files, which is uncommon outside AIX/PowerPC cross-compilation scenarios.

Heap Overflow Denial Of Service Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds write in Linux kernel ksmbd allows authenticated remote attackers to cause memory corruption via crafted SMB2 compound requests combining QUERY_DIRECTORY and QUERY_INFO commands. The vulnerability arises when get_file_all_info() fails to validate OutputBufferLength against available buffer space before converting filenames to UTF-16, enabling buffer overflow beyond response buffer boundaries. With CVSS 8.8 (High) and network attack vector requiring only low privileges, this presents significant risk to systems running ksmbd SMB server. Vendor patches available across multiple kernel versions (5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0). EPSS exploitation probability remains low at 0.01% (2nd percentile), and no public exploit or CISA KEV listing identified at time of analysis.

Buffer Overflow Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds write in Linux kernel's ksmbd server allows authenticated remote attackers with low-privilege SMB access to corrupt memory and potentially execute arbitrary code or crash the system. The vulnerability triggers when processing compound SMB2 requests (e.g., READ + QUERY_INFO for security descriptors) where the first command consumes most of the response buffer, causing ksmbd to write beyond allocated memory when building security descriptors from POSIX ACLs. Vendor patches are available for kernel versions 6.12.81, 6.18.22, 6.19.12, and 7.0. EPSS score of 0.01% suggests low observed exploitation probability, and no public exploit code or active exploitation has been identified at time of analysis.

Linux Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE prior to version 1.30.0 allows local attackers with user interaction to cause incorrect buffer sizing for large constant nodes, leading to buffer overflow conditions that may result in information disclosure or denial of service. The vulnerability requires local access and user interaction but can trigger high-severity memory corruption due to incorrect buffer allocation for tensors exceeding integer size limits.

Samsung Integer Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

Integer overflow in tensor copy size calculation within Samsung Open Source ONE enables out of bounds memory access during loop state propagation. Unauthenticated local attackers with user interaction can trigger the overflow to read sensitive data, modify memory, or cause denial of service on affected versions prior to 1.30.0. CVSS 6.6 indicates moderate severity with high availability impact.

Samsung Integer Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Integer overflow in scratch buffer initialization within Samsung Open Source ONE allows local attackers with user interaction to cause denial of service and memory corruption affecting large intermediate tensor processing. Versions prior to 1.30.0 are vulnerable. The vulnerability stems from incorrect size calculation during memory allocation for scratch buffers, resulting in undersized allocations that corrupt adjacent memory regions when large tensors are processed.

Samsung Integer Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

Integer overflow in memory copy size calculation in Samsung Open Source ONE prior to commit 1.30.0 allows local attackers with user privileges to trigger invalid memory operations by supplying tensors with large shapes, potentially causing information disclosure, data corruption, or denial of service. The vulnerability requires user interaction (UI:R) and operates with low attack complexity on local systems. No public exploit code or active exploitation has been identified.

Samsung Integer Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

Integer overflow in Samsung Open Source ONE's output tensor copy size calculation allows local attackers with user interaction to cause memory corruption and potential code execution through oversized tensor processing. The vulnerability affects versions prior to 1.30.0 and stems from improper integer arithmetic when computing copy lengths for tensor data, enabling an attacker to trigger buffer overflows by crafting malicious tensor inputs that bypass size validation.

Samsung Integer Overflow Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

Integer overflow in tensor buffer size calculation in Samsung Open Source ONE prior to version 1.30.0 allows local attackers with user-level privileges to cause out-of-bounds memory access, leading to information disclosure and denial of service. The vulnerability requires user interaction to process specially crafted large tensor data. CVSS 6.6 indicates moderate severity with local attack vector and high availability impact.

Samsung Integer Overflow Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Integer overflow in tensor allocation size calculation within Samsung Open Source ONE prior to version 1.30.0 allows local attackers with user interaction to cause denial of service or memory corruption. The vulnerability arises when processing large tensors, where insufficient memory allocation due to integer wraparound can lead to heap corruption. While CVSS indicates moderate severity (5.3), the high attack complexity and user interaction requirements limit practical exploitation.

Samsung Integer Overflow Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH This Week

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.

Stack Overflow Buffer Overflow Pjproject
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote attackers can crash Nest.js applications (versions prior to 11.1.19) by sending approximately 47 KB of fragmented JSON messages within a single TCP frame, triggering a call stack overflow. The handleData() function's recursive processing of small valid JSON messages causes stack exhaustion before maxBufferSize limits are enforced, resulting in RangeError and denial of service. No authentication required (CVSS AV:N/PR:N). Vendor patch released in version 11.1.19. EPSS data not available; no confirmed active exploitation (not in CISA KEV).

Buffer Overflow Node.js
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Heap buffer overflow in PJSIP 2.16 and earlier allows local attackers with user interaction to execute arbitrary code or crash the application via maliciously crafted Opus audio frames. The vulnerability stems from undersized FEC decode buffers (960 bytes at 8 kHz mono) that receive up to 1280 bytes of encoded data without bounds checking during Opus codec decoding. With CVSS 8.5 severity and a public GitHub commit fix available, this represents a high-impact memory corruption vulnerability in a widely-deployed VoIP library, though exploitation requires local access and user interaction (AV:L/UI:P), limiting remote attack scenarios.

Heap Overflow Buffer Overflow Pjproject
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

BACnet Stack prior to version 1.4.3 exhibits undefined behavior in the decode_signed32() function when processing signed-integer property values containing bytes with the high bit set, causing denial of service through integer overflow. Network-remote attackers can trigger this vulnerability by sending specially crafted BACnet packets with high-bit-set byte sequences, resulting in application instability or crash on embedded systems running vulnerable versions. The vulnerability is confirmed fixed in version 1.4.3.

Buffer Overflow Bacnet Stack
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Out-of-bounds read in NVIDIA CUDA-Q endpoint allows remote unauthenticated attackers to crash services and disclose sensitive memory contents via malformed network requests. The vulnerability affects an exposed network endpoint with no authentication barrier (CVSS AV:N/AC:L/PR:N/UI:N), enabling trivial exploitation against internet-facing deployments. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis, suggesting exploitation remains theoretical or limited to targeted scenarios.

Denial Of Service Information Disclosure Nvidia +1
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Storable versions before 3.05 for Perl has a stack overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds buffer write in CPython's asyncio.ProactorEventLoop (Windows only) allows remote attackers to trigger memory corruption via oversized network data. The sock_recvfrom_into() method lacks buffer size validation when the nbytes parameter is used, enabling writes beyond allocated memory boundaries. Patch available via GitHub PR #148809. CVSS 8.8 reflects network-accessible attack surface with no authentication required, though exploitation is platform-specific (Windows only) and requires specific asyncio usage patterns.

Memory Corruption Microsoft Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Multiple memory corruption bugs in Firefox ESR 140.9, Firefox 149, Thunderbird ESR 140.9, and Thunderbird 149 could enable remote code execution against users visiting malicious websites. Mozilla has fixed these memory safety vulnerabilities in Firefox 150 and Firefox ESR 140.10, with vendor advisories (MFSA2026-30, MFSA2026-32, MFSA2026-33, MFSA2026-34) confirming patches are available. EPSS score of 0.05% (14th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though SSVC framework assesses total technical impact if successfully weaponized.

Buffer Overflow Memory Corruption Mozilla +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free memory corruption (CWE-416) in Mozilla Firefox 149 and ESR 115.34/140.9, plus the shared Gecko engine in Thunderbird 149 and Thunderbird ESR 140.9, can lead to arbitrary code execution within the browser process when a victim renders attacker-controlled web content. This is a rolled-up batch of memory-safety bugs reported by Mozilla's own developers; Mozilla states some showed evidence of memory corruption presumed exploitable for code execution. There is no public exploit identified at time of analysis, the bug is not in CISA KEV, and EPSS is very low (0.06%, 17th percentile), consistent with the CVSS 7.5 rating being held down by high attack complexity (AC:H) and required user interaction (UI:R).

Use After Free RCE Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in Firefox 149 and Thunderbird 149 enables remote code execution when users interact with malicious web content. Mozilla patched 55 distinct memory safety bugs in Firefox 150, some demonstrating memory corruption that could be weaponized for arbitrary code execution. While no public exploit is confirmed, the CVSS score of 7.5 reflects high complexity requiring user interaction, with SSVC assessment indicating total technical impact despite no current automation or active exploitation.

Information Disclosure Mozilla Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Integer overflow in Firefox's Audio/Video Playback component allows remote unauthenticated attackers to cause integrity violations through specially crafted multimedia content. The vulnerability stems from incorrect boundary condition handling in numeric calculations, potentially enabling attackers to modify playback state or corrupt audio/video streams without user interaction. Firefox 150 and later contain the fix.

Integer Overflow Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Firefox WebRTC networking component allows local attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. Affects Firefox versions prior to 150 and Firefox ESR prior to 140.10. No public exploit identified at time of analysis. CVSS 7.8 reflects high severity but requires local access and user interaction, limiting remote attack surface. Mozilla has released patches in Firefox 150 and Firefox ESR 140.10.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Incorrect boundary conditions in Firefox's WebRTC component allow remote attackers to read limited memory contents without authentication. Firefox versions prior to 150 are affected by this low-confidentiality vulnerability, which CVSS rates at 5.3 due to network exploitability without user interaction, though CISA's SSVC framework indicates no current exploitation activity and limited technical impact.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Integer overflow in Firefox's WebGPU graphics component enables remote denial-of-service attacks against default browser configurations. Attackers can trigger high availability impact via network-accessible exploitation without authentication or user interaction. Mozilla patched this in Firefox 150, with SSVC framework rating it automatable with partial technical impact despite CVSS 7.5 severity. No active exploitation confirmed and EPSS data not provided for risk quantification.

Integer Overflow Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Confidentiality compromise in Firefox NSS Libraries allows remote unauthenticated attackers to leak sensitive information over the network without user interaction. The vulnerability affects Firefox 150 and earlier, Firefox ESR 115.34 and earlier, and Firefox ESR 140.9 and earlier, and has been patched in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10. No public exploit code or active exploitation has been identified at the time of analysis.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Remote attackers can execute code and corrupt memory in Firefox (versions prior to 150) and Firefox ESR (prior to 140.10) by exploiting boundary condition errors in the WebRTC component. The vulnerability permits network-based exploitation without authentication or user interaction, enabling partial confidentiality, integrity, and availability impact. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite the high CVSS 7.3 rating. No public exploit identified at time of analysis, though the vulnerability is classified as automatable with total technical impact per SSVC framework. Mozilla has released patches in Firefox 150 and Firefox ESR 140.10.

Buffer Overflow Mozilla
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Remote code execution or information disclosure in Mozilla Firefox's WebRTC component allows network-based attackers to trigger memory corruption through incorrect boundary checks (CWE-119 buffer overflow class). All Firefox versions prior to 150, ESR versions prior to 115.35, and ESR versions prior to 140.10 are vulnerable. The CVSS vector indicates network-accessible exploitation with no authentication required (AV:N/PR:N), though CISA SSVC framework classifies exploitation as 'none' and automatable as 'no', suggesting limited real-world exploitation evidence at time of analysis. EPSS data not provided. Mozilla has released patches across all affected product lines.

Mozilla Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Integer overflow in OpenEXR's DWA compressor (versions 3.2.0-3.2.7, 3.3.0-3.3.9, 3.4.0-3.4.9) enables local attackers to trigger memory corruption when processing maliciously crafted EXR image files requiring user interaction. This vulnerability represents a missed instance of the same integer overflow pattern addressed in related CVEs 2026-34589, 34588, and 34544, occurring in `internal_dwa_compressor.h:1040` where width multiplication lacks proper size_t casting. Given the local attack vector requiring user interaction (CVSS AV:L/UI:A), real-world exploitation requires social engineering to trick users into opening weaponized EXR files, making this primarily a workstation-targeted threat in media production environments. No active exploitation or public POC identified at time of analysis.

Integer Overflow Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Integer overflow in OpenEXR's DWA compressor (versions 3.2.0-3.2.7, 3.3.0-3.3.9, 3.4.0-3.4.9) allows local attackers to trigger memory corruption via maliciously crafted EXR image files requiring user interaction. This overflow at internal_dwa_compressor.h:1722 was missed in the CVE-2026-34589 remediation batch, performing width*height multiplication in 32-bit arithmetic without proper bounds checking. While CVSS scores 8.4 (High), the local attack vector and required user interaction (opening malicious file) somewhat limit real-world exploitation compared to remotely exploitable vulnerabilities. No EPSS score or KEV status available; exploitation probability depends on attacker's ability to deliver weaponized EXR files to targets in media production environments.

Integer Overflow Buffer Overflow Openexr
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Signed integer overflow in OpenEXR 3.4.0-3.4.9 HTJ2K decompression allows remote attackers to cause denial of service via crafted EXR files with excessive FLOAT channels. The `ht_undo_impl()` function accumulates a bytes-per-line value in a 32-bit signed integer without overflow protection; on memory-permissive systems, the wrapped negative value enables heap out-of-bounds writes. OpenEXR 3.4.10 contains the fix. This is a distinct overflow from CVE-2026-34545 in the same function and mirrors the pattern of CVE-2026-34588.

Integer Overflow Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when processing a security descriptor with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.

Heap Overflow Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Out-of-bounds read in wolfSSHd on Windows allows authenticated users to leak adjacent stack memory via malformed terminal resize requests, exposing sensitive data through pseudo-console output. Affects wolfSSH versions prior to 1.5.0. CVSS score of 2.3 reflects low severity due to authentication requirement and limited confidentiality impact; vendor patch available.

Microsoft Buffer Overflow
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in glibc scanf functions versions 2.7 through 2.43 allows remote unauthenticated attackers to execute arbitrary code by providing malicious input to applications using %mc format specifiers with width >1024. CVSS 9.8 indicates critical network-accessible impact, but EPSS score of 0.02% (5th percentile) suggests minimal real-world exploitation activity at time of analysis. No CISA KEV listing confirms this as a theoretical risk requiring specific application usage patterns rather than widespread active exploitation. Successful exploitation depends on target applications parsing attacker-controlled input through affected scanf family functions with specific format string configurations.

Heap Overflow Buffer Overflow Glibc
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Buffer overflow in glibc's obsolete NIS authentication function allows remote attackers to compromise integrity and availability via spoofed UDP responses. Affects all glibc versions through 2.43, but exploitation requires the target application to actively use the deprecated nis_local_principal function (obsolete since glibc 2.26). EPSS score of 0.02% (5th percentile) indicates low real-world exploitation probability, consistent with the narrow attack surface of legacy NIS deployments. No active exploitation or public exploit code identified at time of analysis.

Buffer Overflow Glibc Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Heap buffer overflow in NanoMQ MQTT Broker's REST API allows remote unauthenticated attackers to trigger denial of service via crafted HTTP requests. The off-by-one error in uri_param_parse function (CWE-122) affects all versions prior to 0.24.11. CVSS 7.7 (High) with network attack vector, low complexity, and no authentication required. Proof-of-concept exploit exists (CVSS E:P), though no CISA KEV listing indicates limited observed exploitation. Vendor patch available in version 0.24.11 with upstream fix committed (GitHub 69a97b3).

Heap Overflow Buffer Overflow Nanomq
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Stack-based buffer overflow in Dell PowerProtect Data Domain versions 7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allows high-privileged local attackers to execute arbitrary commands as root. The vulnerability requires local access and elevated privileges, limiting exposure to insider threats or compromised administrative accounts rather than remote attackers. No public exploit has been identified at time of analysis.

Dell Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Heap buffer overflow in KissFFT library (all versions before commit 8a8e66e) enables remote code execution when applications process attacker-controlled FFT dimensions. Integer overflow in kiss_fftndr_alloc() causes malloc() to allocate undersized buffers, allowing heap memory corruption during multidimensional FFT operations. CVSS 8.8 (network vector, no authentication, user interaction required). EPSS and KEV data not provided; no public exploit confirmed at time of analysis. Upstream fix available via GitHub commit, but released patched version number not independently confirmed.

Integer Overflow Buffer Overflow Kissfft
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F451 router firmware 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve complete compromise via the SafeClientFilter function. The httpd service improperly validates 'menufacturer' and 'Go' parameters, enabling memory corruption that leads to code execution with firmware-level privileges. A public exploit (GitHub PoC) exists, but no CISA KEV listing indicates exploitation remains proof-of-concept rather than widespread. EPSS data unavailable; CVSS 7.4 reflects network attack vector with low complexity, though low-privilege authentication is required.

Tenda Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability exists in the httpd component's webExcptypemanFilter function, exploitable via malicious 'page' parameter input to /goform/webExcptypemanFilter. Public exploit code is available on GitHub (CVSS 7.4, CWE-120). EPSS data not provided, not listed in CISA KEV. This targets a specific legacy Chinese firmware version of a consumer-grade router with known end-of-life support issues.

Tenda Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated attackers to achieve arbitrary code execution via crafted DHCP server configuration requests. The vulnerability exists in the httpd service's /goform/GstDhcpSetSer endpoint, exploitable by manipulating the 'dips' parameter. Public exploit code is available on GitHub, significantly lowering exploitation barriers for authenticated attackers with network access to the router's management interface.

Tenda Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's X.509 certificate parser allows local unprivileged users to trigger memory corruption or denial of service by submitting a specially crafted certificate via the keyrings(7) API. The flaw exists in the handling of empty Basic Constraints or Key Usage extensions, where the first byte is dereferenced before the length check. A proof-of-concept was responsibly disclosed by the reporter, though no public exploit is identified at time of analysis and EPSS rates the exploitation probability as very low (0.01%).

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Remote code execution in ASUSTOR ADM (4.1.0-4.3.3.RR42 and 5.0.0-5.1.2.REO1) allows authenticated high-privilege attackers to execute arbitrary code via stack-based buffer overflow in VPN client components. The vulnerability combines unbounded sscanf() calls with format string weaknesses (printf with user-controlled data), exploitable due to absent PIE and stack canary protections. EPSS exploitation probability is low (0.23%, 46th percentile) with no public exploit code identified at time of analysis, suggesting limited real-world targeting despite high CVSS score.

Stack Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Emergency

Remote code execution in silex technology SD-330AC and AMC Manager allows unauthenticated network attackers to execute arbitrary code via heap-based buffer overflow when processing redirect URLs. CVSS 9.3 critical severity with attack vector AV:N/AC:L/PR:N/UI:N indicates trivial exploitation against internet-facing devices. No public exploit identified at time of analysis, though JPCERT coordination suggests vendor-confirmed vulnerability. EPSS data not available; real-world risk depends on internet exposure of affected silex wireless bridge and management software installations.

Heap Overflow Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 8.7
HIGH Act Now

Stack-based buffer overflow in silex technology's SD-330AC (Ver.1.42 and earlier) and AMC Manager (Ver.5.0.2 and earlier) enables authenticated remote attackers to execute arbitrary code on the device via maliciously crafted redirect URLs. Reported by JPCERT with vendor advisories published, though EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV), and SSVC assessment marks exploitation status as 'none' despite the critical nature of remote code execution capability.

Stack Overflow Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Heap-based buffer overflow in Silex SD-330AC and AMC Manager packet processing allows remote unauthenticated attackers to trigger a temporary denial-of-service condition via crafted network packets to the sx_smpd service. CVSS score is 5.3 (moderate) with confirmed active reporting by JPCERT, though no public exploit code or CISA KEV listing is evident from available data. Attack requires only network access and no authentication or user interaction.

Heap Overflow Buffer Overflow Sd 330Ac +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in H3C Magic B1 router firmware versions up to 100R004 allows authenticated attackers to trigger a buffer overflow in the SetMobileAPInfoById function via crafted HTTP requests to /goform/aspForm. CVSS:4.0 rated 7.4 (High) with confirmed publicly available exploit code on GitHub. No vendor response or patch available. EPSS data not provided, but public exploit availability significantly elevates exploitation risk. The CWE-120 buffer overflow enables full device compromise (VC:H/VI:H/VA:H) with low attack complexity (AC:L) requiring only low-privileged authentication (PR:L).

Buffer Overflow Magic B1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in H3C Magic B1 router firmware (versions through 100R004) allows authenticated remote attackers to achieve complete system compromise via crafted parameters to the SetAPWifiorLedInfoById function in /goform/aspForm. Public exploit code exists on GitHub. CVSS 7.4 (High) with network attack vector, low complexity, and confirmed proof-of-concept (CVSS:4.0 E:P). Vendor unresponsive to disclosure. EPSS and KEV status not provided in available data.

Buffer Overflow Magic B1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in H3C Magic B0 routers (firmware versions up to 100R002) allows authenticated remote attackers to achieve arbitrary code execution via the Edit_BasicSSID function in /goform/aspForm. Public exploit code exists on GitHub. CVSS4.0 7.4 reflects network accessibility with low authentication (PR:L). Vendor unresponsive to disclosure - no patch confirmed. Exploitation requires valid router credentials but no special deployment conditions.

Buffer Overflow Magic B0
NVD VulDB GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Integer overflow in Little CMS (lcms2) version 2.18 and earlier allows local attackers to trigger a buffer overflow via CubeSize calculation in cmslut.c, where the overflow check occurs after rather than before multiplication. This can result in memory corruption leading to information disclosure or denial of service with low complexity requirements. No active exploitation in CISA KEV confirmed at time of analysis, but proof-of-concept technical details are publicly available.

Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in SAIL image library's TGA decoder allows remote code execution via malformed RLE-compressed TGA files against all versions prior to commit 45d48d1. Network-accessible applications processing untrusted TGA images can be fully compromised without authentication or user interaction (CVSS 9.8). The raw-packet RLE decompression path permits writing up to 496 bytes of attacker-controlled data beyond allocated heap bounds. Vendor patch confirmed via GitHub commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302. No CISA KEV listing or public POC identified at time of analysis, but the straightforward exploitation conditions (parsing untrusted files) and complete technical disclosure create high weaponization risk.

Memory Corruption Buffer Overflow Sail
NVD GitHub VulDB
Prev Page 27 of 402 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
36140

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy