Skip to main content

Stack-based Buffer Overflow

memory HIGH

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold.

How It Works

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold. The stack stores local variables, function parameters, and critical control information including the return address that tells the CPU where to resume execution after a function completes. When an attacker overflows a buffer, they can overwrite adjacent memory, including this return address.

The classic exploitation path involves carefully crafting input to overwrite the return address with a pointer to attacker-controlled code. Historically, attackers would inject shellcode directly into the overflowed buffer, then redirect execution to it. Modern defenses like Data Execution Prevention (DEP/NX) mark the stack as non-executable, forcing attackers to use Return-Oriented Programming (ROP) instead—chaining together existing code snippets ("gadgets") to perform malicious operations without injecting new code.

Address Space Layout Randomization (ASLR) randomizes memory addresses to make exploitation harder, but attackers can defeat it through information disclosure vulnerabilities that leak memory addresses. Stack canaries—random values placed between buffers and control data—can detect overwrites, but may be bypassed through brute-force attacks or by carefully avoiding them in partial overwrites.

Impact

  • Arbitrary code execution at the privilege level of the vulnerable process
  • Complete system compromise if the vulnerable process runs with elevated privileges (root/SYSTEM)
  • Memory corruption leading to crashes and denial of service
  • Bypass of authentication mechanisms by redirecting execution flow around security checks
  • Data theft or modification through code injection that accesses sensitive memory regions

Real-World Examples

The Morris Worm (1988) exploited a stack overflow in the Unix fingerd daemon, becoming one of the first major internet worms. The Code Red worm (2001) leveraged a stack overflow in Microsoft IIS (CVE-2001-0500) to compromise hundreds of thousands of web servers, demonstrating the massive scale of automated exploitation.

More recently, EternalBlue exploited stack corruption in Windows SMB (CVE-2017-0144), enabling the WannaCry and NotPetya ransomware outbreaks that caused billions in damage. The Heartbleed bug (CVE-2014-0160), while technically a heap-based read overflow, demonstrated how buffer handling errors remain prevalent even in security-critical software like OpenSSL.

Mitigation

  • Stack canaries (compile with -fstack-protector-all or equivalent) to detect overwrites before return
  • Address Space Layout Randomization (ASLR) to randomize memory locations
  • DEP/NX bit enforcement to prevent code execution from stack memory
  • Memory-safe string functions (use strncpy, snprintf, strlcpy instead of strcpy, sprintf, gets)
  • Compiler hardening flags (-D_FORTIFY_SOURCE=2, control-flow integrity)
  • Input validation with strict bounds checking on all externally-supplied data
  • Memory-safe languages (Rust, Go) for new development to eliminate the vulnerability class entirely

Recent CVEs (2223)

EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 allows authenticated remote attackers to achieve complete system compromise through the /goform/fast_setting_wifi_set endpoint. Public exploit code is available and actively being weaponized against this unpatched vulnerability. Attackers with network access and valid credentials can execute arbitrary code with full system privileges.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 via stack-based buffer overflow in the /goform/formEasySetPassword endpoint allows unauthenticated attackers to achieve full system compromise through a malicious curTime parameter. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with network access can execute arbitrary code with high privileges without user interaction.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0%
PATCH Monitor

A stack overflow vulnerability exists in the Linux kernel's tunnel transmission functions (iptunnel_xmit and ip6tunnel_xmit) due to missing recursion limits when GRE tap interfaces operate as slaves in bonded devices with broadcast mode enabled. This allows local attackers or legitimate multicast/broadcast traffic to trigger infinite recursion between bond_xmit_broadcast() and tunnel transmission functions, causing kernel stack exhaustion and denial of service. The vulnerability affects multiple Linux kernel versions and has been resolved with the addition of IP_TUNNEL_RECURSION_LIMIT (4) to prevent excessive stack consumption during nested tunnel packet encapsulation.

Linux Denial Of Service Stack Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Stack buffer overflow in Google Chrome's WebRTC implementation prior to version 146.0.7680.153 enables remote attackers to corrupt stack memory and achieve code execution through maliciously crafted HTML pages. The vulnerability affects Chrome, and potentially downstream products including Chromium-based browsers, requiring only user interaction and no authentication. A patch is available across affected platforms including Ubuntu and Debian.

Google Buffer Overflow Stack Overflow +5
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in OpenWrt's mDNS daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to overflow a 46-byte stack buffer by sending malformed IPv6 PTR queries over multicast DNS on UDP port 5353. The vulnerability stems from insufficient validation of domain name length before copying to a fixed-size buffer, enabling arbitrary code execution on affected embedded devices. No patch is currently available.

RCE Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in OpenWrt mdns daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to crash the service or execute arbitrary code by sending specially crafted DNS PTR queries to UDP port 5353, exploiting a stack buffer overflow in the parse_question function. The vulnerability occurs when domain names are expanded and copied without bounds checking, with non-printable characters inflating the payload beyond the fixed 256-byte buffer. No patch is currently available for affected embedded device deployments.

Buffer Overflow Stack Overflow Openwrt
NVD GitHub VulDB
EPSS 0% CVSS 2.2
LOW PATCH Monitor

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality.

Buffer Overflow Stack Overflow Wolfssl
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in PX4 autopilot versions 1.17.0-rc2 and below allows attackers with MAVLink link access to crash the flight controller by exploiting an unconstrained sscanf operation in the MavlinkLogHandler. An attacker can trigger this by creating deeply nested directories via MAVLink FTP and then requesting the log list, causing the MAVLink task to crash and resulting in loss of telemetry and command capability. This denial of service affects drone and unmanned vehicle systems relying on vulnerable PX4 versions.

Buffer Overflow Denial Of Service Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

HTSlib, a widely-used bioinformatics library for reading and writing sequence alignment formats, contains a critical buffer overflow vulnerability in its CRAM format decoder. The vulnerability exists in the `cram_byte_array_len_decode()` function which fails to validate that unpacked data matches the output buffer size, affecting HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1. An attacker can craft a malicious CRAM file that, when opened by a user, triggers either a heap or stack overflow with attacker-controlled bytes, potentially leading to arbitrary code execution, program crash, or memory corruption.

Buffer Overflow Stack Overflow Heap Overflow +5
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

HTSlib contains a buffer overflow vulnerability in its CRAM format decoder affecting the VARINT and CONST encoding handlers, where incomplete context validation allows writes of up to eight bytes beyond heap allocation boundaries or into stack-allocated single-byte variables. This vulnerability affects HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1, and impacts any application using the library to process CRAM-formatted bioinformatics data files. An attacker can craft a malicious CRAM file to trigger heap or stack overflow conditions, potentially leading to denial of service, memory corruption, or arbitrary code execution when processed by a vulnerable application.

Buffer Overflow Stack Overflow Heap Overflow +5
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2708 Pn +70
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Denial Of Service Stack Overflow +71
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Denial of service in Stack Overflow and Fl networking devices results from a stack-based buffer overflow in the file installation workflow that can be triggered by high-privileged attackers through oversized POST parameters. An authenticated attacker with elevated privileges can crash the affected service by exploiting this memory corruption vulnerability. No patch is currently available for the impacted products.

Buffer Overflow Stack Overflow Fl Switch 2516 +70
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 4.9) that allows a high-privileged attacker. Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2708 +70
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2207 Fx Sm +70
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Stack-based buffer overflow in Wazuh manager versions 3.9.0 through 4.14.3 allows remote attackers with high privileges to crash the `wazuh-analysisd` service via malformed JSON events, resulting in denial of service. The vulnerability stems from unsafe use of sprintf with floating-point format specifiers in the Security Configuration Assessment decoder, and may potentially enable remote code execution on affected Wazuh installations.

Denial Of Service Stack Overflow Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Stack-based buffer overflow in Wazuh 4.4.0 through 4.14.2 allows authenticated remote attackers with high privileges to trigger an integer underflow in the database synchronization module, causing denial of service or potential code execution. The vulnerability exists in SQL query construction logic within wdb_delta_event.c where improper size calculations on buffers exceeding 2048 bytes can corrupt the stack. A patch is available in version 4.14.3.

Denial Of Service Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be exploited remotely by authenticated attackers to achieve complete system compromise. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. An attacker with valid credentials can manipulate input to the vulnerable endpoint and execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow Bl Wr9000
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow D-Link Stack Overflow +20
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected firmware versions are dated up to February 5, 2026.

Stack Overflow Buffer Overflow D-Link +20
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DNS NAS devices (DNS-120 through DNS-1550-04) allows authenticated attackers to achieve remote code execution via the Downloads_Schedule_Info function in /cgi-bin/download_mgr.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow +20
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DNS and DNR network storage devices allows authenticated remote attackers to execute arbitrary code by manipulating the f_idx parameter in the local_backup_mgr.cgi endpoint. Public exploit code exists for this vulnerability, which affects multiple device models up to firmware version 20260205 with no patch currently available. An attacker with valid credentials can trigger memory corruption to achieve complete system compromise including code execution, data theft, and service disruption.

D-Link Buffer Overflow Stack Overflow +20
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in D-Link DIR-619L 2.06B01 results from a stack-based buffer overflow in the formSchedule function when the curTime parameter is manipulated via the /goform/formSchedule endpoint. An authenticated remote attacker can exploit this vulnerability to achieve full system compromise, and public exploit code is currently available. This vulnerability affects only end-of-life devices that no longer receive security updates.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Stack-based buffer overflow vulnerability in GPAC's MP4Box component, specifically in the swf_def_bits_jpeg function of src/scene_manager/swf_parse.c, affecting versions up to 2.5-DEV-rev2167. An authenticated attacker can exploit this remotely by manipulating the szName argument to cause a stack overflow, resulting in information disclosure, data modification, or denial of service. A public proof-of-concept exists, and a vendor patch is available; exploitation requires valid credentials (CVSS 6.3 with authenticated access requirement).

Stack Overflow Buffer Overflow Gpac
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available on GitHub, making this vulnerability actively exploitable. However, D-Link no longer supports this product, meaning no patch will be released.

Buffer Overflow D-Link Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 router firmware version 1.10CNB05, affecting the wireless configuration interface (/goform/form2WlanBasicSetup.cgi). A publicly available proof-of-concept exploit exists, allowing remote attackers without authentication to achieve complete system compromise. The vulnerability affects end-of-life products no longer supported by D-Link, making patches unlikely.

Buffer Overflow D-Link Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to achieve full system compromise without authentication. A public proof-of-concept exploit is available on GitHub, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 8.9
HIGH POC This Week

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (firmware version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow vulnerability in TRENDnet TEW-632BRP firmware version 1.010B32, specifically in the ping_response.cgi file's HTTP POST request handler. An authenticated attacker with high privileges can exploit this vulnerability remotely to achieve code execution with high impact to confidentiality, integrity, and availability. A public proof-of-concept exploit is available on GitHub, though the vulnerability is not listed in CISA KEV and no EPSS score is provided.

Buffer Overflow Stack Overflow Tew 632brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution via stack-based buffer overflow in Belkin F9K1122 router firmware allows authenticated attackers to achieve complete system compromise through the /goform/formReboot endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The high CVSS score of 8.8 reflects the severity of unauthenticated remote exploitation potential in networked deployments.

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Stack overflow vulnerability in PX4 autopilot drone flight control software (versions prior to 1.17.0-rc2) where the Zenoh uORB subscriber fails to validate incoming payload sizes, allowing remote attackers to crash the Zenoh bridge task. No active exploitation (not in KEV), no known POC, and the local attack vector (CVSS AV:L) limits real-world impact despite the high 7.8 CVSS score.

Buffer Overflow Stack Overflow Px4 Autopilot
NVD GitHub VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

PX4 autopilot versions prior to 1.17.0-rc2 contain an unbounded memcpy vulnerability in the tattu_can module that allows stack memory corruption when processing specially crafted CAN frames. An attacker with CAN bus injection capability can trigger denial of service or memory corruption in drone systems where tattu_can is enabled, potentially compromising flight safety and system stability.

Buffer Overflow Stack Overflow Px4 Autopilot
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

PX4 autopilot versions prior to 1.17.0-rc2 contain a stack overflow vulnerability in the BST telemetry probe driver that allows a malicious BST device to trigger a buffer overflow by reporting an oversized dev_name_len parameter without bounds checking. An attacker with physical access to inject a malicious BST device can crash the autopilot task or potentially achieve arbitrary code execution, impacting drone flight safety and control systems. No active KEV exploitation data or public POC is currently documented, but the vulnerability is patched in version 1.17.0-rc2.

RCE Stack Overflow Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack-based buffer overflow in GStreamer's H.266 codec parser that allows remote code execution when processing malicious video files. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to trigger, such as opening a malicious media file. No active exploitation (not in KEV) or public PoC has been reported, with EPSS data unavailable.

Buffer Overflow RCE Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack overflow in HMS Networks Ewon Flexy/Cosy+ firmware.

RCE Buffer Overflow Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by stack-based buffer overflow (CVSS 6.7).

Stack Overflow Buffer Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Illustrator 29.8.4 and 30.1 through a stack-based buffer overflow when processing malicious files. Local exploitation requires user interaction to open a crafted document, executing code with the privileges of the current user. No patch is currently available for affected versions.

Adobe Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by stack-based buffer overflow (CVSS 5.5).

Stack Overflow Buffer Overflow Iccdev
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

Remote code execution in Fortinet FortiWeb versions 7.0 through 8.0.3 stems from a stack-based buffer overflow that authenticated attackers can exploit by sending crafted HTTP requests, provided they can bypass stack protection and ASLR mechanisms. Successful exploitation allows attackers to execute arbitrary code with the privileges of the vulnerable application. No patch is currently available for this medium-severity vulnerability affecting multiple FortiWeb releases.

Fortinet Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Uderzo Software SpaceSniffer v.2.0.5.18 results from a buffer overflow vulnerability triggered by processing malicious .sns snapshot files. An attacker with local access can craft a specially formatted file to achieve code execution with high privileges. No patch is currently available for this vulnerability.

Buffer Overflow RCE Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 7.4
HIGH Act Now

Insufficient input validation in SICAM SIAPP SDK versions prior to V2.1.7 enables stack overflow attacks, permitting local attackers to execute arbitrary code or trigger denial of service. The vulnerability affects all versions below the patched release, with no currently available remediation for deployed systems. Attackers with local access can leverage malformed input to corrupt the stack and gain code execution privileges.

Stack Overflow Denial Of Service RCE +2
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

Arbitrary code execution in Fortinet FortiWeb 7.0.2 through 8.0.2 stems from a stack-based buffer overflow triggered by crafted HTTP requests from authenticated attackers who can bypass stack protection mechanisms. The vulnerability affects multiple FortiWeb versions and requires high privileges and specific conditions to exploit, though no patch is currently available. An authenticated attacker with sufficient privileges could leverage this flaw to execute arbitrary commands on affected systems.

Fortinet Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. [CVSS 8.1 HIGH]

Fortinet Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

Buffer Overflow Stack Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated remote attackers to achieve complete system compromise through a malformed page parameter in the /goform/P2pListFilter endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk of code execution and data theft.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. [CVSS 8.8 HIGH]

Buffer Overflow Stack Overflow Universal Bacnet Router Firmware
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated attackers to achieve remote code execution through a malicious page parameter in the /goform/DhcpListClient endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for deployed devices. This affects both the Tenda FH1202 router and Stack Overflow services with high severity impact on confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve complete system compromise through manipulation of the page parameter in the /goform/NatStaticSetting function. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires valid credentials but can be exploited over the network with no user interaction.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve full system compromise through manipulation of the webSiteId parameter in the /goform/webtypelibrary function. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the potential for complete confidentiality, integrity, and availability impact.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in Atop Technologies EHG2408-series industrial Ethernet switches (including the EHG2408 and EHG2408-2SFP firmware) allows unauthenticated attackers to hijack the device's execution flow via a stack-based buffer overflow and run arbitrary code. The flaw was reported through Taiwan's CERT (TWCERT) and carries a CVSS 4.0 base score of 9.3, reflecting fully unauthenticated network exploitation with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and the EPSS score is low (0.14%, 34th percentile), suggesting exploitation has not yet been observed at scale.

Buffer Overflow Stack Overflow Atop Ehg2408 2sfp Firmware +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote attackers with low privileges to execute arbitrary code through crafted mit_ssid parameters sent to the AdvSetWrlsafeset function. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it readily exploitable in affected deployments.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda i3 1.0.0.6(2204) firmware allows unauthenticated attackers to achieve full system compromise through a stack-based buffer overflow in the WifiMacFilterSet function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring immediate mitigation through network segmentation or device isolation.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda i3 firmware versions up to 1.0.0.6(2204) via stack-based buffer overflow in the WiFi MAC filter function allows unauthenticated attackers to achieve full system compromise over the network. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires only low complexity to exploit and affects the confidentiality, integrity, and availability of affected devices.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve code execution by manipulating the cmdinput parameter in the /goform/exeCommand function. Public exploit code exists for this vulnerability and no patch is currently available, placing affected devices at immediate risk.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of ping parameters in the setAutoPing function. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through a malformed funcpara1 parameter in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in Delta Electronics COMMGR2 communication management software. ICS vulnerability enabling remote code execution on industrial communication gateways.

Industrial Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware 1.0.0.3 allows remote attackers with valid credentials to achieve unauthenticated code execution through a malformed GO parameter in the WrlclientSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations using vulnerable F453 devices should implement network segmentation and access controls to mitigate exploitation risk.

Golang Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows authenticated remote attackers to achieve complete system compromise through a malformed GO parameter in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face high risk of unauthorized code execution, data theft, and service disruption.

Golang Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware allows unauthenticated remote attackers to execute arbitrary code through the cmdinput parameter in the /goform/exeCommand function, with public exploit code already available. The vulnerability affects F453 firmware version 1.0.0.3 and has a CVSS score of 8.8, enabling complete compromise of affected devices without requiring user interaction. No patch is currently available.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda F453 firmware versions 1.0.0.3 and 3.As via stack-based buffer overflow in the PPTP client configuration endpoint allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware versions 1.0.0.3/1.1f allows authenticated remote attackers to execute arbitrary code through malformed funcname/funcpara1 parameters in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise potential of affected devices.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated attackers to achieve remote code execution through improper input validation in the QuickIndex handler. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at significant risk of compromise.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system compromise through a malicious page parameter in the webExcptypemanFilter function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, making it a significant risk for affected devices.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Wavlink WL-WN579X3-C firmware through stack-based buffer overflow in the firewall.cgi module allows unauthenticated attackers to achieve complete system compromise via manipulation of the del_flag parameter. Public exploit code exists for this vulnerability, and no patch is currently available despite vendor notification. Affected users should immediately restrict network access to the affected device until a firmware update becomes available.

Buffer Overflow Stack Overflow Wl Wn579x3 C Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the QuickIndex function allows unauthenticated attackers to execute arbitrary code by sending crafted requests with oversized PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and affects firmware version 1.0.0.9 and potentially other versions.

Buffer Overflow Stack Overflow F451 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the WAN configuration endpoint allows unauthenticated attackers to achieve full system compromise through malicious wanmode or PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. Stack Overflow products are also reported as affected.

Buffer Overflow Stack Overflow Fh451 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack overflow in Tenda FH451 firmware's setcfm function allows authenticated remote attackers to achieve complete system compromise through malicious funcname or funcpara1 parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.0.0.9 and enables remote code execution with high impact to confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Fh451 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Remote denial of service in cpp-httplib prior to version 0.37.0 allows unauthenticated attackers to crash server processes by submitting HTTP POST requests with maliciously crafted RFC 5987 filename* parameters that trigger catastrophic backtracking in the regex parser. The vulnerability exploits the recursive stack-based implementation of libstdc++'s regex engine, causing uncontrolled stack growth and stack overflow. Public exploit code exists for this vulnerability.

Stack Overflow Denial Of Service Cpp Httplib +2
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

Stack-based buffer overflow in Wavlink WL-NU516U1 firmware's login.cgi allows remote attackers with high privileges to achieve complete system compromise through a malformed ipaddr parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables unauthenticated remote code execution with full read, write, and execution capabilities on affected devices.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Authenticated users can trigger a stack-based buffer overflow in SonicOS certificate handling to cause denial of service against Sonicos firewalls. The vulnerability requires administrative privileges to exploit and results in firewall crashes rather than code execution. No patch is currently available.

Buffer Overflow Stack Overflow Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. [CVSS 7.5 HIGH]

RCE Stack Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. [CVSS 7.5 HIGH]

Stack Overflow Ac6 Firmware Tenda
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda AC15 firmware versions up to 15.13.07.13 via a stack-based buffer overflow in the /goform/TextEditingConversion endpoint allows unauthenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating immediate risk for deployed devices. An attacker can exploit this remotely with minimal complexity by manipulating the wpapsk_crypto2_4g parameter.

Buffer Overflow Stack Overflow Ac15 Firmware
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in ThinkWise by SimTech Systems allows unauthenticated remote code execution via crafted network input.

Buffer Overflow Stack Overflow Thinkwise
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes...

Buffer Overflow Stack Overflow Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack overflow denial of service in fast-xml-parser versions prior to 5.3.8 occurs when the XML builder is used with the preserveOrder option enabled, causing the application to crash. An attacker can trigger this vulnerability remotely by sending specially crafted XML input, resulting in service unavailability for applications using the affected library. A patch is available in version 5.3.8 and later.

Stack Overflow Denial Of Service Fast Xml Parser +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

SonicOS management interface suffers from stack-based buffer overflow flaws in an API endpoint that allow authenticated administrators to trigger denial of service conditions through improper input validation. The vulnerability affects Stack Overflow and Sonicos products but currently lacks an available patch, leaving deployed systems exposed to authenticated attack vectors with no mitigation path.

Buffer Overflow Stack Overflow Sonicos
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. # Magick fails to check for circular references between two MSLs, leading to a stack overflow.

Stack Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Stack buffer overflow in ImageMagick's MSL (Magick Scripting Language) parser allows remote attackers to corrupt memory and potentially execute arbitrary code by supplying an MSL document with an oversized attribute value processed by msl.c. All ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected, as well as Magick.NET bindings below 14.10.3. No public exploit identified at time of analysis and EPSS is very low (0.06%, 17th percentile), but the CVSS 9.8 reflects the worst-case unauthenticated RCE potential against any service that parses attacker-controlled MSL input.

Buffer Overflow Imagemagick Stack Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Stack-based buffer overflow in ImageMagick versions before 7.1.2-15 allows remote attackers to crash the application and potentially corrupt memory by submitting specially crafted FTXT image files. The vulnerability requires high complexity to exploit but impacts both confidentiality and availability of affected systems. No patch is currently available for this HIGH severity issue (CVSS 7.4).

Buffer Overflow Stack Overflow Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Tenda AC8 firmware versions up to 16.03.34.06 allows authenticated attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP upload handler. Public exploit code exists for this vulnerability, which has no patch available. An attacker with valid credentials can trigger the overflow by manipulating the boundary parameter in multipart upload requests.

Buffer Overflow Stack Overflow Ac8 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. [CVSS 7.3 HIGH]

Stack Overflow Libtiff Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Fh1203 Firmware +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authenticated remote attackers to achieve full system compromise through the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires valid credentials but has a high attack surface due to network accessibility and the severity of potential impacts including code execution and data exfiltration.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allows authenticated attackers to execute arbitrary code by manipulating the submit-url parameter. The vulnerability affects firmware version 1.01.07 and public exploit code exists, though no patch is currently available.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the /boafrm/formDhcpv6s function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remote code execution via a malicious URL parameter in the /boafrm/formNewSchedule function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, posing a significant risk to affected devices.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
Prev Page 6 of 25 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
2223

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy