Skip to main content

Stack-based Buffer Overflow

memory HIGH

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold.

How It Works

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold. The stack stores local variables, function parameters, and critical control information including the return address that tells the CPU where to resume execution after a function completes. When an attacker overflows a buffer, they can overwrite adjacent memory, including this return address.

The classic exploitation path involves carefully crafting input to overwrite the return address with a pointer to attacker-controlled code. Historically, attackers would inject shellcode directly into the overflowed buffer, then redirect execution to it. Modern defenses like Data Execution Prevention (DEP/NX) mark the stack as non-executable, forcing attackers to use Return-Oriented Programming (ROP) instead—chaining together existing code snippets ("gadgets") to perform malicious operations without injecting new code.

Address Space Layout Randomization (ASLR) randomizes memory addresses to make exploitation harder, but attackers can defeat it through information disclosure vulnerabilities that leak memory addresses. Stack canaries—random values placed between buffers and control data—can detect overwrites, but may be bypassed through brute-force attacks or by carefully avoiding them in partial overwrites.

Impact

  • Arbitrary code execution at the privilege level of the vulnerable process
  • Complete system compromise if the vulnerable process runs with elevated privileges (root/SYSTEM)
  • Memory corruption leading to crashes and denial of service
  • Bypass of authentication mechanisms by redirecting execution flow around security checks
  • Data theft or modification through code injection that accesses sensitive memory regions

Real-World Examples

The Morris Worm (1988) exploited a stack overflow in the Unix fingerd daemon, becoming one of the first major internet worms. The Code Red worm (2001) leveraged a stack overflow in Microsoft IIS (CVE-2001-0500) to compromise hundreds of thousands of web servers, demonstrating the massive scale of automated exploitation.

More recently, EternalBlue exploited stack corruption in Windows SMB (CVE-2017-0144), enabling the WannaCry and NotPetya ransomware outbreaks that caused billions in damage. The Heartbleed bug (CVE-2014-0160), while technically a heap-based read overflow, demonstrated how buffer handling errors remain prevalent even in security-critical software like OpenSSL.

Mitigation

  • Stack canaries (compile with -fstack-protector-all or equivalent) to detect overwrites before return
  • Address Space Layout Randomization (ASLR) to randomize memory locations
  • DEP/NX bit enforcement to prevent code execution from stack memory
  • Memory-safe string functions (use strncpy, snprintf, strlcpy instead of strcpy, sprintf, gets)
  • Compiler hardening flags (-D_FORTIFY_SOURCE=2, control-flow integrity)
  • Input validation with strict bounds checking on all externally-supplied data
  • Memory-safe languages (Rust, Go) for new development to eliminate the vulnerability class entirely

Recent CVEs (2223)

EPSS 1% CVSS 9.8
CRITICAL Act Now

ALGO 8180 has a stack-based buffer overflow in SIP INVITE Alert-Info header processing, enabling remote code execution through the VoIP protocol.

Golang RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ALGO 8180 has a stack-based buffer overflow in SIP INVITE Replaces header processing enabling remote code execution through crafted VoIP calls.

Golang RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution.

RCE Buffer Overflow Stack Overflow +3
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda AX1803 firmware version 1.0.0.1 allows unauthenticated remote attackers to execute arbitrary code by manipulating guest network parameters in the /goform/WifiGuestSet function. Public exploit code exists for this vulnerability, and no patch is currently available. This affects devices running the vulnerable firmware with network-accessible management interfaces.

Buffer Overflow Stack Overflow Ax1803 Firmware
NVD VulDB
EPSS 0%
This Week

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large `decimalPlaces` values to the affected String constructors or concat methods, the `dtostrf` function writes beyond fixed-size stack buffers, causing memory corruption and denial of service. Under speci...

Github Buffer Overflow Stack Overflow +3
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface.

RCE Buffer Overflow Stack Overflow +3
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint.

RCE Stack Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code.

RCE Stack Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1803 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

Stack Overflow Imagemagick Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial-of-service in Juniper Junos OS Packet Forwarding Engine allows authenticated attackers to crash Forwarding Processor Cards by subscribing to telemetry sensors at scale, forcing service restarts and network disruption. The vulnerability affects Junos versions before 22.4R3-S7, 23.2R2-S4, and 23.4R2, with no patch currently available. Installation of specific YANG sensor packages mitigates the issue.

Juniper Buffer Overflow Stack Overflow +2
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Gpac
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file. [CVSS 5.5 MEDIUM]

Stack Overflow Denial Of Service Gpac
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file. [CVSS 5.5 MEDIUM]

Stack Overflow Denial Of Service Gpac
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Inbit Messenger 4.6.0-4.9.0 has a second stack buffer overflow in the network handler. SEH overwrite leads to shellcode execution on Windows. PoC available.

Windows Buffer Overflow Stack Overflow +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Inbit Messenger 4.6.0-4.9.0 has unauthenticated RCE through a stack overflow in the XML protocol on port 10883. PoC available.

Stack Overflow Inbit Messenger
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system. [CVSS 7.2 HIGH]

Stack Overflow Arubaos
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Azure Connected Machine Agent exploits a stack-based buffer overflow, enabling authenticated users to gain elevated system privileges. The vulnerability affects Azure and Stack Overflow deployments and requires local access with valid credentials to exploit. No patch is currently available for this high-severity issue.

Azure Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax3 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]

Stack Overflow Denial Of Service Ax1806 Firmware +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]

Hikvision Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]

Hikvision Stack Overflow Buffer Overflow +28
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

RIOT OS ethos utility has a stack buffer overflow in _handle_char() due to missing bounds checking on serial frame data. Incoming frame bytes overflow a fixed-size stack buffer.

Buffer Overflow Stack Overflow Riot
NVD GitHub VulDB
EPSS 0% CVSS 2.4
LOW POC Monitor

RIOT OS (IoT operating system) tapslip6 utility has a stack buffer overflow due to unbounded strcpy/strcat with user-controlled device name input. PoC available.

Buffer Overflow Stack Overflow Riot
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery.

Buffer Overflow Stack Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. [CVSS 7.6 HIGH]

Buffer Overflow Stack Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Libsoup's NTLM authentication handler crashes when processing exceptionally long passwords due to a signed integer overflow in memory allocation calculations, affecting GNOME and applications relying on this library for network operations. An unauthenticated remote attacker can trigger a denial-of-service condition by sending specially crafted authentication requests. No patch is currently available.

Stack Overflow Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Libtasn1 +2
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Panda3D egg-mkfont (through 1.10.16) has a stack buffer overflow via an unbounded sprintf() with attacker-controlled glyph pattern input. PoC available.

Buffer Overflow Stack Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Local denial of service in iccDEV versions prior to 2.3.1.2 stems from a stack overflow in the calculator parser component, allowing unauthenticated users to crash the application through crafted input. Public exploit code exists for this vulnerability, which affects Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied immediately.

Stack Overflow Iccdev
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

iccDEV versions prior to 2.3.1.2 are vulnerable to stack overflow through malformed XML calculator macro expansion, allowing local attackers to trigger a denial of service condition. Public exploit code exists for this vulnerability, which affects ICC color profile manipulation tools used in Stack Overflow and Iccdev products. A patch is available in version 2.3.1.2 and should be applied promptly to mitigate exploitation risk.

Stack Overflow Iccdev
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Availability loss and potential remote code execution in libcoap (versions up to and including 4.3.5, before commit 30db3ea) arises when attacker-controlled hostname data from a proxied CoAP URI is copied into a fixed 256-byte stack buffer during address resolution without bounds checking. A remote unauthenticated attacker can reliably crash any application that enables libcoap's proxy request handling, and may achieve code execution depending on the target's compiler hardening and runtime memory protections. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the official CVSS 4.0 base score is 8.2, but that score reflects availability impact only (VA:H, VC:N/VI:N).

Buffer Overflow Stack Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Stack-based buffer overflow in the ONVIF SOAP XML parser of TP-Link Tapo C200 v3 (firmware ≤1.4.1) and C520WS v2.6 cameras enables unauthenticated remote code execution from adjacent networks. Attackers can send crafted SOAP requests with oversized namespace prefixes to trigger memory corruption and achieve full device compromise with elevated privileges. EPSS probability and KEV status indicate no public exploit identified at time of analysis, though the vulnerability affects widely deployed consumer IoT cameras with network exposure.

Buffer Overflow RCE Stack Overflow
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).

Buffer Overflow RCE Stack Overflow +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2.

Buffer Overflow RCE Stack Overflow +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.

Stack Overflow Buffer Overflow Sge Plc1000 Firmware +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

Stack Overflow Buffer Overflow Sge Plc50 Firmware +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.

Stack Overflow Buffer Overflow Sge Plc50 Firmware +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.

Stack Overflow Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.

Stack Overflow Buffer Overflow Sge Plc50 Firmware +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.

Command Injection Stack Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.

Privilege Escalation Stack Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Abb
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A stack buffer overflow vulnerability has been identified in certain router models. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality,. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Month

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet
NVD
EPSS 0% CVSS 7.2
HIGH This Month

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE
NVD
EPSS 0% CVSS 7.2
HIGH This Month

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Stack-based buffer overflow in the SMASH-CLP shell. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Stack Overflow Rockwell Buffer Overflow +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Week

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys +3
NVD GitHub
EPSS 0% CVSS 8.4
HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys +3
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC This Month

A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys +3
NVD GitHub
EPSS 5% CVSS 7.5
HIGH POC This Week

A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys +3
NVD GitHub
EPSS 0% CVSS 8.4
HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys +4
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linksys +3
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices.

Linksys RCE Denial Of Service +3
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD GitHub
Prev Page 8 of 25 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
2223

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy