CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5215 vulnerabilities reference this CWE, most recent first.
GHSA-PVGX-C7XR-3J3W
Vulnerability from github – Published: 2024-04-26 18:33 – Updated: 2024-04-26 18:33A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-4236"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-26T18:15:46Z",
"severity": "HIGH"
},
"details": "A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-pvgx-c7xr-3j3w",
"modified": "2024-04-26T18:33:42Z",
"published": "2024-04-26T18:33:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4236"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1803/formSetSysToolDDNS.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.262127"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.262127"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.319230"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PVH3-5RHH-WCG5
Vulnerability from github – Published: 2024-01-18 00:30 – Updated: 2024-01-29 18:31SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-6340"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-18T00:15:38Z",
"severity": "MODERATE"
},
"details": "SonicWall Capture Client version 3.7.10,\u00a0NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.",
"id": "GHSA-pvh3-5rhh-wcg5",
"modified": "2024-01-29T18:31:46Z",
"published": "2024-01-18T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6340"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PVHG-JW6P-89XF
Vulnerability from github – Published: 2024-06-03 21:30 – Updated: 2024-07-03 18:44Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires authentication.
{
"affected": [],
"aliases": [
"CVE-2023-52162"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-03T20:15:08Z",
"severity": "MODERATE"
},
"details": "Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires authentication.",
"id": "GHSA-pvhg-jw6p-89xf",
"modified": "2024-07-03T18:44:08Z",
"published": "2024-06-03T21:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52162"
},
{
"type": "WEB",
"url": "https://k4m1ll0.com/cve-2023-52162.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PVM7-95MC-X6R3
Vulnerability from github – Published: 2024-04-23 15:30 – Updated: 2024-07-03 18:36Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic.
{
"affected": [],
"aliases": [
"CVE-2024-33213"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-23T15:15:50Z",
"severity": "MODERATE"
},
"details": "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic.",
"id": "GHSA-pvm7-95mc-x6r3",
"modified": "2024-07-03T18:36:43Z",
"published": "2024-04-23T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33213"
},
{
"type": "WEB",
"url": "https://palm-vertebra-fe9.notion.site/fromRouteStatic_2-e98a555978be404583fef5f5c1e50efa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PVM9-9G6W-FPWP
Vulnerability from github – Published: 2024-03-14 15:34 – Updated: 2024-08-14 15:31Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.
{
"affected": [],
"aliases": [
"CVE-2024-28383"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-14T13:15:53Z",
"severity": "CRITICAL"
},
"details": "Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.",
"id": "GHSA-pvm9-9g6w-fpwp",
"modified": "2024-08-14T15:31:11Z",
"published": "2024-03-14T15:34:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28383"
},
{
"type": "WEB",
"url": "https://github.com/cvdyfbwa/IoT-Tenda-Router/blob/main/sub_431CF0.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PVRP-53VR-R883
Vulnerability from github – Published: 2024-07-24 21:31 – Updated: 2024-07-26 15:31Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.
{
"affected": [],
"aliases": [
"CVE-2024-41461"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-24T21:15:12Z",
"severity": "CRITICAL"
},
"details": "Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.",
"id": "GHSA-pvrp-53vr-r883",
"modified": "2024-07-26T15:31:50Z",
"published": "2024-07-24T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41461"
},
{
"type": "WEB",
"url": "https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/DhcpListClient/README.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PVWF-4H2P-6V45
Vulnerability from github – Published: 2024-01-10 15:30 – Updated: 2024-01-10 15:30The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
{
"affected": [],
"aliases": [
"CVE-2023-48266"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-10T13:15:48Z",
"severity": "HIGH"
},
"details": "The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.",
"id": "GHSA-pvwf-4h2p-6v45",
"modified": "2024-01-10T15:30:19Z",
"published": "2024-01-10T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48266"
},
{
"type": "WEB",
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PW2Q-78XX-RV8J
Vulnerability from github – Published: 2024-08-26 18:33 – Updated: 2024-08-28 18:31An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request.
{
"affected": [],
"aliases": [
"CVE-2024-34087"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-26T16:15:08Z",
"severity": "CRITICAL"
},
"details": "An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request.",
"id": "GHSA-pw2q-78xx-rv8j",
"modified": "2024-08-28T18:31:54Z",
"published": "2024-08-26T18:33:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34087"
},
{
"type": "WEB",
"url": "https://groups.io/g/bpq32"
},
{
"type": "WEB",
"url": "https://themodernham.com/bbs-hacking-discovering-rce-within-bpq32-seh-based-buffer-overflow"
},
{
"type": "WEB",
"url": "https://www.cantab.net/users/john.wiseman/Documents"
},
{
"type": "WEB",
"url": "https://www.youtube.com/%40ModernHam"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PW6H-4HWG-HJH5
Vulnerability from github – Published: 2023-10-11 18:30 – Updated: 2025-11-04 21:30A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-34365"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-11T16:15:13Z",
"severity": "CRITICAL"
},
"details": "A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.",
"id": "GHSA-pw6h-4hwg-hjh5",
"modified": "2025-11-04T21:30:44Z",
"published": "2023-10-11T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34365"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1763"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1763"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PW7V-3RCP-9VJC
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-49789"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:16:54Z",
"severity": "HIGH"
},
"details": "Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-pw7v-3rcp-9vjc",
"modified": "2026-07-14T18:32:01Z",
"published": "2026-07-14T18:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49789"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49789"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implement and perform bounds checking on input.
Mitigation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.