Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CWE-121 (栈缓冲区溢出) — Vulnerability Class 2541

2541 vulnerabilities classified as CWE-121 (栈缓冲区溢出). AI Chinese analysis included.

CWE-121 represents a critical memory safety weakness where program data exceeds the allocated bounds of a stack-allocated buffer, corrupting adjacent memory structures. Attackers typically exploit this vulnerability by injecting malicious payloads that overwrite the function’s return address or saved frame pointer, thereby hijacking control flow to execute arbitrary code with the privileges of the compromised process. This exploitation is particularly dangerous because stack buffers are local variables, making the attack surface common in low-level languages like C and C++. Developers mitigate this risk by enforcing strict input validation, utilizing safe string handling functions that prevent unbounded writes, and adopting modern programming languages with automatic memory management. Additionally, implementing compiler-level protections such as stack canaries and Address Space Layout Randomization significantly raises the barrier for successful exploitation, ensuring system integrity remains intact against buffer overflow attempts.

MITRE CWE Description
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Common Consequences (3)
AvailabilityModify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
Integrity, Confidentiality, Availability, Access ControlModify Memory, Execute Unauthorized Code or Commands, Bypass Protection Mechanism
Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy.
Integrity, Confidentiality, Availability, Access Control, OtherModify Memory, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Other
When the consequence is arbitrary code execution, this can often be used to subvert any other security service.
Mitigations (5)
Operation, Build and CompilationUse automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking. D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses…
Effectiveness: Defense in Depth
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
ImplementationImplement and perform bounds checking on input.
ImplementationDo not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Operation, Build and CompilationRun or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code. Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported…
Effectiveness: Defense in Depth
Examples (2)
While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, stack-based buffer overflows:
#define BUFSIZE 256 int main(int argc, char **argv) { char buf[BUFSIZE]; strcpy(buf, argv[1]); }
Bad · C
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2014-125117 D-Link info.cgi POST Request Stack-Based Buffer Overflow RCE — DSP-W215 9.8 -2025-07-25
CVE-2025-8159 D-Link DIR-513 HTTP POST Request formLanguageChange stack-based overflow — DIR-513 8.8 High2025-07-25
CVE-2025-8131 Tenda AC20 SetStaticRouteCfg stack-based overflow — AC20 8.8 High2025-07-25
CVE-2025-40596 SonicWall SMA 100 Series 安全漏洞 — SMA 100 Series 9.8 -2025-07-23
CVE-2025-41687 Weidmueller: Unauthenticated Stack-Based Buffer Overflow in u-link Management API — IE-SR-2TX-WL 9.8 Critical2025-07-23
CVE-2025-8060 Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow — AC23 8.8 High2025-07-23
CVE-2025-8017 Tenda AC7 httpd setMacFilterCfg formSetMacFilterCfg stack-based overflow — AC7 8.8 High2025-07-22
CVE-2025-7921 ASKEY|modem - Stack-based Buffer Overflow — RTF8207w 9.8 Critical2025-07-21
CVE-2025-7911 D-Link DI-8100 jhttpd upnp_ctrl.asp sprintf stack-based overflow — DI-8100 8.8 High2025-07-20
CVE-2025-7910 D-Link DIR-513 Boa Webserver formSetWanNonLogin sprintf stack-based overflow — DIR-513 8.8 High2025-07-20
CVE-2025-7909 D-Link DIR-513 Boa Webserver formLanSetupRouterSettings sprintf stack-based overflow — DIR-513 8.8 High2025-07-20
CVE-2025-7908 D-Link DI-8100 jhttpd ddns.asp sprintf stack-based overflow — DI-8100 8.8 High2025-07-20
CVE-2025-7855 Tenda FH451 qossetting fromqossetting stack-based overflow — FH451 8.8 High2025-07-19
CVE-2025-7854 Tenda FH451 VirtualSer fromVirtualSer stack-based overflow — FH451 8.8 High2025-07-19
CVE-2025-7853 Tenda FH451 SetIpBind fromSetIpBind stack-based overflow — FH451 8.8 High2025-07-19
CVE-2025-7807 Tenda FH451 SafeUrlFilter fromSafeUrlFilter stack-based overflow — FH451 8.8 High2025-07-18
CVE-2025-7806 Tenda FH451 SafeClientFilter fromSafeClientFilter stack-based overflow — FH451 8.8 High2025-07-18
CVE-2025-7805 Tenda FH451 PPTPUserSetting fromPptpUserSetting stack-based overflow — FH451 8.8 High2025-07-18
CVE-2025-7796 Tenda FH451 PPTPDClient fromPptpUserAdd stack-based overflow — FH451 8.8 High2025-07-18
CVE-2025-7795 Tenda FH451 P2pListFilter fromP2pListFilter stack-based overflow — FH451 8.8 High2025-07-18
CVE-2025-7794 Tenda FH451 NatStaticSetting fromNatStaticSetting stack-based overflow — FH451 8.8 High2025-07-18
CVE-2025-7793 Tenda FH451 webtypelibrary formWebTypeLibrary stack-based overflow — FH451 8.8 High2025-07-18
CVE-2025-7792 Tenda FH451 SafeEmailFilter formSafeEmailFilter stack-based overflow — FH451 8.8 High2025-07-18
CVE-2025-7790 D-Link DI-8100 HTTP Request menu_nat.asp stack-based overflow — DI-8100 8.8 High2025-07-18
CVE-2025-7762 D-Link DI-8100 HTTP Request menu_nat_more.asp stack-based overflow — DI-8100 8.8 High2025-07-17
CVE-2025-34127 Achat v0.150 SEH Buffer Overflow via UDP — Achat Chat Server 9.8AICriticalAI2025-07-16
CVE-2025-34124 Heroes of Might and Magic III .h3m Map File Buffer Overflow — Heroes of Might and Magic III 7.8AIHighAI2025-07-16
CVE-2025-34123 VideoCharge Studio 2.12.3.685 SEH Buffer Overflow via .VSC File — Studio 7.8AIHighAI2025-07-16
CVE-2025-36097 IBM WebSphere Application Server denial of service — WebSphere Application Server 7.5 High2025-07-16
CVE-2025-34107 WinaXe 7.7 FTP Client Remote Buffer Overflow — WinaXe FTP Client 8.8AIHighAI2025-07-15

Vulnerabilities classified as CWE-121 (栈缓冲区溢出) represent 2541 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.