Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-121 (栈缓冲区溢出) — Vulnerability Class 2530

2530 vulnerabilities classified as CWE-121 (栈缓冲区溢出). AI Chinese analysis included.

CWE-121 represents a critical memory safety weakness where program data exceeds the allocated bounds of a stack-allocated buffer, corrupting adjacent memory structures. Attackers typically exploit this vulnerability by injecting malicious payloads that overwrite the function’s return address or saved frame pointer, thereby hijacking control flow to execute arbitrary code with the privileges of the compromised process. This exploitation is particularly dangerous because stack buffers are local variables, making the attack surface common in low-level languages like C and C++. Developers mitigate this risk by enforcing strict input validation, utilizing safe string handling functions that prevent unbounded writes, and adopting modern programming languages with automatic memory management. Additionally, implementing compiler-level protections such as stack canaries and Address Space Layout Randomization significantly raises the barrier for successful exploitation, ensuring system integrity remains intact against buffer overflow attempts.

MITRE CWE Description
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Common Consequences (3)
AvailabilityModify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
Integrity, Confidentiality, Availability, Access ControlModify Memory, Execute Unauthorized Code or Commands, Bypass Protection Mechanism
Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy.
Integrity, Confidentiality, Availability, Access Control, OtherModify Memory, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Other
When the consequence is arbitrary code execution, this can often be used to subvert any other security service.
Mitigations (5)
Operation, Build and CompilationUse automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking. D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses…
Effectiveness: Defense in Depth
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
ImplementationImplement and perform bounds checking on input.
ImplementationDo not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Operation, Build and CompilationRun or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code. Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported…
Effectiveness: Defense in Depth
Examples (2)
While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, stack-based buffer overflows:
#define BUFSIZE 256 int main(int argc, char **argv) { char buf[BUFSIZE]; strcpy(buf, argv[1]); }
Bad · C
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-6566 oatpp Oat++ Deserializer.cpp deserializeArray stack-based overflow — Oat++ 5.3 Medium2025-06-24
CVE-2025-6565 Netgear WNCE3001 HTTP POST Request http_d stack-based overflow — WNCE3001 8.8 High2025-06-24
CVE-2025-6511 Netgear EX6150 sub_410090 stack-based overflow — EX6150 8.8 High2025-06-23
CVE-2025-6510 Netgear EX6100 sub_415EF8 stack-based overflow — EX6100 8.8 High2025-06-23
CVE-2025-6487 TOTOLINK A3002R formRoute stack-based overflow — A3002R 8.8 High2025-06-22
CVE-2025-6486 TOTOLINK A3002R formWlanMultipleAP stack-based overflow — A3002R 8.8 High2025-06-22
CVE-2025-6374 D-Link DIR-619L formSetACLFilter stack-based overflow — DIR-619L 8.8 High2025-06-21
CVE-2025-6373 D-Link DIR-619L formWlSiteSurvey formSetWizard1 stack-based overflow — DIR-619L 8.8 High2025-06-20
CVE-2025-6372 D-Link DIR-619L formSetWizard1 stack-based overflow — DIR-619L 8.8 High2025-06-20
CVE-2025-6371 D-Link DIR-619L formSetEnableWizard stack-based overflow — DIR-619L 8.8 High2025-06-20
CVE-2025-6370 D-Link DIR-619L formWlanGuestSetup stack-based overflow — DIR-619L 8.8 High2025-06-20
CVE-2025-6369 D-Link DIR-619L formdumpeasysetup stack-based overflow — DIR-619L 8.8 High2025-06-20
CVE-2025-6368 D-Link DIR-619L formSetEmail stack-based overflow — DIR-619L 8.8 High2025-06-20
CVE-2025-6367 D-Link DIR-619L formSetDomainFilter stack-based overflow — DIR-619L 8.8 High2025-06-20
CVE-2025-6334 D-Link DIR-867 Query String strncpy stack-based overflow — DIR-867 8.8 High2025-06-20
CVE-2025-6328 D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow — DIR-815 8.8 High2025-06-20
CVE-2025-6302 TOTOLINK EX1200T cstecgi.cgi setStaticDhcpConfig stack-based overflow — EX1200T 8.8 High2025-06-20
CVE-2025-6292 D-Link DIR-825 HTTP POST Request sub_4091AC stack-based overflow — DIR-825 8.8 High2025-06-20
CVE-2025-6291 D-Link DIR-825 HTTP POST Request do_file stack-based overflow — DIR-825 8.8 High2025-06-20
CVE-2025-41388 Fuji Electric Smart Editor Stack-based Buffer Overflow — Smart Editor 7.8 High2025-06-17
CVE-2025-6158 D-Link DIR-665 HTTP POST Request sub_AC78 stack-based overflow — DIR-665 8.8 High2025-06-17
CVE-2025-6141 GNU ncurses parse_entry.c postprocess_termcap stack-based overflow — ncurses 3.3 Low2025-06-16
CVE-2025-6170 Libxml2: stack buffer overflow in xmllint interactive shell command handling 2.5 Low2025-06-16
CVE-2025-6121 D-Link DIR-632 HTTP POST Request get_pure_content stack-based overflow — DIR-632 9.8 Critical2025-06-16
CVE-2025-6115 D-Link DIR-619L form_macfilter stack-based overflow — DIR-619L 8.8 High2025-06-16
CVE-2025-6114 D-Link DIR-619L form_portforwarding stack-based overflow — DIR-619L 8.8 High2025-06-16
CVE-2025-6111 Tenda FH1205 VirtualSer fromVirtualSer stack-based overflow — FH1205 8.8 High2025-06-16
CVE-2025-6110 Tenda FH1201 SafeMacFilter stack-based overflow — FH1201 8.8 High2025-06-16
CVE-2025-6093 uYanki board-stm32f103rc-berial heartrate1_hal.c heartrate1_i2c_hal_write stack-based overflow — board-stm32f103rc-berial 5.5 Medium2025-06-15
CVE-2025-24922 Dell ControlVault3/ControlVault3 Plus securebio_identify stack-based buffer overflow vulnerability — BCM5820X 8.8 High2025-06-13

Vulnerabilities classified as CWE-121 (栈缓冲区溢出) represent 2530 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.