Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-121 (栈缓冲区溢出) — Vulnerability Class 2518

2518 vulnerabilities classified as CWE-121 (栈缓冲区溢出). AI Chinese analysis included.

CWE-121 represents a critical memory safety weakness where program data exceeds the allocated bounds of a stack-allocated buffer, corrupting adjacent memory structures. Attackers typically exploit this vulnerability by injecting malicious payloads that overwrite the function’s return address or saved frame pointer, thereby hijacking control flow to execute arbitrary code with the privileges of the compromised process. This exploitation is particularly dangerous because stack buffers are local variables, making the attack surface common in low-level languages like C and C++. Developers mitigate this risk by enforcing strict input validation, utilizing safe string handling functions that prevent unbounded writes, and adopting modern programming languages with automatic memory management. Additionally, implementing compiler-level protections such as stack canaries and Address Space Layout Randomization significantly raises the barrier for successful exploitation, ensuring system integrity remains intact against buffer overflow attempts.

MITRE CWE Description
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Common Consequences (3)
AvailabilityModify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
Integrity, Confidentiality, Availability, Access ControlModify Memory, Execute Unauthorized Code or Commands, Bypass Protection Mechanism
Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy.
Integrity, Confidentiality, Availability, Access Control, OtherModify Memory, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Other
When the consequence is arbitrary code execution, this can often be used to subvert any other security service.
Mitigations (5)
Operation, Build and CompilationUse automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking. D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses…
Effectiveness: Defense in Depth
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
ImplementationImplement and perform bounds checking on input.
ImplementationDo not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Operation, Build and CompilationRun or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code. Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported…
Effectiveness: Defense in Depth
Examples (2)
While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, stack-based buffer overflows:
#define BUFSIZE 256 int main(int argc, char **argv) { char buf[BUFSIZE]; strcpy(buf, argv[1]); }
Bad · C
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-2896 Measuresoft ScadaPro Server Use After Free — ScadaPro Server 7.8 High2022-08-31
CVE-2022-1405 Delta Electronics CNCSoft Stack-based Buffer Overflow — CNCSoft 7.8 High2022-08-31
CVE-2022-1888 Fuji Electric Alpha7 PC Loader Fuji Electric Alpha7 PC Loader — Alpha7 PC Loader 7.8 High2022-08-31
CVE-2022-1355 LibTIFF 缓冲区错误漏洞 — libtiff 7.1 -2022-08-31
CVE-2022-20824 Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability — Cisco NX-OS Software 8.8 High2022-08-25
CVE-2022-23460 Stack overflow in Jsonxx — Jsonxx 5.9 Medium2022-08-19
CVE-2022-28750 Zoom On-Premise Deployments: Stack Buffer Overflow in Meeting Connector — Zoom On-Premise Meeting Connector Zone Controller (ZC) 7.5 High2022-08-11
CVE-2022-26009 TCL LinkHub Mesh Wi-Fi 缓冲区错误漏洞 — LinkHub Mesh Wifi 9.8 -2022-08-05
CVE-2022-25996 TCL LinkHub Mesh Wi-Fi 缓冲区错误漏洞 — LinkHub Mesh Wifi 9.8 -2022-08-05
CVE-2022-23919 TCL LinkHub Mesh Wi-Fi 缓冲区错误漏洞 — LinkHub Mesh Wifi 9.8 -2022-08-05
CVE-2022-23918 TCL LinkHub Mesh Wi-Fi 缓冲区错误漏洞 — LinkHub Mesh Wifi 9.8 -2022-08-05
CVE-2022-23399 TCL LinkHub Mesh Wi-Fi 缓冲区错误漏洞 — LinkHub Mesh Wifi 9.8 -2022-08-05
CVE-2022-23103 TCL LinkHub Mesh Wi-Fi 缓冲区错误漏洞 — LinkHub Mesh Wifi 9.8 -2022-08-05
CVE-2022-21201 TCL LinkHub Mesh Wi-Fi 缓冲区错误漏洞 — LinkHub Mesh Wifi 9.8 -2022-08-05
CVE-2022-37398 A stack-based buffer overflow vulnerability was found on ADM — ADM 7.1 High2022-08-05
CVE-2022-35867 xhyve 安全漏洞 — xhyve 6.7 -2022-08-03
CVE-2022-2304 Stack-based Buffer Overflow in vim/vim — vim/vim 7.8 -2022-07-05
CVE-2022-2078 Linux kernel 安全漏洞 — kernel 5.5 -2022-06-30
CVE-2021-3434 L2CAP: Stack based buffer overflow in le_ecred_conn_req() — zephyr 4.9 Medium2022-06-28
CVE-2022-29496 Blynk 缓冲区错误漏洞 — Blynk-Library 9.8 -2022-06-17
CVE-2022-20825 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability — Cisco Small Business RV Series Router Firmware 9.8 Critical2022-06-15
CVE-2019-25062 Sricam IP CCTV Camera Device Viewer stack-based overflow — IP CCTV Camera 5.3 Medium2022-06-04
CVE-2021-26635 Bandisoft ARK Library buffer overflow vulnerability — ark library 7.8 High2022-06-01
CVE-2022-1669 Circutor COMPACT DC-S BASIC — COMPACT DC-S BASIC 6.8 Medium2022-05-24
CVE-2021-32941 Annke Network Video Recorder - Stack-based Buffer Overflow — N48PBB (NVR) 9.4 Critical2022-05-23
CVE-2020-16209 Fieldcomm Group HART-IP and hipserver - Stack-based Buffer Overflow — HART-IP Developer Kit 9.8 Critical2022-05-19
CVE-2022-22281 SonicWALL NetExtender Windows client 安全漏洞 — SonicWall NetExtender Windows (32 and 64 bit) Client 7.8 -2022-05-13
CVE-2022-26002 InHand Networks InRouter302 缓冲区错误漏洞 — InRouter302 7.2 -2022-05-12
CVE-2022-27791 Adobe Acrobat Reader DC Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability — Acrobat Reader 7.8 -2022-05-11
CVE-2022-24290 Siemens Teamcenter 缓冲区错误漏洞 — Teamcenter V12.4 6.5 -2022-05-10

Vulnerabilities classified as CWE-121 (栈缓冲区溢出) represent 2518 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.