Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-121 (栈缓冲区溢出) — Vulnerability Class 2518

2518 vulnerabilities classified as CWE-121 (栈缓冲区溢出). AI Chinese analysis included.

CWE-121 represents a critical memory safety weakness where program data exceeds the allocated bounds of a stack-allocated buffer, corrupting adjacent memory structures. Attackers typically exploit this vulnerability by injecting malicious payloads that overwrite the function’s return address or saved frame pointer, thereby hijacking control flow to execute arbitrary code with the privileges of the compromised process. This exploitation is particularly dangerous because stack buffers are local variables, making the attack surface common in low-level languages like C and C++. Developers mitigate this risk by enforcing strict input validation, utilizing safe string handling functions that prevent unbounded writes, and adopting modern programming languages with automatic memory management. Additionally, implementing compiler-level protections such as stack canaries and Address Space Layout Randomization significantly raises the barrier for successful exploitation, ensuring system integrity remains intact against buffer overflow attempts.

MITRE CWE Description
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Common Consequences (3)
AvailabilityModify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
Integrity, Confidentiality, Availability, Access ControlModify Memory, Execute Unauthorized Code or Commands, Bypass Protection Mechanism
Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy.
Integrity, Confidentiality, Availability, Access Control, OtherModify Memory, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Other
When the consequence is arbitrary code execution, this can often be used to subvert any other security service.
Mitigations (5)
Operation, Build and CompilationUse automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking. D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses…
Effectiveness: Defense in Depth
Architecture and DesignUse an abstraction library to abstract away risky APIs. Not a complete solution.
ImplementationImplement and perform bounds checking on input.
ImplementationDo not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Operation, Build and CompilationRun or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code. Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported…
Effectiveness: Defense in Depth
Examples (2)
While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, stack-based buffer overflows:
#define BUFSIZE 256 int main(int argc, char **argv) { char buf[BUFSIZE]; strcpy(buf, argv[1]); }
Bad · C
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-4212 D-Link DNS-1550-04 download_mgr.cgi Downloads_Schedule_Info stack-based overflow — DNS-120 8.8 High2026-03-16
CVE-2026-4211 D-Link DNS-1550-04 local_backup_mgr.cgi Local_Backup_Info stack-based overflow — DNS-120 8.8 High2026-03-16
CVE-2026-4188 D-Link DIR-619L boa formSchedule stack-based overflow — DIR-619L 8.8 High2026-03-15
CVE-2026-4185 GPAC MP4Box swf_parse.c swf_def_bits_jpeg stack-based overflow — GPAC 6.3 Medium2026-03-15
CVE-2026-4184 D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow — DIR-816 9.8 Critical2026-03-15
CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow — DIR-816 9.8 Critical2026-03-15
CVE-2026-4182 D-Link DIR-816 goahead form2Wl5RepeaterStep2.cgi stack-based overflow — DIR-816 9.8 Critical2026-03-15
CVE-2026-4181 D-Link DIR-816 goahead form2RepeaterStep2.cgi stack-based overflow — DIR-816 9.8 Critical2026-03-15
CVE-2026-4172 TRENDnet TEW-632BRP HTTP POST Request ping_response.cgi stack-based overflow — TEW-632BRP 7.2 High2026-03-15
CVE-2026-4167 Belkin F9K1122 formReboot stack-based overflow — F9K1122 8.8 High2026-03-15
CVE-2026-32708 Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot) — PX4-Autopilot 7.8 High2026-03-13
CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop — PX4-Autopilot 5.2 Medium2026-03-13
CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer — PX4-Autopilot 6.8 Medium2026-03-13
CVE-2026-3081 GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability — GStreamer 8.4 -2026-03-13
CVE-2026-32259 ImageMagick has a possible stack buffer overflow in sixel encoder — ImageMagick 6.7 Medium2026-03-12
CVE-2026-4043 Tenda i12 wifiSSIDget formwrlSSIDget stack-based overflow — i12 8.8 High2026-03-12
CVE-2026-4042 Tenda i12 WifiMacFilterGet formWifiMacFilterGet stack-based overflow — i12 8.8 High2026-03-12
CVE-2026-4041 Tenda i12 exeCommand vos_strcpy stack-based overflow — i12 8.8 High2026-03-12
CVE-2026-4015 GPAC TeXML File load_text.c txtin_process_texml stack-based overflow — GPAC 5.3 Medium2026-03-12
CVE-2026-4008 Tenda W3 POST Parameter wifiSSIDset stack-based overflow — W3 8.8 High2026-03-12
CVE-2026-4007 Tenda W3 POST Parameter wifiSSIDget stack-based overflow — W3 8.8 High2026-03-12
CVE-2026-3978 D-Link DIR-513 formEasySetupWizard3 stack-based overflow — DIR-513 8.8 High2026-03-12
CVE-2026-3976 Tenda W3 POST Parameter WifiMacFilterSet formWifiMacFilterSet stack-based overflow — W3 8.8 High2026-03-12
CVE-2026-3975 Tenda W3 POST Parameter WifiMacFilterGet formWifiMacFilterGet stack-based overflow — W3 8.8 High2026-03-12
CVE-2026-3974 Tenda W3 HTTP exeCommand formexeCommand stack-based overflow — W3 8.8 High2026-03-12
CVE-2026-3973 Tenda W3 POST Parameter setAutoPing formSetAutoPing stack-based overflow — W3 8.8 High2026-03-12
CVE-2026-3972 Tenda W3 HTTP setcfm formSetCfm stack-based overflow — W3 8.8 High2026-03-12
CVE-2026-3971 Tenda i3 wifiSSIDset formwrlSSIDset stack-based overflow — i3 8.8 High2026-03-12
CVE-2026-3970 Tenda i3 wifiSSIDget formwrlSSIDget stack-based overflow — i3 8.8 High2026-03-12
CVE-2026-27267 Illustrator | Stack-based Buffer Overflow (CWE-121) — Illustrator 7.8 High2026-03-10

Vulnerabilities classified as CWE-121 (栈缓冲区溢出) represent 2518 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.