CWE-121 3334 件の CVE MITRE の定義 ↗

CWE-121: Stack-based Buffer Overflow

概要

CWE-121(Stack-based Buffer Overflow)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響
セキュリティ影響:製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

背景の詳細

CWE カタログからの補足説明(MITRE XHTML を基に表示)。

There are generally several security-critical data on an execution stack that can lead to arbitrary code execution. The most prominent is the stored return address, the memory address at which execution should continue once the current function is finished executing. The attacker can overwrite this value with some memory address to which the attacker also has write access, into which they place arbitrary code to be run with the full privileges of the vulnerable program. Alternately, the attacker can supply the address of an important call, for instance the POSIX system() call, leaving arguments to the call on the stack. This is often called a return into libc exploit, since the attacker generally forces the program to jump at return time into an interesting routine in the C standard library (libc). Other important data commonly on the stack include the stack pointer and frame pointer, two values that indicate offsets for computing memory addresses. Modifying those values can often be leveraged into a "write-what-where" condition.

適用プラットフォーム

種別 名称 クラス 普遍性 OS / CPE
language Memory-Unsafe Often
language C Often
language C++ Often
technology Not Technology-Specific Undetermined

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE 公開 概要
CVE-2026-11024 2026-06-04 Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-10898 2026-06-04 Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
CVE-2026-47318 2026-06-04 Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035.
CVE-2026-35085 2026-06-03 A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
CVE-2026-35084 2026-06-03 A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
CVE-2026-35083 2026-06-03 A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
CVE-2026-50031 2026-06-03 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform ma…
CVE-2026-49943 2026-06-02 CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-si…
CVE-2026-1871 2026-06-02 TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted a…
CVE-2026-35716 2026-06-02 A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 …
CVE-2026-30649 2026-06-02 Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
CVE-2026-35717 2026-06-02 A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST …
CVE-2026-10528 2026-06-02 A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the co…
CVE-2026-24085 2026-06-01 Memory Corruption when processing display command line information due to improper initialization of a variable.
CVE-2025-59613 2026-06-01 Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
CVE-2025-59612 2026-06-01 Memory corruption in windows drivers while sending incorrect trusted application request
CVE-2026-10293 2026-06-01 A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer ove…
CVE-2026-10292 2026-06-01 A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The att…
CVE-2018-25427 2026-06-01 Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can…
CVE-2026-43958 2026-06-01 A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnera…

コンテンツ投稿

名称
CLASP
日付
2006-07-19
バージョン
Draft 3

コンテンツの変更履歴

日付 名称 バージョン 重要度 コメント
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-08-01 1.0 added/updated white box definitions
2008-09-08 CWE Content Team 1.0 updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2009-01-12 CWE Content Team 1.2 updated Common_Consequences, Relationships
2009-07-17 KDM Analytics 1.5 Improved the White_Box_Definition
2009-07-27 CWE Content Team 1.5 updated Potential_Mitigations, White_Box_Definitions
2009-10-29 CWE Content Team 1.6 updated Relationships
2010-02-16 CWE Content Team 1.8 updated References
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Demonstrative_Examples, References, Relationships
2012-10-30 CWE Content Team 2.3 updated Demonstrative_Examples, Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Background_Details, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions
2018-03-27 CWE Content Team 3.1 updated References
2019-01-03 CWE Content Team 3.2 updated Relationships
2019-09-19 CWE Content Team 3.4 updated References
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Common_Consequences
2021-03-15 CWE Content Team 4.4 updated Demonstrative_Examples, References
2021-07-20 CWE Content Team 4.5 updated Demonstrative_Examples
2022-06-28 CWE Content Team 4.8 updated Observed_Examples
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Potential_Mitigations, References, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Relationships
2025-04-03 CWE Content Team 4.17 updated Applicable_Platforms
2025-09-09 CWE Content Team 4.18 updated Affected_Resources, Functional_Areas, References
2025-12-11 CWE Content Team 4.19 updated Alternate_Terms, Applicable_Platforms, Detection_Factors, Other_Notes, References, Relationship_Notes, Terminology_Notes
2026-01-21 CWE Content Team 4.19.1 updated Relationships
cvelogic Threat Intelligence