Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-49759

Summary
Assigner-EEF
Assigner Org ID-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At-10 Jun, 2026 | 14:35
Updated At-01 Jul, 2026 | 04:45
Rejected At-
Credits

Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] array without checking bounds. A remote attacker who has established an SCTP association to a listening port can send a single crafted SCTP ERROR chunk containing enough cause codes to overflow the stack buffer, crashing the VM. The attacker can only write 16-bit values interleaved with a fixed tag, so the overflow does not provide a controlled return address, limiting exploitation to Denial of Service. A crafted SCTP ERROR chunk may also leak bits and pieces of Erlang VM memory into the received error packet observed by the Erlang process. Such data is already readable by the user running the Erlang VM, so the disclosure scope is limited. This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erts from 6.0 before 15.2.7.9, 16.4.0.2 and 17.0.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:EEF
Assigner Org ID:6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At:10 Jun, 2026 | 14:35
Updated At:01 Jul, 2026 | 04:45
Rejected At:
ā–¼CVE Numbering Authority (CNA)
Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] array without checking bounds. A remote attacker who has established an SCTP association to a listening port can send a single crafted SCTP ERROR chunk containing enough cause codes to overflow the stack buffer, crashing the VM. The attacker can only write 16-bit values interleaved with a fixed tag, so the overflow does not provide a controlled return address, limiting exploitation to Denial of Service. A crafted SCTP ERROR chunk may also leak bits and pieces of Erlang VM memory into the received error packet observed by the Erlang process. Such data is already readable by the user running the Erlang VM, so the disclosure scope is limited. This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erts from 6.0 before 15.2.7.9, 16.4.0.2 and 17.0.2.

Affected Products
Vendor
Erlang
Product
OTP
Package Name
erts
Repo
https://github.com/erlang/otp
CPEs
  • cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Modules
  • inet_drv
Program Files
  • emulator/drivers/common/inet_drv.c
Program Routines
  • sctp_parse_error_chunk
Default Status
unknown
Versions
Affected
  • From 6.0 before * (otp)
    • -> unaffectedfrom15.2.7.9
    • -> unaffectedfrom16.4.0.2
    • -> unaffectedfrom17.0.2
Vendor
Erlang
Product
OTP
Collection URL
https://github.com
Package Name
erlang/otp
Repo
https://github.com/erlang/otp
CPEs
  • cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Modules
  • inet_drv
Program Files
  • erts/emulator/drivers/common/inet_drv.c
Program Routines
  • sctp_parse_error_chunk
Default Status
unknown
Versions
Affected
  • From 17.0 before * (otp)
    • -> unaffectedfrom27.3.4.13
    • -> unaffectedfrom28.5.0.2
    • -> unaffectedfrom29.0.2
  • From 84adefa331c4159d432d22840663c38f155cd4c1 before 3983d495284331c121f600a80bac9fcf4e16381e (git)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.08.8HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions

Configurations

SCTP support must be compiled into OTP. A listening SCTP socket must be opened via gen_sctp with the default inet backend and must be reachable from the attacker's network. Windows builds are unaffected as SCTP is not supported on Windows.

Workarounds

Exploits

Credits

finder
Zhang Delong
remediation developer
Raimo Niskanen
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97
vendor-advisory
related
https://cna.erlef.org/cves/CVE-2026-49759.html
related
https://osv.dev/vulnerability/EEF-CVE-2026-49759
related
https://www.erlang.org/doc/system/versions.html#order-of-versions
x_version-scheme
https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e
patch
Hyperlink: https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97
Resource:
vendor-advisory
related
Hyperlink: https://cna.erlef.org/cves/CVE-2026-49759.html
Resource:
related
Hyperlink: https://osv.dev/vulnerability/EEF-CVE-2026-49759
Resource:
related
Hyperlink: https://www.erlang.org/doc/system/versions.html#order-of-versions
Resource:
x_version-scheme
Hyperlink: https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e
Resource:
patch
ā–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. erlang: Erlang OTP: Denial of Service via crafted SCTP ERROR chunk

A flaw was found in Erlang OTP (Open Telecom Platform) erts, specifically within the `inet_drv` component. An unauthenticated remote attacker can exploit a stack-based buffer overflow vulnerability by sending a specially crafted Stream Control Transmission Protocol (SCTP) ERROR chunk. This can lead to a Denial of Service (DoS) by crashing the BEAM virtual machine. Additionally, this flaw may result in limited information disclosure by leaking small portions of Erlang VM memory.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.2
CPEs
  • cpe:/a:redhat:openstack:16.2
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1
CPEs
  • cpe:/a:redhat:openstack:17.1
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 18.0
CPEs
  • cpe:/a:redhat:openstack:18.0
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-06-10 16:01:51
Made public.2026-06-10 14:35:38
Event: Reported to Red Hat.
Date: 2026-06-10 16:01:51
Event: Made public.
Date: 2026-06-10 14:35:38
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-49759
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2487607
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49759.json
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-49759
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2487607
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49759.json
Resource:
x_sadp-csaf-vex
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At:10 Jun, 2026 | 16:17
Updated At:30 Jun, 2026 | 03:20

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] array without checking bounds. A remote attacker who has established an SCTP association to a listening port can send a single crafted SCTP ERROR chunk containing enough cause codes to overflow the stack buffer, crashing the VM. The attacker can only write 16-bit values interleaved with a fixed tag, so the overflow does not provide a controlled return address, limiting exploitation to Denial of Service. A crafted SCTP ERROR chunk may also leak bits and pieces of Erlang VM memory into the received error packet observed by the Erlang process. Such data is already readable by the user running the Erlang VM, so the disclosure scope is limited. This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erts from 6.0 before 15.2.7.9, 16.4.0.2 and 17.0.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.8HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Secondary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

erlang
erlang
>>erlang\/otp>>Versions from 17.0(inclusive) to 27.3.4.13(exclusive)
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
erlang
erlang
>>erlang\/otp>>Versions from 28.0(inclusive) to 28.5.0.2(exclusive)
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
erlang
erlang
>>erlang\/otp>>Versions from 29.0(inclusive) to 29.0.2(exclusive)
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
erlang
erlang
>>erts>>Versions from 6.0(inclusive) to 15.2.7.9(exclusive)
cpe:2.3:a:erlang:erts:*:*:*:*:*:*:*:*
erlang
erlang
>>erts>>Versions from 16.0(inclusive) to 16.4.0.2(exclusive)
cpe:2.3:a:erlang:erts:*:*:*:*:*:*:*:*
erlang
erlang
>>erts>>Versions from 17.0(inclusive) to 17.0.2(exclusive)
cpe:2.3:a:erlang:erts:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondary6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CWE-120Secondary0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE ID: CWE-121
Type: Secondary
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CWE ID: CWE-120
Type: Secondary
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cna.erlef.org/cves/CVE-2026-49759.html6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Third Party Advisory
https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Patch
https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g976b3ad84c-e1a6-4bf7-a703-f496b71e49db
Vendor Advisory
https://osv.dev/vulnerability/EEF-CVE-2026-497596b3ad84c-e1a6-4bf7-a703-f496b71e49db
Third Party Advisory
https://www.erlang.org/doc/system/versions.html#order-of-versions6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Product
https://access.redhat.com/security/cve/CVE-2026-497590b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=24876070b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49759.json0b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
Hyperlink: https://cna.erlef.org/cves/CVE-2026-49759.html
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Third Party Advisory
Hyperlink: https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Patch
Hyperlink: https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Vendor Advisory
Hyperlink: https://osv.dev/vulnerability/EEF-CVE-2026-49759
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Third Party Advisory
Hyperlink: https://www.erlang.org/doc/system/versions.html#order-of-versions
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Product
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-49759
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2487607
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49759.json
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

118Records found

CVE-2010-3872
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.77% / 84.55%
||
7 Day CHG~0.00%
Published-20 Nov, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

Action-Not Available
Vendor-n/aFedora ProjectThe Apache Software FoundationRed Hat, Inc.
Product-mod_fcgidmod_fcgidRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-5222
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.30% / 21.37%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:51
Updated-30 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Icu: stack buffer overflow in the srbroot::addtag function

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

Action-Not Available
Vendor-unicodeRed Hat, Inc.
Product-international_components_for_unicodeRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-48796
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.16% / 5.67%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 14:04
Updated-30 Jun, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimp: stack-based buffer overflows in file-ico

A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-46397
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.25% / 16.11%
||
7 Day CHG-0.00%
Published-23 Apr, 2025 | 20:55
Updated-30 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xfig: xfig: stack-overflow allows possible code execution via local input manipulation

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.

Action-Not Available
Vendor-fig2dev_projectRed Hat, Inc.
Product-fig2deventerprise_linuxRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-46398
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 12.53%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 20:55
Updated-30 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xfig: fig2dev stack-overflow via read_objects

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

Action-Not Available
Vendor-fig2dev_projectRed Hat, Inc.
Product-fig2deventerprise_linuxRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-43433
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.12% / 62.09%
||
7 Day CHG+0.23%
Published-04 Nov, 2025 | 01:15
Updated-30 Jun, 2026 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvossafariwatchosiphone_osipadosvisionoswatchOSSafarivisionOSmacOStvOSiOS and iPadOSRed Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-43441
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.91% / 55.57%
||
7 Day CHG+0.29%
Published-04 Nov, 2025 | 01:17
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvossafariiphone_osipadosvisionosSafarivisionOSmacOStvOSiOS and iPadOSRed Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-43214
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.96% / 57.26%
||
7 Day CHG+0.13%
Published-29 Jul, 2025 | 23:35
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvossafariwatchosiphone_osmacosipadosvisionoswatchOSSafarivisionOSmacOStvOSiOS and iPadOSRed Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-31223
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8||HIGH
EPSS-0.54% / 41.38%
||
7 Day CHG+0.03%
Published-12 May, 2025 | 21:42
Updated-01 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvossafariwatchosiphone_osmacosipadosvisionoswatchOSmacOStvOSSafariiOS and iPadOSvisionOSRed Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-31277
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.48% / 70.79%
||
7 Day CHG+0.05%
Published-29 Jul, 2025 | 23:29
Updated-01 Jul, 2026 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-04-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-wpewebkitwebkitgtkRed Hat, Inc.Apple Inc.
Product-safarienterprise_linux_tustvosmacosenterprise_linux_ausiphone_osipadoswatchosvisionosenterprise_linux_eusenterprise_linux_elswebkitgtkenterprise_linuxenterprise_linux_update_services_for_sap_solutionswpe_webkitwatchOSSafarivisionOSmacOStvOSiOS and iPadOSRed Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)Multiple Products
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-10907
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-3.36% / 87.26%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxvirtualization_hostglusterfsleapglusterfs
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19334
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-3.87% / 88.92%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 15:22
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Action-Not Available
Vendor-cesnetRed Hat, Inc.Fedora Project
Product-libyangenterprise_linuxfedoralibyang
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19333
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-3.64% / 88.22%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 15:19
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Action-Not Available
Vendor-cesnetRed Hat, Inc.
Product-libyangenterprise_linuxlibyang
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4527
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.51% / 71.31%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 16:32
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: stack read overflow in getaddrinfo in no-aaaa mode

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Action-Not Available
Vendor-Red Hat, Inc.Siemens AGFedora ProjectGNUNetApp, Inc.
Product-enterprise_linux_for_arm_64enterprise_linux_for_ibm_z_systemsh500senterprise_linux_for_ibm_z_systems_s390xfedoracodeready_linux_builder_for_arm64_eusenterprise_linux_for_arm_64_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_ibm_z_systems_eus_s390xh500s_firmwareh410s_firmwareh410scodeready_linux_builder_eus_for_power_little_endian_euscodeready_linux_builder_for_arm64enterprise_linux_eusenterprise_linux_for_power_little_endian_eush410c_firmwareenterprise_linux_for_power_little_endianh300senterprise_linux_tush410ch700s_firmwareh300s_firmwareenterprise_linux_server_auscodeready_linux_builder_eus_for_power_little_endianenterprise_linux_for_ibm_z_systems_euscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_for_ibm_z_systemsglibccodeready_linux_builder_eush700senterprise_linuxRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-37305
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.45% / 35.78%
||
7 Day CHG~0.00%
Published-17 Jun, 2024 | 19:42
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow in deserialization in oqs-provider

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.

Action-Not Available
Vendor-open-quantum-safeopen_quantum_safe
Product-oqs-provideroqs_provider
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2024-36468
Matching Score-4
Assigner-Zabbix
ShareView Details
Matching Score-4
Assigner-Zabbix
CVSS Score-3||LOW
EPSS-0.50% / 39.13%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 12:03
Updated-08 Oct, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack buffer overflow in zbx_snmp_cache_handle_engineid

The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.

Action-Not Available
Vendor-ZABBIX
Product-zabbixZabbix
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-34165
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.8||HIGH
EPSS-0.47% / 37.13%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 23:31
Updated-14 May, 2026 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NetSupport Manager < 14.12.0000 Stack-Based Buffer Overflow

A stack-based buffer overflow vulnerability in NetSupport ManagerĀ 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.

Action-Not Available
Vendor-NetSupport Ltd.
Product-NetSupport Manager
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-48475
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.2||HIGH
EPSS-0.46% / 36.57%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 07:27
Updated-26 Sep, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request.

Action-Not Available
Vendor-cbmControl de Ciber
Product-control_de_ciberControl de Ciber
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found