Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-49760

Summary
Assigner-EEF
Assigner Org ID-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At-10 Jun, 2026 | 14:35
Updated At-11 Jun, 2026 | 04:45
Rejected At-
Credits

Stack Buffer Overflow in ei_s_print_term at Very Large Integer

Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term. The C function ei_s_print_term uses an internal 2000-character stack buffer to format terms. When called with an encoded Erlang term containing a very large integer (encoded representation exceeding 2000 characters), the buffer overflows. The overflow bytes are restricted to the ASCII values of 0-9 and A-F, which limits exploitation to Denial of Service. The companion function ei_print_term, which prints directly to a FILE instead of a memory buffer, does not contain this bug. This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erl_interface from 3.7.16 before 5.5.2.1, 5.7.0.1 and 5.8.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:EEF
Assigner Org ID:6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At:10 Jun, 2026 | 14:35
Updated At:11 Jun, 2026 | 04:45
Rejected At:
▼CVE Numbering Authority (CNA)
Stack Buffer Overflow in ei_s_print_term at Very Large Integer

Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term. The C function ei_s_print_term uses an internal 2000-character stack buffer to format terms. When called with an encoded Erlang term containing a very large integer (encoded representation exceeding 2000 characters), the buffer overflows. The overflow bytes are restricted to the ASCII values of 0-9 and A-F, which limits exploitation to Denial of Service. The companion function ei_print_term, which prints directly to a FILE instead of a memory buffer, does not contain this bug. This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erl_interface from 3.7.16 before 5.5.2.1, 5.7.0.1 and 5.8.1.

Affected Products
Vendor
Erlang
Product
OTP
Package Name
erl_interface
Repo
https://github.com/erlang/otp
CPEs
  • cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Modules
  • erl_interface
Program Files
  • src/misc/ei_printterm.c
Program Routines
  • ei_s_print_term
Default Status
unknown
Versions
Affected
  • From 3.7.16 before * (otp)
    • -> unaffectedfrom5.5.2.1
    • -> unaffectedfrom5.7.0.1
    • -> unaffectedfrom5.8.1
Vendor
Erlang
Product
OTP
Collection URL
https://github.com
Package Name
erlang/otp
Repo
https://github.com/erlang/otp
CPEs
  • cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Modules
  • erl_interface
Program Files
  • lib/erl_interface/src/misc/ei_printterm.c
Program Routines
  • ei_s_print_term
Default Status
unknown
Versions
Affected
  • From 17.0 before * (otp)
    • -> unaffectedfrom27.3.4.13
    • -> unaffectedfrom28.5.0.2
    • -> unaffectedfrom29.0.2
  • From 84adefa331c4159d432d22840663c38f155cd4c1 before 0bef277b2d39dc8babb9ceb4f5d0a456f3007111 (git)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-8CAPEC-8 Buffer Overflow in an API Call
CAPEC ID: CAPEC-8
Description: CAPEC-8 Buffer Overflow in an API Call
Solutions

Configurations

Workarounds

Avoid calling ei_s_print_term with untrusted data whose encoded integer representation could exceed 2000 characters.

Exploits

Credits

finder
Jonatan Männchen / EEF
remediation developer
Sverker Eriksson
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j
vendor-advisory
related
https://cna.erlef.org/cves/CVE-2026-49760.html
related
https://osv.dev/vulnerability/EEF-CVE-2026-49760
related
https://www.erlang.org/doc/system/versions.html#order-of-versions
x_version-scheme
https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f3007111
patch
Hyperlink: https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j
Resource:
vendor-advisory
related
Hyperlink: https://cna.erlef.org/cves/CVE-2026-49760.html
Resource:
related
Hyperlink: https://osv.dev/vulnerability/EEF-CVE-2026-49760
Resource:
related
Hyperlink: https://www.erlang.org/doc/system/versions.html#order-of-versions
Resource:
x_version-scheme
Hyperlink: https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f3007111
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Published At:10 Jun, 2026 | 16:17
Updated At:15 Jun, 2026 | 18:23

Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term. The C function ei_s_print_term uses an internal 2000-character stack buffer to format terms. When called with an encoded Erlang term containing a very large integer (encoded representation exceeding 2000 characters), the buffer overflows. The overflow bytes are restricted to the ASCII values of 0-9 and A-F, which limits exploitation to Denial of Service. The companion function ei_print_term, which prints directly to a FILE instead of a memory buffer, does not contain this bug. This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erl_interface from 3.7.16 before 5.5.2.1, 5.7.0.1 and 5.8.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches

erlang
erlang
>>erl_interface>>Versions from 3.7.16(inclusive) to 5.5.2.1(exclusive)
cpe:2.3:a:erlang:erl_interface:*:*:*:*:*:*:*:*
erlang
erlang
>>erl_interface>>Versions from 5.7(inclusive) to 5.7.0.1(exclusive)
cpe:2.3:a:erlang:erl_interface:*:*:*:*:*:*:*:*
erlang
erlang
>>erl_interface>>Versions from 5.8(inclusive) to 5.8.1(exclusive)
cpe:2.3:a:erlang:erl_interface:*:*:*:*:*:*:*:*
erlang
erlang
>>erlang\/otp>>Versions from 17.0(inclusive) to 27.3.4.13(exclusive)
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
erlang
erlang
>>erlang\/otp>>Versions from 28.0(inclusive) to 28.5.0.2(exclusive)
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
erlang
erlang
>>erlang\/otp>>Versions from 29.0(inclusive) to 29.0.2(exclusive)
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondary6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CWE ID: CWE-121
Type: Secondary
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cna.erlef.org/cves/CVE-2026-49760.html6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Mitigation
Third Party Advisory
https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f30071116b3ad84c-e1a6-4bf7-a703-f496b71e49db
Patch
https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Mitigation
Vendor Advisory
https://osv.dev/vulnerability/EEF-CVE-2026-497606b3ad84c-e1a6-4bf7-a703-f496b71e49db
Mitigation
Third Party Advisory
https://www.erlang.org/doc/system/versions.html#order-of-versions6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Product
Hyperlink: https://cna.erlef.org/cves/CVE-2026-49760.html
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Mitigation
Third Party Advisory
Hyperlink: https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f3007111
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Patch
Hyperlink: https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://osv.dev/vulnerability/EEF-CVE-2026-49760
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Mitigation
Third Party Advisory
Hyperlink: https://www.erlang.org/doc/system/versions.html#order-of-versions
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

32Records found

CVE-2026-49759
Matching Score-6
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
ShareView Details
Matching Score-6
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Score-8.8||HIGH
EPSS-0.50% / 38.99%
||
7 Day CHG+0.04%
Published-10 Jun, 2026 | 14:35
Updated-01 Jul, 2026 | 04:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] array without checking bounds. A remote attacker who has established an SCTP association to a listening port can send a single crafted SCTP ERROR chunk containing enough cause codes to overflow the stack buffer, crashing the VM. The attacker can only write 16-bit values interleaved with a fixed tag, so the overflow does not provide a controlled return address, limiting exploitation to Denial of Service. A crafted SCTP ERROR chunk may also leak bits and pieces of Erlang VM memory into the received error packet observed by the Erlang process. Such data is already readable by the user running the Erlang VM, so the disclosure scope is limited. This issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erts from 6.0 before 15.2.7.9, 16.4.0.2 and 17.0.2.

Action-Not Available
Vendor-erlangErlangRed Hat, Inc.
Product-ertserlang\/otpOTPRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-39129
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.39%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-sc7731esc9832et310t606t616androidt610t760t618t770sc9863at612t820s8000SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39116
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.29%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1164
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.30% / 21.75%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 00:00
Updated-11 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Police FIR Record Management System Add Record stack-based overflow

A vulnerability, which was classified as problematic, has been found in code-projects Police FIR Record Management System 1.0. This issue affects some unknown processing of the component Add Record Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-police_fir_record_management_systemPolice FIR Record Management System
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38672
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.38%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t618t310sc7731esc9832et606s8000t616t612t820sc9863at770androidt610t760SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0720
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 11.20%
||
7 Day CHG~0.00%
Published-26 Jan, 2025 | 23:00
Updated-09 Oct, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microword eScan Antivirus Folder Watch List rtscanner removeExtraSlashes stack-based overflow

A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rtscanner of the component Folder Watch List Handler. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-escanavMicroword
Product-escan_anti-viruseScan Antivirus
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-31203
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-3.3||LOW
EPSS-0.14% / 4.12%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 13:18
Updated-30 Sep, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A “CWE-121: Stack-based Buffer Overflow” in the wd210std.dll dynamic library packaged with the ThermoscanIP installer allows a local attacker to possibly trigger a Denial-of-Service (DoS) condition on the target component.

Action-Not Available
Vendor-progesPlug&Track
Product-thermoscan_ipThermoscan IP
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6340
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.61%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 23:57
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.

Action-Not Available
Vendor-SonicWall Inc.
Product-netextendercapture_clientNetExtenderCapture Client
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-53879
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 8.26%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 20:32
Updated-12 May, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NVClient 5.0 Stack Buffer Overflow Vulnerability via User Configuration

NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.

Action-Not Available
Vendor-eyemaxsystemsneonguvenlik
Product-nvclientNVClient
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50268
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.44% / 35.62%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 20:49
Updated-13 Feb, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jq has stack-based buffer overflow in decNaNs

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.

Action-Not Available
Vendor-jqlangjqlang
Product-jqjq
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44177
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 5.87%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:00
Updated-19 Sep, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Stack overflow vulnerability in CLI command processing

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R2. Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S1-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-40465
Matching Score-4
Assigner-Sierra Wireless Inc.
ShareView Details
Matching Score-4
Assigner-Sierra Wireless Inc.
CVSS Score-8.3||HIGH
EPSS-0.21% / 11.75%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 23:02
Updated-02 Aug, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input leads to DoS

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal.

Action-Not Available
Vendor-sierrawirelessSierraWireless
Product-es450lx40aleoslx60rv55rv50xgx450mp70ALEOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2078
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.01% / 59.00%
||
7 Day CHG+0.02%
Published-30 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxRed Hat, Inc.
Product-virtualizationdebian_linuxlinux_kernelenterprise_linuxkernel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-1151
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 18.61%
||
7 Day CHG~0.00%
Published-11 Feb, 2024 | 14:29
Updated-07 Nov, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: stack overflow problem in open vswitch kernel module leading to dos

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.

Action-Not Available
Vendor-Linux Kernel Organization, IncFedora ProjectRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxlinux_kernelfedoraenterprise_linuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-33452
Matching Score-4
Assigner-Absolute Software
ShareView Details
Matching Score-4
Assigner-Absolute Software
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 0.94%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 20:12
Updated-05 May, 2026 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow in Windows clients prior to 14.50

CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.

Action-Not Available
Vendor-Absolute Software CorporationMicrosoft Corporation
Product-secure_accesswindowsSecure Access
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-2657
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.25% / 16.20%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 16:32
Updated-23 Feb, 2026 | 10:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wren-lang wren Error Message wren_compiler.c printError stack-based overflow

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-wrenwren-lang
Product-wrenwren
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-44178
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 5.87%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:01
Updated-18 Sep, 2024 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS : Stack overflow vulnerability in CLI command processing

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1; * 23.2 versions prior to 23.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-1071
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 35.80%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

Action-Not Available
Vendor-zshzshCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationzshenterprise_linux_desktopzsh
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-22189
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.44% / 35.05%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 20:25
Updated-26 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution.

Action-Not Available
Vendor-cmuPanda3D
Product-panda3dPanda3D
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44176
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 5.87%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:00
Updated-19 Sep, 2024 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS : Stack overflow vulnerability in CLI command processing

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-39106
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.38%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-sc7731esc9832et310t606t616androidt610t760t618t770sc9863at612t820s8000SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-59799
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 8.53%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 00:00
Updated-03 Nov, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.

Action-Not Available
Vendor-Artifex Software Inc.
Product-ghostscriptGhostscript
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-59798
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 8.53%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 00:00
Updated-03 Nov, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.

Action-Not Available
Vendor-Artifex Software Inc.
Product-ghostscriptGhostscript
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-34451
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.22% / 12.27%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 21:16
Updated-14 May, 2026 | 02:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rofl0r/proxychains-ng <= 4.17 Stack-based Buffer Overflow

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.

Action-Not Available
Vendor-proxychains-ng_projectrofl0r
Product-proxychains-ngproxychains-ng
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4038
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 17.40%
||
7 Day CHG+0.01%
Published-28 Apr, 2025 | 21:00
Updated-10 May, 2025 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Train Ticket Reservation System reservation stack-based overflow

A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-train_ticket_reservation_systemTrain Ticket Reservation System
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-34450
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 8.76%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 21:15
Updated-14 May, 2026 | 02:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
merbanan/rtl_433 <= 25.02 Stack-based Buffer Overflow

merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.

Action-Not Available
Vendor-rtl_433_projectmerbanan
Product-rtl_433rtl_433
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-3196
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.27% / 17.86%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 01:00
Updated-23 Jul, 2025 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Asset Import Library Assimp Malformed File MD2Loader.cpp InternReadFile stack-based overflow

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-assimpOpen Asset Import Library
Product-assimpAssimp
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44448
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 0.55%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 05:27
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t610t820sc9832et760t606s8000t616t310androidt618sc7731et612sc9863at770SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-37127
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.18% / 7.94%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-05 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters.

Action-Not Available
Vendor-dnsmasq
Product-dnsmasq-utils
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37132
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 13.59%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-09 Feb, 2026 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.

Action-Not Available
Vendor-uvncUltraVNC Team
Product-ultravncUltraVNC Launcher
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-36855
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 12.73%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 15:02
Updated-31 Oct, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DCMTK dcmqrscp parseQuota stack-based overflow

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-offisn/a
Product-dcmtkDCMTK
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25334
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 8.87%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-25 Mar, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Product Key Explorer 4.2.0.0 - 'Name' Denial of Service

Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a specially crafted text file with repeated characters to trigger a buffer overflow when pasted into the registration name field, causing the application to crash.

Action-Not Available
Vendor-nsasoftNsasoft
Product-product_key_explorerNsauditor Product Key Explorer
CWE ID-CWE-121
Stack-based Buffer Overflow
Details not found