Buffer Overflow
Buffer Overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, potentially allowing attackers to overwrite adjacent memory and execute arbitrary code.
8
CRITICAL
Execution
Understanding Buffer Overflow
Detailed information about this vulnerability type.
How to Identify
- •Review security advisories
- •Perform regular security testing
Prevention Best Practices
- ✓Follow security best practices
- ✓Keep systems updated
Buffer Overflow CVEs (8)
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-21870 | 5.5 | This vulnerability allows an attacker to crash the BACnet application by sending a specially crafted string that exceeds the buffer limit, leading to a stack overflow. The attacker needs to exploit the ubasic interpreter in specific versions of the BACnet Protocol Stack library, which improperly handles long strings, causing the application to terminate unexpectedly. | bacnetstackbacnet stack | Exploit Available | 7 days agoFeb 13, 2026 |
| CVE-2025-70122 | 7.5 | This vulnerability allows remote attackers to crash the UPF component of free5GC, causing a denial of service by sending a specially crafted request that tricks the system into trying to use more memory than it can handle. To exploit this, the attacker needs to send a specific type of message that exceeds the expected size, leading to a system failure. | free5gcfree5gc | Theoretical | 7 days agoFeb 13, 2026 |
| CVE-2025-70314 | 9.8 | This vulnerability allows an attacker to execute arbitrary code on the server by sending a specially crafted request that overflows a buffer related to the filename variable. The attacker needs to be able to send requests to the webfsd service, making it a serious risk for any exposed system running version 1.21. | ourwaywebfsd | Theoretical | 8 days agoFeb 12, 2026 |
| CVE-2025-67433 | 0.0 | An attacker can send a specially crafted DATA packet to the Open TFTP Server, causing it to crash and become unavailable, resulting in a Denial of Service. This vulnerability occurs when the server processes requests and does not handle certain data correctly, but it requires the attacker to have network access to the server. | Unknown | Theoretical | 8 days agoFeb 12, 2026 |
| CVE-2025-69807 | 7.5 | This vulnerability allows an attacker to crash the server by sending a specially crafted packet, leading to a denial of service. The attacker does not need to be authenticated, meaning they can exploit this from anywhere without needing any special access. | Unknown | Theoretical | 8 days agoFeb 12, 2026 |
| CVE-2023-4911 | 7.8 | This vulnerability allows a local attacker to run their own code with higher privileges on a system by exploiting a flaw in how the system processes certain environment variables. To take advantage of this, the attacker needs to have access to run programs that have SUID permissions, which can give them elevated control over the system. | netappbootstrap os | Exploit Available | over 2 years agoOct 3, 2023 |
| CVE-2022-45188 | 7.8 | This vulnerability allows an attacker to execute malicious code remotely, potentially gaining full control over affected systems like FreeBSD, which is used in TrueNAS. It occurs when a specially crafted .appl file is processed, making it crucial for systems running vulnerable versions of Netatalk to be updated or secured. | netatalknetatalk | Theoretical | over 3 years agoNov 12, 2022 |
| CVE-2008-0015 | 8.8 | This vulnerability allows an attacker to run any code they want on a victim's computer simply by getting them to visit a specially crafted web page. It affects certain versions of Windows, including Server 2003, and relies on the presence of the vulnerable ActiveX control in the system. | microsoftwindows 2003 server | Exploit Available | over 16 years agoJul 7, 2009 |