← Back
CWE-122

2,307 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

JSON object

Loading...

CVEs (2,307)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-49001
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49000
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48999
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48998
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48997
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48996
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48995
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48994
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48993
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 19, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43627
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Nov 18, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43626
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Nov 19, 2024
Nov 12, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2024-43622
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43621
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43620
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Nov 15, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43598
1Microsoft
1Lightgbm
Nov 19, 2024
Nov 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
LightGBM Remote Code Execution Vulnerability
CVE-2024-43462
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 19, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-38255
1Microsoft
3Sql Server 2016
Sql Server 2017Sql Server 2019
Nov 18, 2024
Nov 12, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
SQL Server Native Client Remote Code Execution Vulnerability
CVE-2023-29125
1Enelx
1Waybox Pro Firmware
Nov 8, 2024
Nov 5, 2024
N/A· v4
8.0 HIGH· v3
N/A· v2
A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
CVE-2024-10525
1Eclipse
1Mosquitto
Nov 3, 2025
Oct 30, 2024
7.2 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_su...Show more
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.Show less
CVE-2024-9632
-
-
Aug 4, 2025
Oct 30, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial...Show more
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.Show less