Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,306)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-21368 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21367 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21366 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21365 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21361 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21360 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21359 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21358 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21354 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21353 1Microsoft 1Windows Server 2022 23h2 Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21349 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVE-2024-21348 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2024-21347 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21345 1Microsoft 1Windows Server 2022 23h2 Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21341 1Microsoft 9Windows 10 1809 Windows 10 21h2Windows 10 22h2+6 more Nov 21, 2024 Feb 13, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Windows Kernel Remote Code Execution Vulnerability
CVE-2024-23796 1Siemens 1Tecnomatix Plant Simulation Nov 21, 2024 Feb 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based bu...Show more A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.Show less
CVE-2024-1062 2Fedoraproject Redhat 13389 Directory Server Directory ServerEnterprise Linux+10 more Feb 18, 2025 Feb 12, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
CVE-2024-25448 1Enlightenment 1Imlib2 Nov 21, 2024 Feb 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVE-2024-1283 2Fedoraproject Google 2Chrome Fedora Jun 17, 2025 Feb 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-24577 1Libgit2 1Libgit2 Nov 21, 2024 Feb 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can...Show more libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.Show less

Previous 1...757677...116 Next