Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,306)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-28526 1Ibm 2Informix Dynamic Server Informix Dynamic Server On Cloud Pak For Data Nov 21, 2024 Dec 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.
CVE-2023-28523 1Ibm 2Informix Dynamic Server Informix Dynamic Server On Cloud Pak For Data Nov 21, 2024 Dec 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.
CVE-2023-40465 1Sierrawireless 1Aleos Nov 21, 2024 Dec 4, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captiv...Show more Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. Show less
CVE-2023-5908 4Ge PtcRockwellautomation+1 more 8Industrial Gateway Server KeepserverexKepserver Enterprise+5 more Nov 21, 2024 Nov 30, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
CVE-2023-41140 1Autodesk 10Autocad Autocad Advance SteelAutocad Architecture+7 more Nov 21, 2024 Nov 23, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data...Show more A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. Show less
CVE-2023-29073 1Autodesk 10Autocad Autocad Advance SteelAutocad Architecture+7 more Nov 21, 2024 Nov 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive da...Show more A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. Show less
CVE-2023-47056 1Adobe 1Premiere Pro Nov 21, 2024 Nov 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati...Show more Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-47051 1Adobe 1Audition Nov 21, 2024 Nov 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation...Show more Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-47042 1Adobe 1Media Encoder Nov 21, 2024 Nov 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit...Show more Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-36425 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Nov 14, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2023-36423 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Nov 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36408 1Microsoft 11Windows 10 1607 Windows 10 1809Windows 10 21h2+8 more Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36402 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Nov 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36400 1Microsoft 11Windows 10 1507 Windows 10 1607Windows 10 1809+8 more Nov 21, 2024 Nov 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows HMAC Key Derivation Elevation of Privilege Vulnerability
CVE-2023-36042 1Microsoft 2Visual Studio 2019 Visual Studio 2022 Nov 21, 2024 Nov 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Visual Studio Denial of Service Vulnerability
CVE-2023-36036 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Oct 28, 2025 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36028 1Microsoft 11Windows 10 1507 Windows 10 1607Windows 10 1809+8 more Nov 21, 2024 Nov 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-27882 2Silabs Weston Embedded 3Cesium Net Gecko Software Development KitUc Http Nov 4, 2025 Nov 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a...Show more A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.Show less
CVE-2023-25181 2Silabs Weston Embedded 3Cesium Net Gecko Software Development KitUc Http Nov 21, 2024 Nov 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can sen...Show more A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.Show less
CVE-2023-46256 1Dronecode 1Px4 Drone Autopilot Nov 21, 2024 Oct 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value...Show more PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.Show less

Previous 1...787980...116 Next