Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,252)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-21695 1Microsoft 13Windows 10 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-21694 1Microsoft 13Windows 10 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 14, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Windows Fax Service Remote Code Execution Vulnerability
CVE-2023-21692 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-21690 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-21689 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Feb 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-21528 1Microsoft 1Sql Server Nov 21, 2024 Feb 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-24551 1Siemens 1Solid Edge Se2023 Nov 21, 2024 Feb 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing...Show more A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2023-24550 1Siemens 1Solid Edge Se2023 Nov 21, 2024 Feb 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially...Show more A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2023-0819 1Gpac 1Gpac Nov 21, 2024 Feb 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.
CVE-2022-42783 1Google 1Android Mar 26, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
CVE-2022-34454 1Dell 1Emc Powerscale Onefs Nov 21, 2024 Feb 10, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode...Show more Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. Show less
CVE-2023-0760 1Gpac 1Gpac Nov 21, 2024 Feb 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
CVE-2022-45491 1Json.h Project 1Json.h Mar 26, 2025 Feb 3, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privilege...Show more Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.Show less
CVE-2022-34400 1Dell 83Alienware M15 R6 Firmware Alienware M15 R7 FirmwareAlienware M15 Ryzen Edition R5 Firmware+80 more Nov 21, 2024 Feb 1, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.
CVE-2023-23582 1Snapav 1Wattbox Wb 300 Ip 3 Firmware Nov 21, 2024 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely.
CVE-2022-41991 1Siretta 1Quartz Gold Firmware Nov 21, 2024 Jan 26, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacke...Show more A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.Show less
CVE-2022-1892 1Lenovo 70100e 2nd Gen Firmware 100w Gen 3 Firmware13w Yoga Firmware+67 more Nov 21, 2024 Jan 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-1891 1Lenovo 6Thinkbook 14 Iil Firmware Thinkbook 14 Iml FirmwareThinkbook 15 Iil Firmware+3 more Nov 21, 2024 Jan 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-1890 1Lenovo 6Thinkbook 14 Iil Firmware Thinkbook 14 Iml FirmwareThinkbook 15 Iil Firmware+3 more Nov 21, 2024 Jan 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-42405 1Pdf Xchange 1Pdf Xchange Editor Nov 27, 2024 Jan 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious p...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18367.Show less

Previous 1...858687...113 Next