Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,251)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-46647 1Bentley 3Microstation Microstation ConnectView Nov 21, 2024 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15533.Show less
CVE-2021-46606 1Bentley 3Microstation Microstation ConnectView Nov 21, 2024 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15400.Show less
CVE-2021-46605 1Bentley 3Microstation Microstation ConnectView Nov 21, 2024 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15399.Show less
CVE-2021-46603 1Bentley 3Microstation Microstation ConnectView Nov 21, 2024 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15397.Show less
CVE-2021-46577 1Bentley 3Microstation Microstation ConnectView Nov 21, 2024 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15371.Show less
CVE-2022-0631 1Mruby 1Mruby Nov 21, 2024 Feb 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
CVE-2021-21958 1Hancom 1Hancom Office 2020 Nov 21, 2024 Feb 16, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code e...Show more A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2022-0572 4Apple DebianFedoraproject+1 more 4Debian Linux FedoraMacos+1 more Nov 3, 2025 Feb 14, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0570 1Mruby 1Mruby Nov 21, 2024 Feb 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
CVE-2021-44000 1Siemens 3Jt2go Solid EdgeTeamcenter Visualization Nov 21, 2024 Feb 9, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0....Show more A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)Show less
CVE-2022-0518 2Fedoraproject Radare 2Fedora Radare2 Nov 21, 2024 Feb 8, 2022 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2021-3861 1Zephyrproject 1Zephyr Nov 21, 2024 Feb 7, 2022 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security...Show more The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvjShow less
CVE-2021-3835 1Zephyrproject 1Zephyr Nov 21, 2024 Feb 7, 2022 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
CVE-2021-21962 1Sealevel 1Seaconnect 370w Firmware Nov 21, 2024 Feb 4, 2022 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code executio...Show more A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability.Show less
CVE-2022-0417 3Debian FedoraprojectVim 3Debian Linux FedoraVim Nov 3, 2025 Feb 1, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
CVE-2022-0407 1Vim 1Vim Nov 21, 2024 Jan 30, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0392 3Apple DebianVim 3Debian Linux MacosVim Nov 3, 2025 Jan 28, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
CVE-2022-0361 3Apple DebianVim 3Debian Linux MacosVim Nov 3, 2025 Jan 26, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0359 3Apple DebianVim 3Debian Linux MacosVim Nov 3, 2025 Jan 26, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0318 3Apple DebianVim 3Debian Linux MacosVim Nov 21, 2024 Jan 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based Buffer Overflow in vim/vim prior to 8.2.

Previous 1...959697...113 Next