CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,321 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 19 of 47
- CVE-2024-21331HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21333HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21335HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21337MEDIUMCVSS 5.2EG 5.22024-01-11
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2024-21341MEDIUMCVSS 6.8EG 6.82024-02-13
Windows Kernel Remote Code Execution Vulnerability
- CVE-2024-21345HIGHCVSS 8.8EG 8.82024-02-13
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-21347HIGHCVSS 7.5EG 7.52024-02-13
Microsoft ODBC Driver Remote Code Execution Vulnerability
- CVE-2024-21348HIGHCVSS 7.5EG 7.52024-02-13
Internet Connection Sharing (ICS) Denial of Service Vulnerability
- CVE-2024-21349HIGHCVSS 8.8EG 8.82024-02-13
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
- CVE-2024-21353HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
- CVE-2024-21354HIGHCVSS 7.8EG 7.82024-02-13
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
- CVE-2024-21358HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21359HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21360HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21361HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21365HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21366HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21367HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21368HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21369HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21370HIGHCVSS 8.8EG 8.82024-02-13
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-21373HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21398HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21414HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21415HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21416HIGHCVSS 8.1EG 8.12024-09-10
Windows TCP/IP Remote Code Execution Vulnerability
- CVE-2024-21425HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21449HIGHCVSS 8.8EG 8.82024-07-09
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
- CVE-2024-21594MEDIUMCVSS 5.5EG 5.52024-01-12
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when exec…
- CVE-2024-21596MEDIUMCVSS 5.3EG 5.32024-01-12
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends …
- CVE-2024-21778HIGHCVSS 7.2EG 7.22024-07-08
A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can uploa…
- CVE-2024-21795CRITICALCVSS 9.8EG 9.82024-02-20
A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can pro…
- CVE-2024-21802HIGHCVSS 8.8EG 8.82024-02-26
A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger thi…
- CVE-2024-21885HIGHCVSS 7.8EG 7.82024-02-28
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow…
- CVE-2024-21886HIGHCVSS 7.8EG 7.82024-02-28
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
- CVE-2024-21913HIGHCVSS 7.8EG 7.82024-03-26
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which trigger…
- CVE-2024-22058HIGHCVSS 7.8EG 7.82024-05-31
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.
- CVE-2024-22100HIGHCVSS 7.8EG 7.82024-03-01
MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must …
- CVE-2024-2212HIGHCVSS 7.3EG 7.32024-03-26
In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wr…
- CVE-2024-22211LOWCVSS 3.7EG 3.72024-01-19
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. Free…
- CVE-2024-22453HIGHCVSS 7.2EG 7.22024-03-19
Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.
- CVE-2024-22532MEDIUMCVSS 6.5EG 6.52024-02-28
Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.
- CVE-2024-22857CRITICALCVSS 9.8EG 9.82024-03-07
Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. So a check was missing in zlog_rule_new() while copyi…
- CVE-2024-23127HIGHCVSS 7.8EG 7.52024-02-22
A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a cra…
- CVE-2024-23154HIGHCVSS 7.8EG 6.32024-06-25
A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute …
- CVE-2024-23155HIGHCVSS 7.8EG 7.82024-06-25
A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrar…
- CVE-2024-23709MEDIUMCVSS 6.5EG 6.52024-05-07
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2024-23796HIGHCVSS 7.8EG 7.82024-02-13
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while…
- CVE-2024-24246MEDIUMCVSS 5.5EG 5.52024-02-29
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
- CVE-2024-24334HIGHCVSS 8.4EG 8.42024-03-27
A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2.
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →