CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,321 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 24 of 47
- CVE-2024-39518HIGHCVSS 7.5EG 7.52024-07-10
A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial …
- CVE-2024-39825HIGHCVSS 8.5EG 8.52024-08-14
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
- CVE-2024-39883HIGHCVSS 8.8EG 8.82024-07-09
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this v…
- CVE-2024-40129CRITICALCVSS 9.8EG 8.62024-07-16
Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
- CVE-2024-40754CRITICALCVSS 9.8EG 9.82024-09-10
Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.
- CVE-2024-40763HIGHCVSS 7.5EG 7.52024-12-05
Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.
- CVE-2024-40764HIGHCVSS 7.5EG 7.52024-07-18
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
- CVE-2024-41147HIGHCVSS 7.7EG 7.72025-03-04
An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to tri…
- CVE-2024-41437MEDIUMCVSS 5.5EG 5.52024-07-30
A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
- CVE-2024-41438MEDIUMCVSS 6.2EG 6.22024-07-30
A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
- CVE-2024-41440MEDIUMCVSS 6.2EG 6.22024-07-30
A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
- CVE-2024-41850HIGHCVSS 7.8EG 7.82024-08-14
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2024-41853HIGHCVSS 7.8EG 7.82024-08-14
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2024-41981HIGHCVSS 7.8EG 7.82024-10-08
A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-based buffer overflow while parsing spe…
- CVE-2024-42436MEDIUMCVSS 6.5EG 6.52024-08-14
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
- CVE-2024-42437MEDIUMCVSS 6.5EG 6.52024-08-14
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
- CVE-2024-42438MEDIUMCVSS 6.5EG 6.52024-08-14
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
- CVE-2024-42648MEDIUMCVSS 6.5EG 6.52025-07-14
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
- CVE-2024-42851HIGHCVSS 7.8EG 8.42024-08-27
Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function.
- CVE-2024-43168MEDIUMCVSS 4.8EG 4.82024-08-12
DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim …
- CVE-2024-4323CRITICALCVSS 9.8EG 9.82024-05-20
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code exe…
- CVE-2024-43453HIGHCVSS 8.8EG 8.82024-10-08
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-43462HIGHCVSS 8.8EG 8.82024-11-12
SQL Server Native Client Remote Code Execution Vulnerability
- CVE-2024-43480MEDIUMCVSS 6.6EG 6.62024-10-08
Azure Service Fabric for Linux Remote Code Execution Vulnerability
- CVE-2024-43517HIGHCVSS 8.8EG 8.82024-10-08
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
- CVE-2024-43518HIGHCVSS 8.8EG 8.82024-10-08
Windows Telephony Server Remote Code Execution Vulnerability
- CVE-2024-43522HIGHCVSS 7.0EG 7.02024-10-08
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
- CVE-2024-43523MEDIUMCVSS 6.8EG 6.82024-10-08
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-43525MEDIUMCVSS 6.8EG 6.82024-10-08
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-43526MEDIUMCVSS 6.8EG 6.82024-10-08
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-43527HIGHCVSS 7.8EG 7.82024-10-08
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-43528HIGHCVSS 7.8EG 7.82024-10-08
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
- CVE-2024-43560HIGHCVSS 7.8EG 7.82024-10-08
Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability
- CVE-2024-43564HIGHCVSS 8.8EG 8.82024-10-08
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-43578HIGHCVSS 7.6EG 7.62024-10-17
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2024-43579HIGHCVSS 7.6EG 7.62024-10-17
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2024-43587MEDIUMCVSS 5.9EG 5.92024-10-17
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2024-43589HIGHCVSS 8.8EG 8.82024-10-08
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-43592HIGHCVSS 8.8EG 8.82024-10-08
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-43593HIGHCVSS 8.8EG 8.82024-10-08
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-43598HIGHCVSS 8.1EG 8.12024-11-12
LightGBM Remote Code Execution Vulnerability
- CVE-2024-43607HIGHCVSS 8.8EG 8.82024-10-08
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-43608HIGHCVSS 8.8EG 8.82024-10-08
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-43611HIGHCVSS 8.8EG 8.82024-10-08
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-43620HIGHCVSS 8.8EG 8.82024-11-12
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2024-43621HIGHCVSS 8.8EG 8.82024-11-12
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2024-43622HIGHCVSS 8.8EG 8.82024-11-12
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2024-43626HIGHCVSS 7.8EG 7.82024-11-12
Windows Telephony Service Elevation of Privilege Vulnerability
- CVE-2024-43627HIGHCVSS 8.8EG 8.82024-11-12
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2024-43756HIGHCVSS 7.8EG 7.82024-09-13
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte…
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →