CWE-122— Heap-based Buffer Overflow
2,151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 14 of 44
- CVE-2023-28240HIGHCVSS 8.8EG 8.82023-04-11
Windows Network Load Balancing Remote Code Execution Vulnerability
- CVE-2023-28252HIGHCVSS 7.8EG 9.0⚠ KEV2023-04-11
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2023-28254HIGHCVSS 7.2EG 7.22023-04-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-28262HIGHCVSS 7.8EG 7.82023-04-11
Visual Studio Elevation of Privilege Vulnerability
- CVE-2023-28269MEDIUMCVSS 6.2EG 6.22023-04-11
Windows Boot Manager Security Feature Bypass Vulnerability
- CVE-2023-28275HIGHCVSS 8.8EG 8.82023-04-11
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2023-28292HIGHCVSS 7.8EG 7.82023-04-11
Raw Image Extension Remote Code Execution Vulnerability
- CVE-2023-28311HIGHCVSS 7.8EG 7.82023-04-11
Microsoft Word Remote Code Execution Vulnerability
- CVE-2023-28523HIGHCVSS 8.4EG 8.42023-12-09
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.
- CVE-2023-28526MEDIUMCVSS 6.2EG 6.22023-12-09
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.
- CVE-2023-28527MEDIUMCVSS 6.2EG 6.22023-12-09
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.
- CVE-2023-28753CRITICALCVSS 9.8EG 9.82023-05-18
netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data.
- CVE-2023-28798MEDIUMCVSS 6.5EG 6.52024-05-02
An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution.
- CVE-2023-28905HIGHCVSS 8.0EG 8.02025-06-28
A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM par…
- CVE-2023-2905HIGHCVSS 8.8EG 8.82023-08-09
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability …
- CVE-2023-29073CRITICALCVSS 9.8EG 9.82023-11-23
A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbi…
- CVE-2023-29125CRITICALCVSS 9.0EG 9.02024-11-05
A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
- CVE-2023-29283HIGHCVSS 7.8EG 7.82023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2023-29341HIGHCVSS 7.8EG 7.82023-05-09
AV1 Video Extension Remote Code Execution Vulnerability
- CVE-2023-29344HIGHCVSS 7.8EG 7.82023-06-05
Microsoft Office Remote Code Execution Vulnerability
- CVE-2023-29362HIGHCVSS 8.8EG 8.82023-06-14
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2023-29363CRITICALCVSS 9.8EG 9.82023-06-14
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
- CVE-2023-29370HIGHCVSS 7.8EG 7.82023-06-14
Windows Media Remote Code Execution Vulnerability
- CVE-2023-29372HIGHCVSS 8.8EG 8.82023-06-14
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2023-30681MEDIUMCVSS 4.4EG 4.42023-08-10
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
- CVE-2023-30696MEDIUMCVSS 4.4EG 4.42023-08-10
An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
- CVE-2023-30697MEDIUMCVSS 4.4EG 4.42023-08-10
An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
- CVE-2023-30763HIGHCVSS 7.2EG 7.22023-05-12
Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2023-31031MEDIUMCVSS 4.2EG 4.22024-01-12
NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, info…
- CVE-2023-31194MEDIUMCVSS 5.3EG 4.02023-07-05
An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger th…
- CVE-2023-31276HIGHCVSS 8.2EG 8.22025-02-12
Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R) Server Board D50TNP bef…
- CVE-2023-3180MEDIUMCVSS 6.0EG 6.02023-08-03
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially l…
- CVE-2023-32025HIGHCVSS 7.8EG 7.82023-06-16
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2023-32026HIGHCVSS 7.8EG 7.82023-06-16
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2023-32027HIGHCVSS 7.8EG 7.82023-06-16
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2023-32028HIGHCVSS 7.8EG 7.82023-06-16
Microsoft SQL OLE DB Remote Code Execution Vulnerability
- CVE-2023-32047HIGHCVSS 7.8EG 7.82023-07-11
Paint 3D Remote Code Execution Vulnerability
- CVE-2023-32083MEDIUMCVSS 6.5EG 6.52023-07-11
Microsoft Failover Cluster Information Disclosure Vulnerability
- CVE-2023-32138HIGHCVSS 8.8EG 7.52024-05-03
D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is …
- CVE-2023-32140HIGHCVSS 7.5EG 7.52024-05-03
D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Auth…
- CVE-2023-32157HIGHCVSS 7.5EG 4.62024-05-03
Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtai…
- CVE-2023-32307HIGHCVSS 7.5EG 7.52023-05-26
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential…
- CVE-2023-32324HIGHCVSS 7.5EG 7.52023-06-01
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the functio…
- CVE-2023-32461MEDIUMCVSS 5.0EG 5.02023-09-15
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.…
- CVE-2023-32643MEDIUMCVSS 5.3EG 5.32023-09-14
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who foll…
- CVE-2023-3291LOWCVSS 3.3EG 5.12023-06-16
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
- CVE-2023-33129MEDIUMCVSS 6.5EG 6.52023-06-14
Microsoft SharePoint Server Denial of Service Vulnerability
- CVE-2023-33133HIGHCVSS 7.8EG 7.82023-06-14
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2023-33146HIGHCVSS 7.8EG 7.82023-06-14
Microsoft Office Remote Code Execution Vulnerability
- CVE-2023-33152HIGHCVSS 7.0EG 7.02023-07-11
Microsoft ActiveX Remote Code Execution Vulnerability
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →