CWE-122— Heap-based Buffer Overflow
2,158 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 21 of 44
- CVE-2024-28941HIGHCVSS 8.8EG 8.82024-04-09
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28943HIGHCVSS 8.8EG 8.82024-04-09
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-29013MEDIUMCVSS 6.5EG 6.52024-06-20
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
- CVE-2024-29044HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-29046HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-29047HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-29048HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-29157CRITICALCVSS 9.8EG 9.82024-05-14
HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29158HIGHCVSS 7.4EG 7.42024-05-14
HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29160HIGHCVSS 7.4EG 7.42024-05-14
HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29161HIGHCVSS 8.8EG 8.82024-05-14
HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29162HIGHCVSS 7.4EG 7.42024-05-14
HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.
- CVE-2024-29163HIGHCVSS 7.4EG 7.42024-05-14
HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29165HIGHCVSS 7.4EG 7.42024-05-14
HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29204CRITICALCVSS 9.8EG 9.82024-04-19
A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
- CVE-2024-29508LOWCVSS 3.3EG 3.32024-07-03
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
- CVE-2024-29982HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-29983HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-29984HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-29985HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-30017HIGHCVSS 8.8EG 8.82024-05-14
Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2024-30020HIGHCVSS 8.1EG 8.12024-05-14
Windows Cryptographic Services Remote Code Execution Vulnerability
- CVE-2024-30038HIGHCVSS 7.8EG 7.82024-05-14
Win32k Elevation of Privilege Vulnerability
- CVE-2024-30045MEDIUMCVSS 6.3EG 6.32024-05-14
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-30051HIGHCVSS 7.8EG 9.0⚠ KEV2024-05-14
Windows DWM Core Library Elevation of Privilege Vulnerability
- CVE-2024-30066MEDIUMCVSS 5.5EG 5.52024-06-11
Winlogon Elevation of Privilege Vulnerability
- CVE-2024-30074HIGHCVSS 8.0EG 8.02024-06-11
Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
- CVE-2024-30075HIGHCVSS 8.0EG 8.02024-06-11
Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
- CVE-2024-30077HIGHCVSS 8.0EG 8.02024-06-11
Windows OLE Remote Code Execution Vulnerability
- CVE-2024-30085HIGHCVSS 7.8EG 7.82024-06-11
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- CVE-2024-30091HIGHCVSS 7.8EG 7.82024-06-11
Win32k Elevation of Privilege Vulnerability
- CVE-2024-30094HIGHCVSS 7.8EG 7.82024-06-11
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-30095HIGHCVSS 7.8EG 7.82024-06-11
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-3024MEDIUMCVSS 5.3EG 5.32024-03-28
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attac…
- CVE-2024-30259HIGHCVSS 8.2EG 8.22024-05-14
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflo…
- CVE-2024-30288HIGHCVSS 7.8EG 7.82024-05-16
Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte…
- CVE-2024-30294HIGHCVSS 7.8EG 7.82024-05-16
Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2024-30806MEDIUMCVSS 6.5EG 6.52024-04-02
An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.
- CVE-2024-31036MEDIUMCVSS 6.8EG 6.82024-04-22
A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.
- CVE-2024-31580MEDIUMCVSS 4.0EG 4.02024-04-17
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-31582HIGHCVSS 7.8EG 7.82024-04-17
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (…
- CVE-2024-3203HIGHCVSS 7.3EG 7.32024-04-02
A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow.…
- CVE-2024-32038CRITICALCVSS 9.8EG 9.82024-04-19
Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manage…
- CVE-2024-3204HIGHCVSS 7.3EG 7.32024-04-02
A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-bas…
- CVE-2024-3207MEDIUMCVSS 5.5EG 5.52024-04-02
A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow…
- CVE-2024-3209MEDIUMCVSS 5.5EG 5.52024-04-02
A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public an…
- CVE-2024-32229HIGHCVSS 8.4EG 8.42024-07-01
FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column.
- CVE-2024-32605HIGHCVSS 8.8EG 8.82024-05-14
HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).
- CVE-2024-32612HIGHCVSS 7.4EG 7.42024-05-14
HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.
- CVE-2024-32613HIGHCVSS 7.4EG 7.42024-05-14
HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →