buffer overflow

The pyOpenSSL DTLS cookie bug behind CVE-2026-27459 is a reminder that some of the most consequential security flaws are not grand protocol failures, but small boundary mistakes in the glue code that sits between a language runtime and a native crypto library. In this case, a DTLS cookie...

Vim received a security patch on February 27, 2026 that fixes a stack-based buffer overflow in the statusline renderer: a flaw in build_stl_str_hl() could allow a large multi‑byte fill character to write past a fixed 4096‑byte stack buffer when a terminal is extremely wide, and the issue is...

A subtle flaw in Qt’s KTX image handling — tracked as CVE-2024-25580 — can be triggered by a specially crafted KTX file to cause a buffer overflow and crash applications that use Qt’s image loader. The issue affects multiple maintained Qt branches and was fixed by the Qt project in targeted...

A stack-buffer overflow in GDB’s Ada name-decoding routine — tracked as CVE-2023-39128 — quietly exposed a fragile surface in one of the most widely used debugging tools: a bug in the function ada_decode (file gdb/ada-lang.c) that could crash the debugger and force denial-of-service on...

A subtle arithmetic mistake in the Linux kernel’s NTFS3 driver has been fixed, closing CVE-2024-27407 — a locally exploitable buffer‑overflow vulnerability in the mi_enum_attr() routine that, if triggered on systems that mount NTFS volumes, can corrupt kernel memory, crash the host, and in the...

A buffer‑overflow flaw in Intel’s SSD Tools integration with the mdadm utility — tracked as CVE‑2023‑28736 — quietly landed on security lists in August 2023 and remains a textbook case in how a locally‑triggered memory corruption in low‑level storage tooling can produce outsized operational risk...

A heap buffer overflow in the c-ares DNS parsing code — tracked as CVE-2020-22217 — lets a malicious name server craft an SOA reply that can crash or destabilize applications that use the vulnerable library, and in some configurations could lead to remote code execution. The bug was found in the...

A stack-based buffer overflow affecting libcoap’s address-resolution path has been publicly disclosed as CVE-2025-34468; the defect allows attacker-controlled hostnames to overflow a fixed 256-byte stack buffer in certain code paths, producing reliable Denial‑of‑Service and an...

A newly disclosed, high‑severity vulnerability in the widely used Net‑SNMP suite can cause the snmptrapd daemon to overflow a stack buffer and crash — and operators must treat CVE‑2025‑68615 as an immediate remediation priority for any host running vulnerable Net‑SNMP versions. Background /...

A heap‑based buffer overflow has been disclosed in the HDF5 library: CVE‑2025‑2923 documents a flaw in the function H5F_addr_encode_len (file src/H5Fint.c) that can write past an allocated buffer when processing crafted data, producing a reliable crash and a low‑to‑medium severity local attack...

Delta Electronics’ ASDA‑Soft engineering suite contains two newly disclosed stack‑based buffer overflow flaws that can corrupt memory when a user opens a specially crafted project file — and Delta has issued a patched release (ASDA‑Soft v7.1.1.0) to address the risk. The two CVEs (CVE‑2025‑62579...

Siemens has published a high‑severity ProductCERT advisory (SSA‑722410) describing multiple remotely exploitable vulnerabilities in its User Management Component (UMC), including a stack‑based buffer overflow that Siemens scores as critical and three separate out‑of‑bounds read issues that can...

A newly reported Windows NTFS vulnerability described as a stack-based buffer overflow that “allows an authorized attacker to execute code locally” has raised immediate concern—but the specific CVE identifier you provided (CVE-2025-54916) could not be located in public vendor and vulnerability...

A newly disclosed vulnerability affecting Windows' Routing and Remote Access Service (RRAS) can allow remote attackers to execute code against unpatched RRAS hosts — administrators must treat any RRAS-enabled servers exposed to untrusted networks as high-priority for patching, isolation, and...

Delta Electronics has published an advisory warning that its COMMGR engineering and simulation software contains multiple high‑severity vulnerabilities — including a stack‑based buffer overflow (CVE‑2025‑53418) and a code‑injection flaw (CVE‑2025‑53419) — that affect COMMGR versions up to and...

A high-severity heap buffer overflow in the AV1 codec library libaom — tracked as CVE-2025-8879 — has been fixed in the latest Chromium builds; Google pushed the patch in Chrome stable channel updates to versions 139.0.7258.127/.128 (Windows and macOS) and 139.0.7258.127 (Linux), and browser...

Siemens' COMOS engineering platform is again at the center of vendor and national cybersecurity advisories after an out‑of‑bounds write in a third‑party graphics library — tracked as CVE‑2024‑8894 — was linked to COMOS deployments and republished by authorities, raising fresh questions about...

A heap‑based buffer overflow found in Microsoft Excel, tracked as CVE‑2025‑53741, has been published in Microsoft's Security Update Guide as a vulnerability that can allow an attacker to execute code on a victim machine when a crafted spreadsheet is opened; administrators and users should treat...

A series of newly discovered vulnerabilities in Rockwell Automation’s Arena simulation software have jolted the industrial software ecosystem, underscoring the persistent security challenges faced by critical manufacturing sectors worldwide. Carrying a high CVSS v4 base score of 8.4, these...

For critical infrastructure operators, scientists, and engineers, National Instruments LabVIEW occupies a unique and essential place. This graphical programming environment is a workhorse across research laboratories, industrial automation, biomedical development, aerospace, and countless other...