CWE-122: Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory.
Yearly Trend
Top Affected Vendors
All Heap-based Buffer Overflow CVEs (846)
This vulnerability allows remote code execution via Microsoft Digest Authentication, enabling attackers to execute arbitrary code on affected systems....
Feb 11, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Feb 11, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems running the Routing and Remote Access Service (RRAS) by exploi...
Feb 11, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Feb 11, 2025CVE-2019-15690 is a heap buffer overflow vulnerability in LibVNCServer that allows remote attackers to execute arbitrary code by sending specially cra...
Jan 24, 2025A buffer overflow vulnerability in Lexmark devices' Internet Printing Protocol (IPP) allows attackers to execute arbitrary code remotely. This affects...
Jan 18, 2025This vulnerability allows a remote attacker to trigger out-of-bounds memory access in Chrome's V8 JavaScript engine, potentially leading to heap corru...
Jan 15, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on affected systems by sending specially crafted req...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote attackers to execute arbitrary code with SYSTEM pri...
Jan 14, 2025This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote attackers to execute arbitrary code with SYSTEM pri...
Jan 14, 2025This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote attackers to execute arbitrary code with SYSTEM pri...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on affected systems by sending specially crafted req...
Jan 14, 2025This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote attackers to execute arbitrary code with SYSTEM pri...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This is a heap-based buffer overflow vulnerability in the Windows Telephony Service that allows remote attackers to execute arbitrary code with SYSTEM...
Jan 14, 2025This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote attackers to execute arbitrary code with SYSTEM pri...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on affected systems by sending specially crafted req...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code with SYSTEM privileges by sending specially crafted ...
Jan 14, 2025This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote attackers to execute arbitrary code with SYSTEM pri...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This is a heap-based buffer overflow vulnerability in the Windows Telephony Service that allows remote attackers to execute arbitrary code with SYSTEM...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a heap-based buffer overflow in the Telephony Se...
Jan 14, 2025This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on affected systems by sending specially crafted req...
Jan 14, 2025This is a heap-based buffer overflow vulnerability in Visual Studio that allows remote code execution when processing specially crafted files. Attacke...
Jan 14, 2025CVE-2024-56737 is a heap-based buffer overflow vulnerability in GNU GRUB2's HFS filesystem parser. Attackers can exploit this by providing specially c...
Dec 29, 2024CVE-2024-56732 is a heap-based buffer overflow vulnerability in HarfBuzz text shaping engine that could allow attackers to execute arbitrary code or c...
Dec 27, 2024This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) without authe...
Dec 12, 2024This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) without authe...
Dec 12, 2024This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) without authe...
Dec 12, 2024This vulnerability allows attackers on the same network to execute arbitrary code on Wyze Cam v3 IP cameras without authentication. The flaw exists in...
Nov 22, 2024This vulnerability in SQL Server Native Client allows remote attackers to execute arbitrary code by sending specially crafted requests to an affected ...
Nov 12, 2024This vulnerability in SQL Server Native Client allows remote attackers to execute arbitrary code by sending specially crafted requests to an affected ...
Nov 12, 2024This vulnerability in SQL Server Native Client allows remote attackers to execute arbitrary code by sending specially crafted requests to an affected ...
Nov 12, 2024This vulnerability in SQL Server Native Client allows remote attackers to execute arbitrary code by sending specially crafted requests to an affected ...
Nov 12, 2024This vulnerability in SQL Server Native Client allows remote attackers to execute arbitrary code by sending specially crafted network packets. It affe...
Nov 12, 2024This vulnerability in SQL Server Native Client allows remote attackers to execute arbitrary code by sending specially crafted requests to an affected ...
Nov 12, 2024This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS). Attackers ca...
Oct 8, 2024This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) by sending sp...
Oct 8, 2024This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) without authe...
Oct 8, 2024This vulnerability allows remote attackers to execute arbitrary code on Windows systems running the Telephony Server service. Attackers can exploit th...
Oct 8, 2024About Heap-based Buffer Overflow (CWE-122)
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory.
Our database tracks 846 CVEs classified as CWE-122, with 107 rated critical and 660 rated high severity. The average CVSS score for Heap-based Buffer Overflow vulnerabilities is 8.0.
External reference: View CWE-122 on MITRE CWE →
Monitor Heap-based Buffer Overflow Vulnerabilities
Get alerted when new Heap-based Buffer Overflow CVEs affect your infrastructure.
Start Monitoring Free