What CVEs are caused by CWE-121?

3,143 recorded CVEs are attributed to CWE-121, including CVE-2022-20699, CVE-2022-20700, CVE-2022-20701. 18 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

How do you prevent CWE-121?

Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.

How is CWE-121 detected?

Fuzzing: Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.

What are the consequences of CWE-121?

Exploiting CWE-121 can lead to: Modify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), Execute Unauthorized Code or Commands, Bypass Protection Mechanism.

Is CWE-121 actively exploited?

Yes. 18 CWE-121 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 3,143 recorded CVEs.

Variant weakness

Draft

CWE-121: Stack-based Buffer Overflow

Also known as: Stack Overflow, Stack Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Last updated May 1, 2026

3,143

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

High

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

CWE-121 (Stack-based Buffer Overflow) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, stack-based buffer overflows:

Vulnerable example

#define BUFSIZE 256

The buffer size is fixed, but there is no guarantee the string in argv[1] will not exceed this size and cause an overflow.

This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.

Vulnerable example

void host_lookup(char *user_supplied_addr){

CWE-121: Stack-based Buffer Overflow (Stack Overflow)

CWE-121: Stack-based Buffer Overflow

Overview

CWE-121: Stack-based Buffer Overflow

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Automated Static Analysis

Automated Dynamic Analysis

Code examples

Illustrative examples

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-121?

What CVEs are caused by CWE-121?

How do you prevent CWE-121?

How is CWE-121 detected?

What are the consequences of CWE-121?

Is CWE-121 actively exploited?

References

Stay ahead of CWE-121

Overview

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Automated Static Analysis

Automated Dynamic Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-121?

What CVEs are caused by CWE-121?

How do you prevent CWE-121?

How is CWE-121 detected?

What are the consequences of CWE-121?

Is CWE-121 actively exploited?

References

Stay ahead of CWE-121