Category

Stack Overflow

Security vulnerabilities and automated fixes for stack overflow issues

4 posts found

critical8 min

Critical Stack Buffer Overflow Fixed in sgl_log.c: What You Need to Know

A critical stack buffer overflow vulnerability was discovered and patched in `source/core/sgl_log.c`, where unsafe use of `strcpy` and `memcpy` without bounds checking could allow attackers to overwrite stack memory, corrupt return addresses, and potentially execute arbitrary code. This fix eliminates a classic CWE-120 vulnerability that has plagued C codebases for decades and serves as a timely reminder of why bounds-checked string operations are non-negotiable in systems programming. Understan

#security#buffer-overflow#c-programming+4 more
O
orbisai0security
May 16, 2026
critical9 min

Stack Buffer Overflow in vzic-parse.c: How Unbounded sprintf() Calls Enable Arbitrary Code Execution

A critical stack buffer overflow vulnerability was discovered and patched in vzic-parse.c, where unbounded sprintf() calls constructed file paths from timezone data fields into fixed-size stack buffers without any length validation. An attacker supplying a malicious timezone data file could overflow the stack buffer, overwrite the return address, and achieve arbitrary code execution. This fix serves as a timely reminder of why safe string-handling functions are non-negotiable in C code.

#c#buffer-overflow#stack-overflow+4 more
O
orbisai0security
May 15, 2026
critical8 min

Stack Overflow in C: How strcpy and strcat Put Games at Risk

A critical buffer overflow vulnerability was discovered and patched in a shared C header file (common.h) used across an entire suite of games, where unbounded strcpy and strcat calls could allow attackers to overwrite stack memory and hijack program execution. The fix eliminates dangerous unbounded string operations, protecting every game binary that includes this shared header. Understanding this vulnerability is essential for any developer working with C/C++ string handling.

#c-programming#buffer-overflow#cwe-120+4 more
O
orbisai0security
May 14, 2026
critical8 min

Stack Buffer Overflow in MapScale: How Five Unsafe sprintf Calls Created a Critical Vulnerability

A critical stack-based buffer overflow vulnerability was discovered and patched in `src/mapscale.c`, where five unbounded `sprintf` calls wrote formatted output into fixed-size stack buffers without any bounds checking. An attacker controlling unit text strings could overflow the stack buffer, potentially overwriting the function return address and achieving arbitrary code execution. The fix replaces dangerous `sprintf` calls with their bounds-checked counterparts, eliminating the overflow risk

#buffer-overflow#c-security#CWE-120+4 more
O
orbisai0security
May 13, 2026