CWE-122Heap-based Buffer Overflow

Abstraction: Variant · CVEs in our corpus: 2,148

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control	Title	Family	Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2015-3113` KEV	9.5	9.8	0.9250	2015-06-23
`CVE-2023-27997` KEV	9.3	9.8	0.8890	2023-06-13
`CVE-2021-21017` KEV	9.2	8.8	0.9020	2021-02-11
`CVE-2024-38812` KEV	8.6	9.8	0.7787	2024-09-17
`CVE-2024-49138` KEV	8.6	7.8	0.8483	2024-12-12
`CVE-2025-21333` KEV	8.5	7.8	0.8228	2025-01-14
`CVE-2023-4911` KEV	7.6	7.8	0.6719	2023-10-03
`CVE-2024-38077`	7.4	9.8	0.9028	2024-07-09
`CVE-2023-28252` KEV	7.3	7.8	0.6244	2023-04-11
`CVE-2024-4323`	7.0	9.8	0.8464	2024-05-20
`CVE-2019-3568` KEV	6.8	9.8	0.4796	2019-05-14
`CVE-2023-36824`	6.8	7.4	0.8900	2023-07-11
`CVE-2024-26229`	6.7	7.8	0.8576	2024-04-09
`CVE-2023-28231`	6.3	8.8	0.7551	2023-04-11
`CVE-2024-30051` KEV	6.2	7.8	0.4353	2024-05-14
`CVE-2023-44442`	5.2	7.8	0.6033	2024-05-03
`CVE-2020-16010` KEV	5.1	9.6	0.1963	2020-11-03
`CVE-2023-23376` KEV	4.9	7.8	0.2255	2023-02-14
`CVE-2024-30085`	4.9	7.8	0.5524	2024-06-11
`CVE-2021-26691`	4.8	9.8	0.4782	2021-06-10
`CVE-2024-20697`	4.4	7.3	0.4943	2024-01-09
`CVE-2025-21418` KEV	4.4	7.8	0.1327	2025-02-11
`CVE-2020-25681`	4.3	8.1	0.4536	2021-01-20
`CVE-2021-28558`	4.3	8.8	0.4154	2021-09-02
`CVE-2021-28638`	4.1	7.8	0.4220	2021-08-20