Home/CWE/Heap-based Buffer Overflow
Weakness

Heap-based Buffer Overflow

CWE-122 · Variant · Draft

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-787 · Out-of-bounds Write
ChildOfCWE-788 · Access of Memory Location After End of Buffer

Attack Patterns (CAPEC)

1
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-92Forced Integer Overflow

CVEs With This Weakness

2,204
A sample of the 2,204 CVEs tagged with this weakness.
CVECVE-2026-8560
CVECVE-2026-8552
CVECVE-2026-8531
CVECVE-2026-8529
CVECVE-2026-8525
CVECVE-2026-8509
CVECVE-2026-8261
CVECVE-2026-8213
CVECVE-2026-8212
CVECVE-2026-8087
CVECVE-2026-8086
CVECVE-2026-7900
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin