CWE · MITRE source
CWE-122Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: full · 7 mapping(s) from 3 framework(s): ATT&CK 5 (partial) · ASVS 5.0 1 (full) · CAPEC 1 (partial)
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2009-3459 KEV | 10.0 | 8.8 | 0.8647 | 2009-10-13 |
CVE-2015-3113 KEV | 10.0 | 9.8 | 0.9994 | 2015-06-23 |
CVE-2019-3568 KEV | 10.0 | 9.8 | 0.3917 | 2019-05-14 |
CVE-2020-16010 KEV | 10.0 | 9.6 | 0.0641 | 2020-11-03 |
CVE-2021-21017 KEV | 10.0 | 8.8 | 0.8621 | 2021-02-11 |
CVE-2023-23376 KEV | 10.0 | 7.8 | 0.1085 | 2023-02-14 |
CVE-2023-28252 KEV | 10.0 | 7.8 | 0.4897 | 2023-04-11 |
CVE-2023-27997 KEV | 10.0 | 9.8 | 0.8569 | 2023-06-13 |
CVE-2023-4911 KEV | 10.0 | 7.8 | 0.8142 | 2023-10-03 |
CVE-2023-36036 KEV | 10.0 | 7.8 | 0.1654 | 2023-11-14 |
CVE-2024-30051 KEV | 10.0 | 7.8 | 0.0569 | 2024-05-14 |
CVE-2024-38812 KEV | 10.0 | 9.8 | 0.5414 | 2024-09-17 |
CVE-2024-49138 KEV | 10.0 | 7.8 | 0.2541 | 2024-12-12 |
CVE-2025-21333 KEV | 10.0 | 7.8 | 0.0980 | 2025-01-14 |
CVE-2025-21418 KEV | 10.0 | 7.8 | 0.0146 | 2025-02-11 |
CVE-2025-24985 KEV | 10.0 | 7.8 | 0.0370 | 2025-03-11 |
CVE-2025-24993 KEV | 10.0 | 7.8 | 0.0209 | 2025-03-11 |
CVE-2020-6146 | 8.0 | 8.8 | 0.7847 | 2020-09-16 |
CVE-2020-24435 | 8.0 | 7.8 | 0.5128 | 2020-11-05 |
CVE-2020-25683 | 8.0 | 5.9 | 0.8604 | 2021-01-20 |
CVE-2020-25681 | 8.0 | 8.1 | 0.8119 | 2021-01-20 |
CVE-2020-25682 | 8.0 | 8.1 | 0.7075 | 2021-01-20 |
CVE-2020-25687 | 8.0 | 5.9 | 0.8669 | 2021-01-20 |
CVE-2021-26691 | 8.0 | 9.8 | 0.6807 | 2021-06-10 |
CVE-2021-28560 | 8.0 | 8.8 | 0.6692 | 2021-09-02 |