CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
We have discovered 372,686 live websites that are affected by CWE-120.
CVEs
- Count - 13
CWE References
Website Distribution by Country
Number of websites using CWE-120 United States | 56,003 websites |
 France | 158,067 websites |
 Russia | 16,806 websites |
 China | 13,869 websites |
 Germany | 13,123 websites |
 Netherlands | 13,013 websites |
 Japan | 12,447 websites |
 Poland | 8,022 websites |
 Brazil | 6,929 websites |
 Italy | 6,816 websites |
Website Distribution by TLD
Number of websites using CWE-120| .com | 144,218 websites |
| .fr | 66,009 websites |
| .ru | 14,365 websites |
| .org | 14,214 websites |
| .net | 10,945 websites |
| .nl | 9,556 websites |
| .be | 8,227 websites |
| .de | 8,046 websites |
| .pl | 7,709 websites |
| .it | 6,794 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-120| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Feb, 2026 | CVE-2026-27942 | fast-xml-parser has stack overflow in XMLBuilder with preserveOrder | 347 |
| Jul, 2025 | CVE-2025-48386 | Git allows a buffer overflow in 'wincred' credential helper | 474 |
| Mar, 2023 | CVE-2023-25664 | TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad | 29 |
| Nov, 2022 | CVE-2022-41894 | Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite | 27 |
| Jun, 2022 | CVE-2022-31626 | mysqlnd/pdo password buffer overflow | 252,271 |
| Nov, 2021 | CVE-2021-41221 | Access to invalid memory during shape inference in `Cudnn*` ops | 25 |
| Nov, 2021 | CVE-2021-41216 | Heap buffer overflow in `Transpose` | 25 |
| Aug, 2021 | CVE-2021-37650 | Segfault and heap buffer overflow in `{Experimental,}DatasetToTFRecord` in TensorFlow | 25 |
| May, 2021 | CVE-2021-29612 | Heap buffer overflow in `BandedTriangularSolve` | 25 |
| May, 2021 | CVE-2021-29540 | Heap buffer overflow in `Conv2DBackpropFilter` | 25 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-120| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Jun, 2022 | CVE-2022-31626 | mysqlnd/pdo password buffer overflow | 252,271 |
| Oct, 2019 | CVE-2019-11043 | Underflow in PHP-FPM can lead to RCE | 119,565 |
| Jul, 2025 | CVE-2025-48386 | Git allows a buffer overflow in 'wincred' credential helper | 474 |
| Feb, 2026 | CVE-2026-27942 | fast-xml-parser has stack overflow in XMLBuilder with preserveOrder | 347 |
| Mar, 2023 | CVE-2023-25664 | TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad | 29 |
| Nov, 2022 | CVE-2022-41894 | Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite | 27 |
| May, 2021 | CVE-2021-29520 | Heap buffer overflow in `Conv3DBackprop*` | 25 |
| May, 2021 | CVE-2021-29540 | Heap buffer overflow in `Conv2DBackpropFilter` | 25 |
| May, 2021 | CVE-2021-29612 | Heap buffer overflow in `BandedTriangularSolve` | 25 |
| Aug, 2021 | CVE-2021-37650 | Segfault and heap buffer overflow in `{Experimental,}DatasetToTFRecord` in TensorFlow | 25 |
Websites affected by CWE-120
Top websites that are affected by CWE-120. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *.cn | China | *,*** | |
| *****.pl | Poland | *,*** | |
| *********.org | United States | *,*** | |
| *********.com | China | *,*** | |
| ****.com | China | *,*** | |
| **********.org | United States | *,*** | |
| ******.com | France | *,*** | |
| *******.pro | Russia | *,*** | |
| *****.**.com | China | *,*** | |
| *****.org | United States | *,*** |