VYPR

CWE-118

Incorrect Access of Indexable Resource ('Range Error')

ClassIncomplete

Description

The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-14 · CAPEC-24 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (13)

  • CVE-2016-10495CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range.

  • CVE-2015-9142CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636,…

  • CVE-2015-2004CriMar 29, 2018
    risk 0.64cvss 9.8epss 0.02

    The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

  • CVE-2015-2003CriMar 29, 2018
    risk 0.64cvss 9.8epss 0.02

    The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

  • CVE-2015-2002CriMar 29, 2018
    risk 0.64cvss 9.8epss 0.02

    The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

  • CVE-2015-2001CriMar 29, 2018
    risk 0.64cvss 9.8epss 0.02

    The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

  • CVE-2015-2000CriMar 29, 2018
    risk 0.64cvss 9.8epss 0.02

    The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

  • CVE-2014-9411CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.

  • CVE-2018-7530HigApr 17, 2018
    risk 0.51cvss 7.8epss 0.00

    Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator…

  • CVE-2017-5884HigFeb 28, 2017
    risk 0.51cvss 7.8epss 0.02

    gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

  • CVE-2017-10872MedDec 22, 2017
    risk 0.42cvss 6.5epss 0.02

    H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.

  • CVE-2017-0302MedMay 9, 2017
    risk 0.35cvss 5.3epss 0.01

    In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.

  • CVE-2022-38072Apr 3, 2023
    risk 0.00cvss epss 0.01

    An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this…