VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 12 of 549
  • CVE-2018-3917CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.01

    On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this…

  • CVE-2018-3905CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.01

    An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON…

  • CVE-2018-3878CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.02

    Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload,…

  • CVE-2018-1000221CriAug 20, 2018
    risk 0.64cvss 9.8epss 0.01

    pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This…

  • CVE-2018-15353CriAug 17, 2018
    risk 0.64cvss 9.8epss 0.08

    A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.

  • CVE-2018-6414CriAug 13, 2018
    risk 0.64cvss 9.8epss 0.03

    A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or…

  • CVE-2018-14939CriAug 5, 2018
    risk 0.64cvss 9.8epss 0.02

    The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have…

  • CVE-2017-14444CriAug 2, 2018
    risk 0.64cvss 9.9epss 0.01

    An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP…

  • CVE-2018-10628CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.05

    AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow…

  • CVE-2017-3223CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.05

    Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the…

  • CVE-2018-14564CriJul 23, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.

  • CVE-2018-14563CriJul 23, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption.

  • CVE-2018-14531CriJul 23, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp.

  • CVE-2018-12784CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.10

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2016-6559CriJul 13, 2018
    risk 0.64cvss 9.8epss 0.04

    Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications.…

  • CVE-2018-13869CriJul 10, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.

  • CVE-2018-5885CriJul 6, 2018
    risk 0.64cvss 9.8epss 0.01

    While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear.

  • CVE-2018-5878CriJul 6, 2018
    risk 0.64cvss 9.8epss 0.01

    While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

  • CVE-2018-12113CriJul 5, 2018
    risk 0.64cvss 9.8epss 0.07

    Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.

  • CVE-2018-7780CriJul 3, 2018
    risk 0.64cvss 9.8epss 0.01

    In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".