VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 121 of 549
  • CVE-2018-3582HigJun 12, 2018
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2018-3581HigJun 12, 2018
    risk 0.51cvss 7.8epss 0.00

    In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid.

  • CVE-2018-3572HigJun 12, 2018
    risk 0.51cvss 7.8epss 0.00

    While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2017-18070HigJun 12, 2018
    risk 0.51cvss 7.8epss 0.00

    In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF…

  • CVE-2017-15854HigJun 12, 2018
    risk 0.51cvss 7.8epss 0.00

    The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox…

  • CVE-2018-12233HigJun 12, 2018
    risk 0.51cvss 7.8epss 0.02

    In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with…

  • CVE-2018-12112HigJun 11, 2018
    risk 0.51cvss 7.8epss 0.01

    md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2018-4242HigJun 8, 2018
    risk 0.51cvss 7.8epss 0.03

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2018-4236HigJun 8, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2018-4234HigJun 8, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2018-4215HigJun 8, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted app.

  • CVE-2018-4211HigJun 8, 2018
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code…

  • CVE-2018-3578HigJun 6, 2018
    risk 0.51cvss 7.8epss 0.00

    Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2018-3565HigJun 6, 2018
    risk 0.51cvss 7.8epss 0.00

    While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur.

  • CVE-2017-18154HigJun 6, 2018
    risk 0.51cvss 7.8epss 0.00

    A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2018-11498HigMay 26, 2018
    risk 0.51cvss 7.8epss 0.02

    In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service…

  • CVE-2018-7687HigMay 21, 2018
    risk 0.51cvss 7.8epss 0.00

    The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.

  • CVE-2018-4928HigMay 19, 2018
    risk 0.51cvss 7.8epss 0.04

    Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-5827HigMay 17, 2018
    risk 0.51cvss 7.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.

  • CVE-2018-3568HigMay 17, 2018
    risk 0.51cvss 7.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.