VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 129 of 549
  • CVE-2017-8170HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to…

  • CVE-2017-8169HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to…

  • CVE-2017-8150HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter…

  • CVE-2017-2729HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a…

  • CVE-2017-2725HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The…

  • CVE-2017-2716HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter to the driver of the…

  • CVE-2017-2698HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to…

  • CVE-2017-2697HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C185B141 and earlier…

  • CVE-2017-2696HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions has a buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and…

  • CVE-2017-5711HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

  • CVE-2017-5707HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.

  • CVE-2017-5706HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.

  • CVE-2017-5705HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.

  • CVE-2017-16869HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.01

    p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no…

  • CVE-2017-1000187HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.01

    In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()

  • CVE-2017-0842HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.

  • CVE-2017-9721HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image.

  • CVE-2017-9719HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range.

  • CVE-2017-11085HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c

  • CVE-2017-11029HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user…