CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Parents

CWE-118

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (9,861)

page 14 of 494

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-14628	Cri	0.64	9.8	0.00	Sep 21, 2017	In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.
CVE-2017-0781	Hig	0.64	8.8	0.42	Sep 14, 2017	A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
CVE-2017-13011	Cri	0.64	9.8	0.01	Sep 14, 2017	Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().
CVE-2017-8686	Cri	0.64	9.8	0.08	Sep 13, 2017	The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability".
CVE-2017-14265	Cri	0.64	9.8	0.01	Sep 11, 2017	A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
CVE-2017-14064	Cri	0.64	9.8	0.01	Aug 31, 2017	Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
CVE-2017-12708	Cri	0.64	9.8	0.01	Aug 30, 2017	An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.
CVE-2017-12706	Cri	0.64	9.8	0.02	Aug 30, 2017	A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
CVE-2017-12865	Cri	0.64	9.8	0.05	Aug 29, 2017	Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
CVE-2017-8380	Cri	0.64	9.8	0.03	Aug 28, 2017	Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-1430	Cri	0.64	9.8	0.00	Aug 28, 2017	Buffer overflow in xymon 4.3.17-1.
CVE-2017-12707	Cri	0.64	9.8	0.01	Aug 25, 2017	A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.
CVE-2015-1801	Cri	0.64	9.8	0.02	Aug 24, 2017	The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.
CVE-2007-5341	Cri	0.64	9.8	0.02	Aug 18, 2017	Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVE-2007-5199	Cri	0.64	9.8	0.01	Aug 18, 2017	A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
CVE-2016-5871	Cri	0.64	9.8	0.00	Aug 18, 2017	In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.
CVE-2016-10392	Cri	0.64	9.8	0.00	Aug 18, 2017	In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.
CVE-2016-10343	Cri	0.64	9.8	0.00	Aug 18, 2017	In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.
CVE-2015-9071	Cri	0.64	9.8	0.00	Aug 18, 2017	In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
CVE-2015-9070	Cri	0.64	9.8	0.00	Aug 18, 2017	In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.

CVE-2017-14628CriSep 21, 2017
risk 0.64cvss 9.8epss 0.00
In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.
CVE-2017-0781HigSep 14, 2017
risk 0.64cvss 8.8epss 0.42
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
CVE-2017-13011CriSep 14, 2017
risk 0.64cvss 9.8epss 0.01
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().
CVE-2017-8686CriSep 13, 2017
risk 0.64cvss 9.8epss 0.08
The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability".
CVE-2017-14265CriSep 11, 2017
risk 0.64cvss 9.8epss 0.01
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
CVE-2017-14064CriAug 31, 2017
risk 0.64cvss 9.8epss 0.01
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
CVE-2017-12708CriAug 30, 2017
risk 0.64cvss 9.8epss 0.01
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.
CVE-2017-12706CriAug 30, 2017
risk 0.64cvss 9.8epss 0.02
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
CVE-2017-12865CriAug 29, 2017
risk 0.64cvss 9.8epss 0.05
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
CVE-2017-8380CriAug 28, 2017
risk 0.64cvss 9.8epss 0.03
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-1430CriAug 28, 2017
risk 0.64cvss 9.8epss 0.00
Buffer overflow in xymon 4.3.17-1.
CVE-2017-12707CriAug 25, 2017
risk 0.64cvss 9.8epss 0.01
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.
CVE-2015-1801CriAug 24, 2017
risk 0.64cvss 9.8epss 0.02
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.
CVE-2007-5341CriAug 18, 2017
risk 0.64cvss 9.8epss 0.02
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVE-2007-5199CriAug 18, 2017
risk 0.64cvss 9.8epss 0.01
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
CVE-2016-5871CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.
CVE-2016-10392CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.
CVE-2016-10343CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.
CVE-2015-9071CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
CVE-2015-9070CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.