VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 15 of 549
  • CVE-2017-5399CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5398CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.04

    Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8,…

  • CVE-2017-5392CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are…

  • CVE-2017-5377CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.

  • CVE-2017-5374CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51.

  • CVE-2017-5373CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7,…

  • CVE-2016-9893CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and…

  • CVE-2016-9080CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.

  • CVE-2016-5290CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox…

  • CVE-2016-5289CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.

  • CVE-2018-0315CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.08

    A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of…

  • CVE-2017-18269CriMay 18, 2018
    risk 0.64cvss 9.8epss 0.05

    An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address…

  • CVE-2018-10996CriMay 12, 2018
    risk 0.64cvss 9.8epss 0.05

    The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.

  • CVE-2016-10722CriMay 2, 2018
    risk 0.64cvss 9.8epss 0.03

    partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user…

  • CVE-2016-10721CriMay 2, 2018
    risk 0.64cvss 9.8epss 0.02

    partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application.

  • CVE-2017-17833CriApr 23, 2018
    risk 0.64cvss 9.8epss 0.04

    OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

  • CVE-2018-10238CriApr 20, 2018
    risk 0.64cvss 9.8epss 0.02

    bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu()…

  • CVE-2017-3774CriApr 19, 2018
    risk 0.64cvss 9.8epss 0.01

    A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and…

  • CVE-2018-8840CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.08

    A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

  • CVE-2016-10493CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD…