CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Parents

CWE-118

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (9,861)

page 16 of 494

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2014-9976	Cri	0.64	9.8	0.00	Aug 18, 2017	In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.
CVE-2014-9974	Cri	0.64	9.8	0.00	Aug 18, 2017	In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster.
CVE-2014-9973	Cri	0.64	9.8	0.00	Aug 18, 2017	In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.
CVE-2014-9968	Cri	0.64	9.8	0.00	Aug 18, 2017	In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.
CVE-2015-1817	Cri	0.64	9.8	0.00	Aug 18, 2017	Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.
CVE-2017-12942	Cri	0.64	9.8	0.00	Aug 18, 2017	libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
CVE-2017-7555	Cri	0.64	9.8	0.01	Aug 17, 2017	Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
CVE-2017-8248	Cri	0.64	9.8	0.02	Aug 16, 2017	A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.
CVE-2017-3124	Cri	0.64	9.8	0.09	Aug 11, 2017	Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution.
CVE-2017-12762	Cri	0.64	9.8	0.01	Aug 9, 2017	In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
CVE-2017-12562	Cri	0.64	9.8	0.02	Aug 5, 2017	Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2017-12424	Cri	0.64	9.8	0.01	Aug 4, 2017	In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
CVE-2017-11721	Cri	0.64	9.8	0.03	Aug 3, 2017	Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.
CVE-2017-11643	Cri	0.64	9.8	0.01	Jul 26, 2017	GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
CVE-2017-11636	Cri	0.64	9.8	0.01	Jul 26, 2017	GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.
CVE-2017-7062	Cri	0.64	9.8	0.05	Jul 20, 2017	An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (application crash).
CVE-2017-11362	Cri	0.64	9.8	0.02	Jul 17, 2017	In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.
CVE-2017-1000075	Cri	0.64	9.8	0.01	Jul 17, 2017	Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function
CVE-2017-1000074	Cri	0.64	9.8	0.01	Jul 17, 2017	Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.
CVE-2017-1000073	Cri	0.64	9.8	0.03	Jul 17, 2017	Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution.

CVE-2014-9976CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.
CVE-2014-9974CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster.
CVE-2014-9973CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.
CVE-2014-9968CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.
CVE-2015-1817CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.
CVE-2017-12942CriAug 18, 2017
risk 0.64cvss 9.8epss 0.00
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
CVE-2017-7555CriAug 17, 2017
risk 0.64cvss 9.8epss 0.01
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
CVE-2017-8248CriAug 16, 2017
risk 0.64cvss 9.8epss 0.02
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.
CVE-2017-3124CriAug 11, 2017
risk 0.64cvss 9.8epss 0.09
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution.
CVE-2017-12762CriAug 9, 2017
risk 0.64cvss 9.8epss 0.01
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
CVE-2017-12562CriAug 5, 2017
risk 0.64cvss 9.8epss 0.02
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2017-12424CriAug 4, 2017
risk 0.64cvss 9.8epss 0.01
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
CVE-2017-11721CriAug 3, 2017
risk 0.64cvss 9.8epss 0.03
Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.
CVE-2017-11643CriJul 26, 2017
risk 0.64cvss 9.8epss 0.01
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
CVE-2017-11636CriJul 26, 2017
risk 0.64cvss 9.8epss 0.01
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.
CVE-2017-7062CriJul 20, 2017
risk 0.64cvss 9.8epss 0.05
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (application crash).
CVE-2017-11362CriJul 17, 2017
risk 0.64cvss 9.8epss 0.02
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.
CVE-2017-1000075CriJul 17, 2017
risk 0.64cvss 9.8epss 0.01
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function
CVE-2017-1000074CriJul 17, 2017
risk 0.64cvss 9.8epss 0.01
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.
CVE-2017-1000073CriJul 17, 2017
risk 0.64cvss 9.8epss 0.03
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution.