CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 179 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19183 | — | Hig | 0.49 | 7.5 | 0.03 | Nov 12, 2018 | ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to… | |
| CVE-2018-7632 | — | Hig | 0.49 | 7.5 | 0.01 | Oct 9, 2018 | Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL. | |
| CVE-2018-17962 | Hig | 0.49 | 7.5 | 0.04 | Oct 9, 2018 | Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. | ||
| CVE-2018-17540 | Hig | 0.49 | 7.5 | 0.04 | Oct 3, 2018 | The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. | ||
| CVE-2017-7908 | — | Hig | 0.49 | 7.6 | 0.01 | Oct 2, 2018 | A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls. | |
| CVE-2018-17847 | — | Hig | 0.49 | 7.5 | 0.03 | Oct 1, 2018 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call. | |
| CVE-2018-14821 | Hig | 0.49 | 7.5 | 0.04 | Sep 20, 2018 | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually… | ||
| CVE-2018-17143 | — | Hig | 0.49 | 7.5 | 0.03 | Sep 17, 2018 | The html package (aka x/net/html) through 2018-09-17 in Go mishandles <isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. | |
| CVE-2018-17106 | Hig | 0.49 | 7.5 | 0.01 | Sep 16, 2018 | In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname. | ||
| CVE-2017-1083 | Hig | 0.49 | 7.5 | 0.01 | Sep 12, 2018 | In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow. | ||
| CVE-2018-16333 | Hig | 0.49 | 7.5 | 0.02 | Sep 2, 2018 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a… | ||
| CVE-2018-15354 | Hig | 0.49 | 7.5 | 0.02 | Aug 17, 2018 | A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. | ||
| CVE-2017-9003 | Hig | 0.49 | 7.5 | 0.04 | Aug 6, 2018 | Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not… | ||
| CVE-2016-9597 | Hig | 0.49 | 7.5 | 0.04 | Jul 30, 2018 | It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as… | ||
| CVE-2018-14743 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2018 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c. | ||
| CVE-2018-14742 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2018 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy. | ||
| CVE-2018-14741 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2018 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c. | ||
| CVE-2018-14740 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2018 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query. | ||
| CVE-2018-14739 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2018 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c. | ||
| CVE-2018-14738 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2018 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c. |
- risk 0.49cvss 7.5epss 0.03
ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to…
- risk 0.49cvss 7.5epss 0.01
Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL.
- risk 0.49cvss 7.5epss 0.04
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
- risk 0.49cvss 7.5epss 0.04
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
- risk 0.49cvss 7.6epss 0.01
A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.
- risk 0.49cvss 7.5epss 0.03
The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
- risk 0.49cvss 7.5epss 0.04
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually…
- risk 0.49cvss 7.5epss 0.03
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
- risk 0.49cvss 7.5epss 0.01
In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname.
- risk 0.49cvss 7.5epss 0.01
In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a…
- risk 0.49cvss 7.5epss 0.02
A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118.
- risk 0.49cvss 7.5epss 0.04
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not…
- risk 0.49cvss 7.5epss 0.04
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c.