VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 179 of 549
  • CVE-2018-19183HigNov 12, 2018
    risk 0.49cvss 7.5epss 0.03

    ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to…

  • CVE-2018-7632HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL.

  • CVE-2018-17962HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.04

    Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

  • CVE-2018-17540HigOct 3, 2018
    risk 0.49cvss 7.5epss 0.04

    The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.

  • CVE-2017-7908HigOct 2, 2018
    risk 0.49cvss 7.6epss 0.01

    A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.

  • CVE-2018-17847HigOct 1, 2018
    risk 0.49cvss 7.5epss 0.03

    The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.

  • CVE-2018-14821HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.04

    Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually…

  • CVE-2018-17143HigSep 17, 2018
    risk 0.49cvss 7.5epss 0.03

    The html package (aka x/net/html) through 2018-09-17 in Go mishandles <isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.

  • CVE-2018-17106HigSep 16, 2018
    risk 0.49cvss 7.5epss 0.01

    In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname.

  • CVE-2017-1083HigSep 12, 2018
    risk 0.49cvss 7.5epss 0.01

    In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow.

  • CVE-2018-16333HigSep 2, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a…

  • CVE-2018-15354HigAug 17, 2018
    risk 0.49cvss 7.5epss 0.02

    A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118.

  • CVE-2017-9003HigAug 6, 2018
    risk 0.49cvss 7.5epss 0.04

    Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not…

  • CVE-2016-9597HigJul 30, 2018
    risk 0.49cvss 7.5epss 0.04

    It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as…

  • CVE-2018-14743HigJul 30, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.

  • CVE-2018-14742HigJul 30, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.

  • CVE-2018-14741HigJul 30, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c.

  • CVE-2018-14740HigJul 30, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.

  • CVE-2018-14739HigJul 30, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c.

  • CVE-2018-14738HigJul 30, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c.