VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 184 of 549
  • CVE-2017-16803HigNov 13, 2017
    risk 0.49cvss 7.5epss 0.03

    In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a…

  • CVE-2017-10875HigNov 13, 2017
    risk 0.49cvss 7.5epss 0.01

    I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.

  • CVE-2017-12280HigNov 2, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial…

  • CVE-2017-15938HigOct 27, 2017
    risk 0.49cvss 7.5epss 0.05

    dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name…

  • CVE-2017-14328HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.01

    Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.

  • CVE-2017-15650HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

  • CVE-2015-4421HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.01

    The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input.

  • CVE-2017-12260HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial…

  • CVE-2017-12259HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS)…

  • CVE-2017-15601HigOct 18, 2017
    risk 0.49cvss 7.5epss 0.02

    In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.

  • CVE-2017-8727HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft…

  • CVE-2017-11822HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.08

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…

  • CVE-2017-11813HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.08

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka…

  • CVE-2017-11808HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11804HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11800HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2017-11798HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-1000254HigOct 6, 2017
    risk 0.49cvss 7.5epss 0.08

    libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing…

  • CVE-2017-12270HigOct 5, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the…

  • CVE-2017-1000118HigOct 5, 2017
    risk 0.49cvss 7.5epss 0.01

    Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service