VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 188 of 549
  • CVE-2017-8522HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to…

  • CVE-2017-8521HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.06

    Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from…

  • CVE-2017-8520HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from…

  • CVE-2017-8519HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.06

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in…

  • CVE-2017-8517HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user…

  • CVE-2017-8499HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from…

  • CVE-2017-8497HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from…

  • CVE-2017-7910HigJun 14, 2017
    risk 0.49cvss 7.5epss 0.02

    A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack.

  • CVE-2017-9469HigJun 7, 2017
    risk 0.49cvss 7.5epss 0.06

    In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.

  • CVE-2017-9372HigJun 2, 2017
    risk 0.49cvss 7.5epss 0.04

    PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq…

  • CVE-2017-9351HigJun 2, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.

  • CVE-2017-9348HigJun 2, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.

  • CVE-2017-6633HigMay 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An…

  • CVE-2017-9048HigMay 18, 2017
    risk 0.49cvss 7.5epss 0.05

    libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function…

  • CVE-2017-9047HigMay 18, 2017
    risk 0.49cvss 7.5epss 0.03

    A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the…

  • CVE-2017-0221HigMay 12, 2017
    risk 0.49cvss 7.5epss 0.05

    A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.

  • CVE-2017-5240HigMay 3, 2017
    risk 0.49cvss 7.5epss 0.01

    Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.

  • CVE-2017-8398HigMay 1, 2017
    risk 0.49cvss 7.5epss 0.02

    dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.

  • CVE-2017-8397HigMay 1, 2017
    risk 0.49cvss 7.5epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes…

  • CVE-2017-8073HigApr 23, 2017
    risk 0.49cvss 7.5epss 0.03

    WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.