CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 197 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31219 | Hig | 0.46 | 7.1 | 0.01 | May 12, 2025 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system… | ||
| CVE-2024-36129 | Hig | 0.46 | 8.2 | 0.01 | Jun 5, 2024 | The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version… | ||
| CVE-2024-27791 | Hig | 0.46 | 7.1 | 0.00 | Apr 24, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3. An app may be able to corrupt coprocessor memory. | ||
| CVE-2020-36441 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for AtomicBox with no requirement for T: Send and T: Sync. | |
| CVE-2020-36440 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder, it implements Send for any R: Read. | |
| CVE-2020-36439 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket and WriteTicket. | |
| CVE-2020-36438 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future does not have bounds on its Send and Sync traits. | |
| CVE-2020-36437 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender. | |
| CVE-2020-36436 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab and Unordered<T, S> do not have bounds on their Send and Sync traits. | |
| CVE-2020-36435 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and Sync do not have bounds checks. | |
| CVE-2020-1073 | Hig | 0.46 | 8.1 | 0.09 | Jun 9, 2020 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | ||
| CVE-2018-10055 | Hig | 0.46 | 8.1 | 0.00 | Apr 24, 2019 | Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. | ||
| CVE-2018-5905 | — | Hig | 0.46 | 7.0 | 0.00 | Sep 19, 2018 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access. | |
| CVE-2018-16664 | Hig | 0.46 | 7.0 | 0.00 | Sep 7, 2018 | An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). | ||
| CVE-2017-7467 | — | Hig | 0.46 | 7.0 | 0.03 | Jul 11, 2018 | A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. | |
| CVE-2018-5718 | Hig | 0.46 | 7.1 | 0.00 | Jun 12, 2018 | Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or… | ||
| CVE-2018-8061 | Hig | 0.46 | 7.1 | 0.00 | May 10, 2018 | HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write. | ||
| CVE-2017-14450 | Hig | 0.46 | 7.1 | 0.02 | Apr 24, 2018 | A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. | ||
| CVE-2017-13850 | Hig | 0.46 | 7.1 | 0.01 | Apr 3, 2018 | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted… | ||
| CVE-2017-15834 | Hig | 0.46 | 7.0 | 0.00 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow. |
- risk 0.46cvss 7.1epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system…
- risk 0.46cvss 8.2epss 0.01
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version…
- risk 0.46cvss 7.1epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3. An app may be able to corrupt coprocessor memory.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for AtomicBox with no requirement for T: Send and T: Sync.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder, it implements Send for any R: Read.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket and WriteTicket.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future does not have bounds on its Send and Sync traits.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab and Unordered<T, S> do not have bounds on their Send and Sync traits.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and Sync do not have bounds checks.
- risk 0.46cvss 8.1epss 0.09
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.
- risk 0.46cvss 8.1epss 0.00
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.
- risk 0.46cvss 7.0epss 0.00
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access.
- risk 0.46cvss 7.0epss 0.00
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand).
- risk 0.46cvss 7.0epss 0.03
A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.
- risk 0.46cvss 7.1epss 0.00
Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or…
- risk 0.46cvss 7.1epss 0.00
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write.
- risk 0.46cvss 7.1epss 0.02
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.
- risk 0.46cvss 7.1epss 0.01
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted…
- risk 0.46cvss 7.0epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow.