VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 206 of 549
  • CVE-2024-12147MedDec 4, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to…

  • CVE-2024-8937MedNov 13, 2024
    risk 0.42cvss 6.5epss 0.01

    CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area…

  • CVE-2024-30253HigApr 17, 2024
    risk 0.42cvss 7.5epss 0.01

    @solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may…

  • CVE-2022-2584HigDec 27, 2022
    risk 0.42cvss 7.5epss 0.01

    The dag-pb codec can panic when decoding invalid blocks.

  • CVE-2022-35922HigAug 1, 2022
    risk 0.42cvss 7.5epss 0.01

    Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would…

  • CVE-2022-28946HigMay 19, 2022
    risk 0.42cvss 7.5epss 0.01

    An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.

  • CVE-2021-22789MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580…

  • CVE-2020-26243HigNov 25, 2020
    risk 0.42cvss 7.5epss 0.03

    Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the…

  • CVE-2020-1065HigMay 21, 2020
    risk 0.42cvss 7.5epss 0.08

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

  • CVE-2018-16713MedSep 26, 2018
    risk 0.42cvss 6.5epss 0.02

    IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction…

  • CVE-2018-6038MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.02

    Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-14320MedSep 17, 2018
    risk 0.42cvss 6.5epss 0.02

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within…

  • CVE-2018-0644MedSep 7, 2018
    risk 0.42cvss 6.5epss 0.01

    Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer…

  • CVE-2018-1000663MedSep 6, 2018
    risk 0.42cvss 6.5epss 0.01

    jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code.

  • CVE-2018-15897MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn.

  • CVE-2017-15396MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15416MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.

  • CVE-2017-15415MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.

  • CVE-2018-1159MedAug 23, 2018
    risk 0.42cvss 6.5epss 0.02

    Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.

  • CVE-2017-2575MedAug 22, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.