VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 207 of 549
  • CVE-2018-15191MedAug 10, 2018
    risk 0.42cvss 6.5epss 0.01

    PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field.

  • CVE-2018-15188MedAug 10, 2018
    risk 0.42cvss 6.5epss 0.01

    PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.

  • CVE-2016-9577HigJul 27, 2018
    risk 0.42cvss 7.5epss 0.04

    A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

  • CVE-2018-3629MedJul 10, 2018
    risk 0.42cvss 6.5epss 0.01

    Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet.

  • CVE-2018-10872MedJul 10, 2018
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction…

  • CVE-2017-2668MedJun 22, 2018
    risk 0.42cvss 6.5epss 0.03

    389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in…

  • CVE-2016-10523HigMay 31, 2018
    risk 0.42cvss 7.5epss 0.02

    MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.

  • CVE-2016-10518HigMay 31, 2018
    risk 0.42cvss 7.5epss 0.02

    A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly…

  • CVE-2018-11578MedMay 31, 2018
    risk 0.42cvss 6.5epss 0.01

    GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.

  • CVE-2018-11224MedMay 17, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

  • CVE-2018-10958MedMay 10, 2018
    risk 0.42cvss 6.5epss 0.03

    In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.

  • CVE-2018-10774MedMay 7, 2018
    risk 0.42cvss 6.5epss 0.01

    Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml.

  • CVE-2018-10772MedMay 7, 2018
    risk 0.42cvss 6.5epss 0.02

    The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2018-4146MedApr 3, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves…

  • CVE-2017-7066MedApr 3, 2018
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11.

  • CVE-2018-8977MedMar 25, 2018
    risk 0.42cvss 6.5epss 0.02

    In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.

  • CVE-2017-18243MedMar 22, 2018
    risk 0.42cvss 6.5epss 0.01

    The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.

  • CVE-2018-7874MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.01

    An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2018-7726MedMar 6, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

  • CVE-2018-7725MedMar 6, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.