VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 21 of 549
  • CVE-2017-14883CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using…

  • CVE-2017-14912CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in…

  • CVE-2018-9139CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.

  • CVE-2018-0175HigKEVMar 28, 2018
    risk 0.64cvss 8.0epss 0.04

    Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with…

  • CVE-2018-0541CriMar 22, 2018
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors.

  • CVE-2017-18067CriMar 15, 2018
    risk 0.64cvss 9.8epss 0.03

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.

  • CVE-2017-17773CriMar 15, 2018
    risk 0.64cvss 9.8epss 0.01

    In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper…

  • CVE-2017-15815CriMar 15, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame.

  • CVE-2016-10393CriMar 15, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer…

  • CVE-2018-6297CriMar 13, 2018
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow in Hanwha Techwin Smartcams

  • CVE-2016-5179CriMar 7, 2018
    risk 0.64cvss 9.8epss 0.02

    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.

  • CVE-2018-7552CriFeb 28, 2018
    risk 0.64cvss 9.8epss 0.02

    There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

  • CVE-2017-18206CriFeb 27, 2018
    risk 0.64cvss 9.8epss 0.03

    In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

  • CVE-2014-10072CriFeb 27, 2018
    risk 0.64cvss 9.8epss 0.03

    In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.

  • CVE-2014-10071CriFeb 27, 2018
    risk 0.64cvss 9.8epss 0.03

    In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.

  • CVE-2018-7409CriFeb 22, 2018
    risk 0.64cvss 9.8epss 0.03

    In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.

  • CVE-2018-5473CriFeb 19, 2018
    risk 0.64cvss 9.8epss 0.06

    An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote…

  • CVE-2016-8512CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.06

    A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.

  • CVE-2018-7039CriFeb 14, 2018
    risk 0.64cvss 9.8epss 0.01

    CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer…

  • CVE-2018-6953CriFeb 13, 2018
    risk 0.64cvss 9.8epss 0.02

    In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses.