VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 216 of 549
  • CVE-2011-1776MedSep 6, 2011
    risk 0.40cvss 6.1epss 0.01

    The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer…

  • CVE-2024-21961MedFeb 13, 2026
    risk 0.39cvss epss 0.00

    Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.

  • CVE-2023-31352MedFeb 11, 2025
    risk 0.39cvss 6.0epss 0.00

    A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.

  • CVE-2023-28638HigMar 27, 2023
    risk 0.39cvss 7.0epss 0.01

    Snappier is a high performance C# implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers.…

  • CVE-2022-24788HigApr 13, 2022
    risk 0.39cvss 7.1epss 0.01

    Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length,…

  • CVE-2018-15120MedAug 24, 2018
    risk 0.39cvss 6.5epss 0.12

    libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

  • CVE-2016-9586MedApr 23, 2018
    risk 0.39cvss 5.9epss 0.05

    curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could…

  • CVE-2015-5315MedFeb 21, 2018
    risk 0.39cvss 5.9epss 0.03

    The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of…

  • CVE-2015-5314MedFeb 21, 2018
    risk 0.39cvss 5.9epss 0.02

    The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime…

  • CVE-2017-6193MedFeb 20, 2018
    risk 0.39cvss 5.5epss 0.08

    Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.

  • CVE-2017-6192MedFeb 20, 2018
    risk 0.39cvss 5.5epss 0.07

    Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor.

  • CVE-2018-3610MedJan 9, 2018
    risk 0.39cvss 6.0epss 0.00

    SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition.

  • CVE-2016-10504MedAug 30, 2017
    risk 0.39cvss 6.5epss 0.08

    Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.

  • CVE-2017-11548MedJul 31, 2017
    risk 0.39cvss 5.5epss 0.04

    The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.

  • CVE-2017-11331MedJul 31, 2017
    risk 0.39cvss 5.5epss 0.04

    The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.

  • CVE-2017-9412MedJul 27, 2017
    risk 0.39cvss 5.5epss 0.04

    The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.

  • CVE-2017-6982MedMay 22, 2017
    risk 0.39cvss 5.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.

  • CVE-2016-2519MedJan 30, 2017
    risk 0.39cvss 5.9epss 0.07

    ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.

  • CVE-2016-6416MedOct 5, 2016
    risk 0.39cvss 5.9epss 0.02

    The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service…

  • CVE-2016-7179MedSep 9, 2016
    risk 0.39cvss 5.9epss 0.03

    Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.