CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 216 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-1776 | Med | 0.40 | 6.1 | 0.01 | Sep 6, 2011 | The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer… | ||
| CVE-2024-21961 | — | Med | 0.39 | — | 0.00 | Feb 13, 2026 | Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability. | |
| CVE-2023-31352 | Med | 0.39 | 6.0 | 0.00 | Feb 11, 2025 | A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data. | ||
| CVE-2023-28638 | Hig | 0.39 | 7.0 | 0.01 | Mar 27, 2023 | Snappier is a high performance C# implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers.… | ||
| CVE-2022-24788 | Hig | 0.39 | 7.1 | 0.01 | Apr 13, 2022 | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length,… | ||
| CVE-2018-15120 | Med | 0.39 | 6.5 | 0.12 | Aug 24, 2018 | libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | ||
| CVE-2016-9586 | Med | 0.39 | 5.9 | 0.05 | Apr 23, 2018 | curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could… | ||
| CVE-2015-5315 | Med | 0.39 | 5.9 | 0.03 | Feb 21, 2018 | The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of… | ||
| CVE-2015-5314 | Med | 0.39 | 5.9 | 0.02 | Feb 21, 2018 | The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime… | ||
| CVE-2017-6193 | Med | 0.39 | 5.5 | 0.08 | Feb 20, 2018 | Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk. | ||
| CVE-2017-6192 | Med | 0.39 | 5.5 | 0.07 | Feb 20, 2018 | Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor. | ||
| CVE-2018-3610 | Med | 0.39 | 6.0 | 0.00 | Jan 9, 2018 | SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition. | ||
| CVE-2016-10504 | Med | 0.39 | 6.5 | 0.08 | Aug 30, 2017 | Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. | ||
| CVE-2017-11548 | Med | 0.39 | 5.5 | 0.04 | Jul 31, 2017 | The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file. | ||
| CVE-2017-11331 | Med | 0.39 | 5.5 | 0.04 | Jul 31, 2017 | The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. | ||
| CVE-2017-9412 | Med | 0.39 | 5.5 | 0.04 | Jul 27, 2017 | The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. | ||
| CVE-2017-6982 | Med | 0.39 | 5.5 | 0.02 | May 22, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app. | ||
| CVE-2016-2519 | Med | 0.39 | 5.9 | 0.07 | Jan 30, 2017 | ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. | ||
| CVE-2016-6416 | Med | 0.39 | 5.9 | 0.02 | Oct 5, 2016 | The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service… | ||
| CVE-2016-7179 | Med | 0.39 | 5.9 | 0.03 | Sep 9, 2016 | Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
- risk 0.40cvss 6.1epss 0.01
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer…
- risk 0.39cvss —epss 0.00
Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.
- risk 0.39cvss 6.0epss 0.00
A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.
- risk 0.39cvss 7.0epss 0.01
Snappier is a high performance C# implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers.…
- risk 0.39cvss 7.1epss 0.01
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length,…
- risk 0.39cvss 6.5epss 0.12
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
- risk 0.39cvss 5.9epss 0.05
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could…
- risk 0.39cvss 5.9epss 0.03
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of…
- risk 0.39cvss 5.9epss 0.02
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime…
- risk 0.39cvss 5.5epss 0.08
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.
- risk 0.39cvss 5.5epss 0.07
Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor.
- risk 0.39cvss 6.0epss 0.00
SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition.
- risk 0.39cvss 6.5epss 0.08
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
- risk 0.39cvss 5.5epss 0.04
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
- risk 0.39cvss 5.5epss 0.04
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
- risk 0.39cvss 5.5epss 0.04
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
- risk 0.39cvss 5.5epss 0.02
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.
- risk 0.39cvss 5.9epss 0.07
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
- risk 0.39cvss 5.9epss 0.02
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service…
- risk 0.39cvss 5.9epss 0.03
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.