CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 26 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12814 | Cri | 0.64 | 9.8 | 0.07 | Sep 28, 2017 | Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. | ||
| CVE-2017-11121 | Cri | 0.64 | 9.8 | 0.03 | Sep 28, 2017 | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. | ||
| CVE-2017-14637 | Cri | 0.64 | 9.8 | 0.02 | Sep 22, 2017 | In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address. | ||
| CVE-2017-14632 | Cri | 0.64 | 9.8 | 0.06 | Sep 21, 2017 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | ||
| CVE-2017-14631 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. | ||
| CVE-2017-14628 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. | ||
| CVE-2017-13011 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). | ||
| CVE-2017-14265 | Cri | 0.64 | 9.8 | 0.04 | Sep 11, 2017 | A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | ||
| CVE-2017-14064 | Cri | 0.64 | 9.8 | 0.09 | Aug 31, 2017 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of… | ||
| CVE-2017-12708 | Cri | 0.64 | 9.8 | 0.03 | Aug 30, 2017 | An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which… | ||
| CVE-2017-12706 | Cri | 0.64 | 9.8 | 0.03 | Aug 30, 2017 | A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based… | ||
| CVE-2017-12865 | Cri | 0.64 | 9.8 | 0.06 | Aug 29, 2017 | Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | ||
| CVE-2015-8299 | Cri | 0.64 | 9.8 | 0.06 | Aug 29, 2017 | Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet. | ||
| CVE-2017-8380 | Cri | 0.64 | 9.8 | 0.04 | Aug 28, 2017 | Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. | ||
| CVE-2015-1430 | Cri | 0.64 | 9.8 | 0.01 | Aug 28, 2017 | Buffer overflow in xymon 4.3.17-1. | ||
| CVE-2017-12707 | Cri | 0.64 | 9.8 | 0.03 | Aug 25, 2017 | A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. | ||
| CVE-2015-1801 | Cri | 0.64 | 9.8 | 0.04 | Aug 24, 2017 | The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. | ||
| CVE-2007-5341 | Cri | 0.64 | 9.8 | 0.03 | Aug 18, 2017 | Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. | ||
| CVE-2007-5199 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2017 | A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. | ||
| CVE-2016-5871 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. |
- risk 0.64cvss 9.8epss 0.07
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
- risk 0.64cvss 9.8epss 0.03
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.
- risk 0.64cvss 9.8epss 0.02
In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.
- risk 0.64cvss 9.8epss 0.06
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
- risk 0.64cvss 9.8epss 0.02
In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow.
- risk 0.64cvss 9.8epss 0.02
In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.
- risk 0.64cvss 9.8epss 0.03
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().
- risk 0.64cvss 9.8epss 0.04
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
- risk 0.64cvss 9.8epss 0.09
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of…
- risk 0.64cvss 9.8epss 0.03
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which…
- risk 0.64cvss 9.8epss 0.03
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based…
- risk 0.64cvss 9.8epss 0.06
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
- risk 0.64cvss 9.8epss 0.06
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
- risk 0.64cvss 9.8epss 0.04
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
- risk 0.64cvss 9.8epss 0.01
Buffer overflow in xymon 4.3.17-1.
- risk 0.64cvss 9.8epss 0.03
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.
- risk 0.64cvss 9.8epss 0.04
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.
- risk 0.64cvss 9.8epss 0.03
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
- risk 0.64cvss 9.8epss 0.02
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.