CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (12,280)
page 273 of 614| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6093 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2025 | A vulnerability classified as critical was found in uYanki board-stm32f103rc-berial up to 84daed541609cb7b46854cc6672a275d1007e295. This vulnerability affects the function heartrate1_i2c_hal_write of the file 7.Example/hal/i2c/max30100/Manual/demo2/2/heartrate1_hal.c. The… | ||
| CVE-2025-24111 | Med | 0.36 | 5.5 | 0.00 | May 12, 2025 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected… | ||
| CVE-2025-3007 | Med | 0.36 | 5.5 | 0.00 | Mar 31, 2025 | A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to… | ||
| CVE-2021-47367 | Med | 0.36 | 5.5 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix pages leaking when building skb in big mode We try to use build_skb() if we had sufficient tailroom. But we forget to release the unused pages chained via private in big mode which will leak… | ||
| CVE-2021-46748 | Med | 0.36 | 5.5 | 0.00 | Nov 14, 2023 | Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. | ||
| CVE-2023-27506 | — | Med | 0.36 | 5.5 | 0.00 | Aug 11, 2023 | Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2022-20570 | Med | 0.36 | 5.5 | 0.00 | Dec 16, 2022 | Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A | ||
| CVE-2020-27802 | Med | 0.36 | 5.5 | 0.00 | Aug 25, 2022 | An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | ||
| CVE-2020-27798 | Med | 0.36 | 5.5 | 0.00 | Aug 25, 2022 | An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | ||
| CVE-2020-27797 | Med | 0.36 | 5.5 | 0.00 | Aug 25, 2022 | An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | ||
| CVE-2021-26257 | Med | 0.36 | 5.5 | 0.00 | Aug 18, 2022 | Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2022-34529 | — | Med | 0.36 | 5.5 | 0.00 | Jul 27, 2022 | WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill. | |
| CVE-2020-23563 | Med | 0.36 | 5.5 | 0.00 | Jul 18, 2022 | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba. | ||
| CVE-2021-44975 | Med | 0.36 | 5.5 | 0.01 | May 24, 2022 | radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. | ||
| CVE-2021-26378 | Med | 0.36 | 5.5 | 0.00 | May 11, 2022 | Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | ||
| CVE-2021-26372 | Med | 0.36 | 5.5 | 0.00 | May 11, 2022 | Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | ||
| CVE-2021-26364 | Med | 0.36 | 5.5 | 0.00 | May 11, 2022 | Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | ||
| CVE-2021-26352 | Med | 0.36 | 5.5 | 0.00 | May 10, 2022 | Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | ||
| CVE-2020-13495 | Med | 0.36 | 5.5 | 0.01 | Apr 18, 2022 | An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability… | ||
| CVE-2021-22479 | Med | 0.36 | 5.5 | 0.00 | Feb 25, 2022 | The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. |
- risk 0.36cvss 5.5epss 0.00
A vulnerability classified as critical was found in uYanki board-stm32f103rc-berial up to 84daed541609cb7b46854cc6672a275d1007e295. This vulnerability affects the function heartrate1_i2c_hal_write of the file 7.Example/hal/i2c/max30100/Manual/demo2/2/heartrate1_hal.c. The…
- risk 0.36cvss 5.5epss 0.00
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected…
- risk 0.36cvss 5.5epss 0.00
A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to…
- risk 0.36cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix pages leaking when building skb in big mode We try to use build_skb() if we had sufficient tailroom. But we forget to release the unused pages chained via private in big mode which will leak…
- risk 0.36cvss 5.5epss 0.00
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
- risk 0.36cvss 5.5epss 0.00
Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.36cvss 5.5epss 0.00
Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A
- risk 0.36cvss 5.5epss 0.00
An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
- risk 0.36cvss 5.5epss 0.00
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
- risk 0.36cvss 5.5epss 0.00
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
- risk 0.36cvss 5.5epss 0.00
Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.
- risk 0.36cvss 5.5epss 0.00
WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill.
- risk 0.36cvss 5.5epss 0.00
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba.
- risk 0.36cvss 5.5epss 0.01
radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.
- risk 0.36cvss 5.5epss 0.00
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.
- risk 0.36cvss 5.5epss 0.01
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability…
- risk 0.36cvss 5.5epss 0.00
The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.