VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (12,280)

page 273 of 614
  • CVE-2025-6093MedJun 15, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability classified as critical was found in uYanki board-stm32f103rc-berial up to 84daed541609cb7b46854cc6672a275d1007e295. This vulnerability affects the function heartrate1_i2c_hal_write of the file 7.Example/hal/i2c/max30100/Manual/demo2/2/heartrate1_hal.c. The…

  • CVE-2025-24111MedMay 12, 2025
    risk 0.36cvss 5.5epss 0.00

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected…

  • CVE-2025-3007MedMar 31, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to…

  • CVE-2021-47367MedMay 21, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix pages leaking when building skb in big mode We try to use build_skb() if we had sufficient tailroom. But we forget to release the unused pages chained via private in big mode which will leak…

  • CVE-2021-46748MedNov 14, 2023
    risk 0.36cvss 5.5epss 0.00

    Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.

  • CVE-2023-27506MedAug 11, 2023
    risk 0.36cvss 5.5epss 0.00

    Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2022-20570MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.00

    Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A

  • CVE-2020-27802MedAug 25, 2022
    risk 0.36cvss 5.5epss 0.00

    An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

  • CVE-2020-27798MedAug 25, 2022
    risk 0.36cvss 5.5epss 0.00

    An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

  • CVE-2020-27797MedAug 25, 2022
    risk 0.36cvss 5.5epss 0.00

    An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

  • CVE-2021-26257MedAug 18, 2022
    risk 0.36cvss 5.5epss 0.00

    Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2022-34529MedJul 27, 2022
    risk 0.36cvss 5.5epss 0.00

    WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill.

  • CVE-2020-23563MedJul 18, 2022
    risk 0.36cvss 5.5epss 0.00

    IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba.

  • CVE-2021-44975MedMay 24, 2022
    risk 0.36cvss 5.5epss 0.01

    radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.

  • CVE-2021-26378MedMay 11, 2022
    risk 0.36cvss 5.5epss 0.00

    Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

  • CVE-2021-26372MedMay 11, 2022
    risk 0.36cvss 5.5epss 0.00

    Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

  • CVE-2021-26364MedMay 11, 2022
    risk 0.36cvss 5.5epss 0.00

    Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.

  • CVE-2021-26352MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.

  • CVE-2020-13495MedApr 18, 2022
    risk 0.36cvss 5.5epss 0.01

    An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability…

  • CVE-2021-22479MedFeb 25, 2022
    risk 0.36cvss 5.5epss 0.00

    The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.