CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
ClassStableLikelihood: High
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (9,861)
page 273 of 494| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-5281 | 0.03 | — | 0.01 | Nov 29, 2008 | Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. | ||
| CVE-2008-5229 | 0.03 | — | 0.01 | Nov 25, 2008 | Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. | ||
| CVE-2008-5049 | 0.03 | — | 0.00 | Nov 13, 2008 | Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the (1) 0x002224A4, (2) 0x002224C0, and (3) 0x002224CC IOCTL. | ||
| CVE-2008-5048 | 0.03 | — | 0.00 | Nov 13, 2008 | Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL. | ||
| CVE-2008-5045 | 0.03 | — | 0.06 | Nov 13, 2008 | Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long. | ||
| CVE-2007-6432 | 0.03 | — | 0.35 | Oct 31, 2008 | Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a malformed .PMD file, related to "Key Strings," a different vulnerability than CVE-2007-5169 and CVE-2007-5394. | ||
| CVE-2008-3862 | 0.03 | — | 0.35 | Oct 23, 2008 | Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests." | ||
| CVE-2008-4470 | 0.03 | — | 0.04 | Oct 7, 2008 | Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname. | ||
| CVE-2008-4110 | 0.03 | — | 0.38 | Sep 16, 2008 | Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. | ||
| CVE-2008-4087 | 0.03 | — | 0.04 | Sep 15, 2008 | Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field. | ||
| CVE-2008-3531 | 0.03 | — | 0.00 | Sep 5, 2008 | Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions." | ||
| CVE-2008-3702 | 0.03 | — | 0.06 | Aug 15, 2008 | Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument to the (1) ReadGIF or (2) ReadGIF2 method. | ||
| CVE-2008-3667 | 0.03 | — | 0.04 | Aug 13, 2008 | Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header. | ||
| CVE-2008-3430 | 0.03 | — | 0.05 | Jul 31, 2008 | Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer. | ||
| CVE-2008-1809 | 0.03 | — | 0.33 | Jul 14, 2008 | Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." | ||
| CVE-2008-3148 | 0.03 | — | 0.04 | Jul 11, 2008 | Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f allows user-assisted attackers to execute arbitrary code via a crafted DLL file that contains a long string. | ||
| CVE-2008-0956 | 0.03 | — | 0.37 | Jun 12, 2008 | Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2007-6020 | 0.03 | — | 0.35 | Apr 10, 2008 | Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file. | ||
| CVE-2007-5405 | 0.03 | — | 0.35 | Apr 10, 2008 | Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag. | ||
| CVE-2008-1020 | 0.03 | — | 0.41 | Apr 4, 2008 | Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. |