CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
ClassStableLikelihood: High
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (9,859)
page 276 of 493| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-5094 | 0.03 | — | 0.06 | Sep 26, 2007 | Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line. | ||
| CVE-2007-4731 | 0.03 | — | 0.36 | Sep 12, 2007 | Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005. | ||
| CVE-2007-4821 | 0.03 | — | 0.05 | Sep 11, 2007 | Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169. | ||
| CVE-2007-4812 | 0.03 | — | 0.05 | Sep 11, 2007 | Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method. | ||
| CVE-2007-4648 | 0.03 | — | 0.00 | Aug 31, 2007 | The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations. | ||
| CVE-2007-4635 | 0.03 | — | 0.03 | Aug 31, 2007 | Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2007-4586 | 0.03 | — | 0.05 | Aug 29, 2007 | Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. | ||
| CVE-2007-4584 | 0.03 | — | 0.05 | Aug 29, 2007 | Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable. | ||
| CVE-2007-4004 | 0.03 | — | 0.00 | Jul 26, 2007 | Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries. | ||
| CVE-2006-4183 | 0.03 | — | 0.39 | Jul 18, 2007 | Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding. | ||
| CVE-2007-3638 | 0.03 | — | 0.05 | Jul 10, 2007 | Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | ||
| CVE-2007-2295 | 0.03 | — | 0.41 | Apr 26, 2007 | Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file. | ||
| CVE-2007-1709 | 0.03 | — | 0.01 | Mar 27, 2007 | Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string. | ||
| CVE-2007-0005 | 0.03 | — | 0.00 | Mar 10, 2007 | Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges. | ||
| CVE-2007-1381 | 0.03 | — | 0.05 | Mar 10, 2007 | The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow. | ||
| CVE-2007-0777 | 0.03 | — | 0.43 | Feb 26, 2007 | The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. | ||
| CVE-2007-0790 | 0.03 | — | 0.05 | Feb 6, 2007 | Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. | ||
| CVE-2007-0444 | 0.03 | — | 0.02 | Jan 24, 2007 | Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions. | ||
| CVE-2007-0355 | 0.03 | — | 0.01 | Jan 19, 2007 | Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. | ||
| CVE-2007-0235 | 0.03 | — | 0.00 | Jan 16, 2007 | Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor. |