CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
ClassStableLikelihood: High
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (9,859)
page 278 of 493| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2003-1375 | 0.03 | — | 0.00 | Dec 31, 2003 | Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument. | ||
| CVE-2003-1407 | 0.03 | — | 0.04 | Dec 31, 2003 | Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. | ||
| CVE-2003-1518 | 0.03 | — | 0.04 | Dec 31, 2003 | Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message. | ||
| CVE-2003-1512 | 0.03 | — | 0.04 | Dec 31, 2003 | Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request. | ||
| CVE-2003-1354 | 0.03 | — | 0.04 | Dec 31, 2003 | Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942. | ||
| CVE-2003-1478 | 0.03 | — | 0.02 | Dec 31, 2003 | Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm. | ||
| CVE-2003-1473 | 0.03 | — | 0.00 | Dec 31, 2003 | Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable. | ||
| CVE-2003-1359 | 0.03 | — | 0.00 | Dec 31, 2003 | Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument. | ||
| CVE-2003-1472 | 0.03 | — | 0.05 | Dec 31, 2003 | Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner. | ||
| CVE-2003-1461 | 0.03 | — | 0.00 | Dec 31, 2003 | Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473). | ||
| CVE-2002-2357 | 0.03 | — | 0.03 | Dec 31, 2002 | MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow. | ||
| CVE-2002-2258 | 0.03 | — | 0.05 | Dec 31, 2002 | Moby NetSuite allows remote attackers to cause a denial of service (crash) via an HTTP POST request with a (1) large integer or (2) non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call. | ||
| CVE-2002-0070 | 0.03 | — | 0.32 | Mar 15, 2002 | Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. | ||
| CVE-2001-1582 | 0.03 | — | 0.00 | Dec 31, 2001 | Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap. | ||
| CVE-2001-0576 | 0.03 | — | 0.01 | Aug 22, 2001 | lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter. | ||
| CVE-1999-0700 | 0.03 | — | 0.06 | Jul 29, 1999 | Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. | ||
| CVE-1999-0027 | 0.03 | — | 0.00 | Jul 16, 1997 | root privileges via buffer overflow in eject command on SGI IRIX systems. | ||
| CVE-2015-6166 | 0.02 | — | 0.21 | Dec 9, 2015 | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close requests, aka "Microsoft Silverlight RCE Vulnerability." | ||
| CVE-2015-6162 | 0.02 | — | 0.28 | Dec 9, 2015 | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6152. | ||
| CVE-2015-6159 | 0.02 | — | 0.19 | Dec 9, 2015 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, and CVE-2015-6160. |