VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 307 of 549
  • CVE-2009-3809Oct 27, 2009
    risk 0.03cvss epss 0.02

    Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file.

  • CVE-2009-3807Oct 27, 2009
    risk 0.03cvss epss 0.03

    Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.

  • CVE-2009-3709Oct 16, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.

  • CVE-2009-3708Oct 16, 2009
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a (1) description or (2) keyword META tag. NOTE: the provenance of this information is…

  • CVE-2009-3670Oct 11, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.

  • CVE-2009-3574Oct 6, 2009
    risk 0.03cvss epss 0.05

    Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow.

  • CVE-2009-3536Oct 2, 2009
    risk 0.03cvss epss 0.06

    Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file.

  • CVE-2009-3522Oct 1, 2009
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL…

  • CVE-2009-3484Sep 30, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information.

  • CVE-2009-3428Sep 25, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file.

  • CVE-2009-3364Sep 24, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.

  • CVE-2009-3338Sep 24, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file.

  • CVE-2009-3254Sep 18, 2009
    risk 0.03cvss epss 0.05

    Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.

  • CVE-2009-3253Sep 18, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.

  • CVE-2009-3234Sep 17, 2009
    risk 0.03cvss epss 0.02

    Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call.

  • CVE-2009-3221Sep 16, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file.

  • CVE-2009-3213Sep 16, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file.

  • CVE-2008-7162Sep 4, 2009
    risk 0.03cvss epss 0.06

    Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.

  • CVE-2009-3058Sep 3, 2009
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file.

  • CVE-2009-2961Aug 25, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file.