VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 33 of 549
  • CVE-2017-2973CriFeb 15, 2017
    risk 0.64cvss 9.8epss 0.09

    Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-8364CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow.

  • CVE-2016-7447CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2016-7446CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

  • CVE-2016-10164CriFeb 1, 2017
    risk 0.64cvss 9.8epss 0.08

    Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated…

  • CVE-2017-5486CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.03

    The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

  • CVE-2017-5485CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.03

    The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().

  • CVE-2017-5484CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.06

    The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().

  • CVE-2017-5483CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.03

    The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().

  • CVE-2017-5482CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.06

    The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.

  • CVE-2017-5342CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.06

    In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().

  • CVE-2017-5341CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.05

    The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().

  • CVE-2017-5205CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.04

    The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

  • CVE-2017-5204CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.06

    The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

  • CVE-2017-5203CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.04

    The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().

  • CVE-2017-5202CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.04

    The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

  • CVE-2016-8575CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.06

    The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.

  • CVE-2016-8574CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.03

    The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().

  • CVE-2016-7993CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.03

    A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).

  • CVE-2016-7992CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.03

    The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().