VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 378 of 549
  • CVE-2018-1999011HigJul 23, 2018
    risk 0.00cvss 8.8epss 0.04

    FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file…

  • CVE-2018-11596MedMay 31, 2018
    risk 0.00cvss 5.5epss 0.01

    Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.

  • CVE-2018-11595HigMay 31, 2018
    risk 0.00cvss 7.8epss 0.01

    Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.

  • CVE-2018-11594MedMay 31, 2018
    risk 0.00cvss 5.5epss 0.01

    Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.

  • CVE-2018-11378HigMay 22, 2018
    risk 0.00cvss 7.8epss 0.01

    The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.

  • CVE-2018-10940MedMay 9, 2018
    risk 0.00cvss 5.5epss 0.01

    The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

  • CVE-2018-10689MedMay 3, 2018
    risk 0.00cvss 5.5epss 0.02

    blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted…

  • CVE-2018-10537HigApr 29, 2018
    risk 0.00cvss 7.8epss 0.02

    An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.

  • CVE-2018-10124MedApr 16, 2018
    risk 0.00cvss 5.5epss 0.01

    The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.

  • CVE-2018-7566HigMar 30, 2018
    risk 0.00cvss 7.8epss 0.01

    The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

  • CVE-2018-1091MedMar 27, 2018
    risk 0.00cvss 5.5epss 0.00

    In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of…

  • CVE-2018-1068MedMar 16, 2018
    risk 0.00cvss 6.7epss 0.00

    A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

  • CVE-2017-18222HigMar 8, 2018
    risk 0.00cvss 7.8epss 0.00

    In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other…

  • CVE-2018-7752HigMar 7, 2018
    risk 0.00cvss 7.8epss 0.02

    GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.

  • CVE-2018-7648CriMar 2, 2018
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.

  • CVE-2018-7485CriFeb 26, 2018
    risk 0.00cvss 9.8epss 0.03

    The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2017-18193MedFeb 22, 2018
    risk 0.00cvss 5.5epss 0.00

    fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.

  • CVE-2018-7247CriFeb 19, 2018
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.

  • CVE-2018-1000050HigFeb 9, 2018
    risk 0.00cvss 8.8epss 0.02

    Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a…

  • CVE-2017-16913MedJan 31, 2018
    risk 0.00cvss 5.9epss 0.04

    The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP…