CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Parents

CWE-118

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (9,878)

page 389 of 494

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2013-4571	MediaWiki Mediawiki	—	0.01	May 12, 2014	Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.
CVE-2014-2136	Cisco Systems, Inc. Webex Recording Format Player	—	0.04	May 8, 2014	Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166.
CVE-2014-2135	Cisco Systems, Inc. Webex Recording Format Player	—	0.04	May 8, 2014	Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603.
CVE-2014-2134	Cisco Systems, Inc. Webex Recording Format Player	—	0.02	May 8, 2014	Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458.
CVE-2014-2133	Cisco Systems, Inc. Webex Recording Format Player	—	0.04	May 8, 2014	Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565.
CVE-2014-2132	Cisco Systems, Inc. Webex Recording Format Player	—	0.01	May 8, 2014	Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768.
CVE-2014-0595	Novell Open Enterprise Server	—	0.00	May 8, 2014	/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.
CVE-2014-0469	Debian Xbuffy	—	0.04	May 5, 2014	Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines.
CVE-2014-2172	Cisco Systems, Inc. Telepresence Tc Software	—	0.00	May 2, 2014	Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693.
CVE-2014-1443	Coreftp Coreftp	—	0.00	May 2, 2014	Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read.
CVE-2014-1528	Oracle Corporation Solaris	—	0.01	Apr 30, 2014	The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.
CVE-2014-0088	—	—	0.03	Apr 29, 2014	The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.
CVE-2013-4565	Debian Ppthtml	—	0.03	Apr 25, 2014	Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.
CVE-2014-1647	Symantec Encryption Desktop	—	0.00	Apr 23, 2014	Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
CVE-2014-1646	Symantec Encryption Desktop	—	0.00	Apr 23, 2014	Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
CVE-2014-1319	Apple Inc. Mac Os X	—	0.01	Apr 23, 2014	Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
CVE-2012-5044	Cisco Systems, Inc. Cisco iOS	—	0.00	Apr 23, 2014	Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.
CVE-2012-1317	Cisco Systems, Inc. Cisco iOS	—	0.00	Apr 23, 2014	The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
CVE-2014-2892	Libmms Project Libmms	—	0.05	Apr 22, 2014	Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
CVE-2013-6370	Fedoraproject Fedora	—	0.03	Apr 22, 2014	Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.

CVE-2013-4571May 12, 2014
MediaWiki
Mediawiki
risk 0.00cvss —epss 0.01
Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.
CVE-2014-2136May 8, 2014
Cisco Systems, Inc.
Webex Recording Format Player
risk 0.00cvss —epss 0.04
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166.
CVE-2014-2135May 8, 2014
Cisco Systems, Inc.
Webex Recording Format Player
risk 0.00cvss —epss 0.04
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603.
CVE-2014-2134May 8, 2014
Cisco Systems, Inc.
Webex Recording Format Player
risk 0.00cvss —epss 0.02
Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458.
CVE-2014-2133May 8, 2014
Cisco Systems, Inc.
Webex Recording Format Player
risk 0.00cvss —epss 0.04
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565.
CVE-2014-2132May 8, 2014
Cisco Systems, Inc.
Webex Recording Format Player
risk 0.00cvss —epss 0.01
Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768.
CVE-2014-0595May 8, 2014
Novell
Open Enterprise Server
risk 0.00cvss —epss 0.00
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.
CVE-2014-0469May 5, 2014
Debian
Xbuffy
risk 0.00cvss —epss 0.04
Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines.
CVE-2014-2172May 2, 2014
Cisco Systems, Inc.
Telepresence Tc Software
risk 0.00cvss —epss 0.00
Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693.
CVE-2014-1443May 2, 2014
Coreftp
Coreftp
risk 0.00cvss —epss 0.00
Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read.
CVE-2014-1528Apr 30, 2014
Oracle Corporation
Solaris
risk 0.00cvss —epss 0.01
The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.
CVE-2014-0088Apr 29, 2014
risk 0.00cvss —epss 0.03
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.
CVE-2013-4565Apr 25, 2014
Debian
Ppthtml
risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.
CVE-2014-1647Apr 23, 2014
Symantec
Encryption Desktop
risk 0.00cvss —epss 0.00
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
CVE-2014-1646Apr 23, 2014
Symantec
Encryption Desktop
risk 0.00cvss —epss 0.00
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
CVE-2014-1319Apr 23, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
CVE-2012-5044Apr 23, 2014
Cisco Systems, Inc.
Cisco iOS
risk 0.00cvss —epss 0.00
Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.
CVE-2012-1317Apr 23, 2014
Cisco Systems, Inc.
Cisco iOS
risk 0.00cvss —epss 0.00
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
CVE-2014-2892Apr 22, 2014
Libmms Project
Libmms
risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
CVE-2013-6370Apr 22, 2014
Fedoraproject
Fedora
risk 0.00cvss —epss 0.03
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.