VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 404 of 549
  • CVE-2015-4142Jun 15, 2015
    risk 0.00cvss epss 0.04

    Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds…

  • CVE-2015-4141Jun 15, 2015
    risk 0.00cvss epss 0.03

    The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer…

  • CVE-2014-8176Jun 12, 2015
    risk 0.00cvss epss 0.17

    The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS…

  • CVE-2015-4469Jun 11, 2015
    risk 0.00cvss epss 0.01

    The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.

  • CVE-2015-1768Jun 10, 2015
    risk 0.00cvss epss 0.02

    win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability."

  • CVE-2015-3905Jun 8, 2015
    risk 0.00cvss epss 0.07

    Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

  • CVE-2015-4002Jun 7, 2015
    risk 0.00cvss epss 0.08

    drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code…

  • CVE-2015-1000Jun 5, 2015
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter.

  • CVE-2015-2282Jun 2, 2015
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and…

  • CVE-2015-2278Jun 2, 2015
    risk 0.00cvss epss 0.02

    The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows…

  • CVE-2015-4060May 29, 2015
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header.

  • CVE-2015-4059May 29, 2015
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header.

  • CVE-2015-3331May 27, 2015
    risk 0.00cvss epss 0.10

    The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and…

  • CVE-2015-2666May 27, 2015
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges…

  • CVE-2015-3906May 26, 2015
    risk 0.00cvss epss 0.02

    The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a…

  • CVE-2015-3815May 26, 2015
    risk 0.00cvss epss 0.03

    The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a…

  • CVE-2015-0986May 26, 2015
    risk 0.00cvss epss 0.02

    Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.

  • CVE-2015-4092May 26, 2015
    risk 0.00cvss epss 0.03

    Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690.

  • CVE-2015-2946May 25, 2015
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the Open CAD Format Council SXF common library before 3.30 allows remote attackers to execute arbitrary code via a crafted CAD file.

  • CVE-2015-0120May 25, 2015
    risk 0.00cvss epss 0.01

    Buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 has unspecified impact and remote attack vectors.