CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 548 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-1558 | 0.00 | — | 0.03 | Dec 31, 2003 | Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function. | |||
| CVE-2003-1446 | 0.00 | — | 0.01 | Dec 31, 2003 | Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde). | |||
| CVE-2003-1464 | 0.00 | — | 0.02 | Dec 31, 2003 | Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name. | |||
| CVE-2003-1455 | 0.00 | — | 0.00 | Dec 31, 2003 | Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code. | |||
| CVE-2003-1470 | 0.00 | — | 0.05 | Dec 31, 2003 | Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name. | |||
| CVE-2003-1477 | 0.00 | — | 0.02 | Dec 31, 2003 | MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects." | |||
| CVE-2003-1494 | 0.00 | — | 0.03 | Dec 31, 2003 | Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet. | |||
| CVE-2003-1382 | 0.00 | — | 0.03 | Dec 31, 2003 | Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields. | |||
| CVE-2003-1377 | 0.00 | — | 0.03 | Dec 31, 2003 | Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname. | |||
| CVE-2003-1374 | 0.00 | — | 0.01 | Dec 31, 2003 | Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options. | |||
| CVE-2003-1360 | 0.00 | — | 0.01 | Dec 31, 2003 | Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable. | |||
| CVE-2003-1395 | 0.00 | — | 0.04 | Dec 31, 2003 | Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server. | |||
| CVE-2003-1415 | 0.00 | — | 0.01 | Dec 31, 2003 | NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification. | |||
| CVE-2003-1393 | 0.00 | — | 0.03 | Dec 31, 2003 | Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command. | |||
| CVE-2003-0373 | 0.00 | — | 0.00 | Jun 16, 2003 | Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to… | |||
| CVE-2003-0218 | 0.00 | — | 0.05 | May 12, 2003 | Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. | |||
| CVE-2002-1401 | 0.00 | — | 0.02 | Jan 17, 2003 | Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow. | |||
| CVE-2002-2248 | 0.00 | — | 0.06 | Dec 31, 2002 | Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. | |||
| CVE-2002-2271 | 0.00 | — | 0.01 | Dec 31, 2002 | Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string. | |||
| CVE-2002-2291 | 0.00 | — | 0.02 | Dec 31, 2002 | Calisto Internet Talker 0.04 and earlier allows remote attackers to cause a denial of service (hang) via a long request, possibly triggering a buffer overflow. |
- CVE-2003-1558Dec 31, 2003risk 0.00cvss —epss 0.03
Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function.
- CVE-2003-1446Dec 31, 2003risk 0.00cvss —epss 0.01
Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde).
- CVE-2003-1464Dec 31, 2003risk 0.00cvss —epss 0.02
Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name.
- CVE-2003-1455Dec 31, 2003risk 0.00cvss —epss 0.00
Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.
- CVE-2003-1470Dec 31, 2003risk 0.00cvss —epss 0.05
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.
- CVE-2003-1477Dec 31, 2003risk 0.00cvss —epss 0.02
MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects."
- CVE-2003-1494Dec 31, 2003risk 0.00cvss —epss 0.03
Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet.
- CVE-2003-1382Dec 31, 2003risk 0.00cvss —epss 0.03
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.
- CVE-2003-1377Dec 31, 2003risk 0.00cvss —epss 0.03
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.
- CVE-2003-1374Dec 31, 2003risk 0.00cvss —epss 0.01
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.
- CVE-2003-1360Dec 31, 2003risk 0.00cvss —epss 0.01
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.
- CVE-2003-1395Dec 31, 2003risk 0.00cvss —epss 0.04
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
- CVE-2003-1415Dec 31, 2003risk 0.00cvss —epss 0.01
NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification.
- CVE-2003-1393Dec 31, 2003risk 0.00cvss —epss 0.03
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.
- CVE-2003-0373Jun 16, 2003risk 0.00cvss —epss 0.00
Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to…
- CVE-2003-0218May 12, 2003risk 0.00cvss —epss 0.05
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
- CVE-2002-1401Jan 17, 2003risk 0.00cvss —epss 0.02
Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.
- CVE-2002-2248Dec 31, 2002risk 0.00cvss —epss 0.06
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
- CVE-2002-2271Dec 31, 2002risk 0.00cvss —epss 0.01
Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string.
- CVE-2002-2291Dec 31, 2002risk 0.00cvss —epss 0.02
Calisto Internet Talker 0.04 and earlier allows remote attackers to cause a denial of service (hang) via a long request, possibly triggering a buffer overflow.