VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 549 of 549
  • CVE-2002-2257Dec 31, 2002
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument.

  • CVE-2002-2372Dec 31, 2002
    risk 0.00cvss epss 0.02

    The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow.

  • CVE-2002-2381Dec 31, 2002
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execute arbitrary code.

  • CVE-2002-2388Dec 31, 2002
    risk 0.00cvss epss 0.01

    Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command.

  • CVE-2002-2390Dec 31, 2002
    risk 0.00cvss epss 0.06

    Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.

  • CVE-2002-2396Dec 31, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option.

  • CVE-2002-2411Dec 31, 2002
    risk 0.00cvss epss 0.05

    Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers to execute arbitrary code via a long rcmd command.

  • CVE-2002-2271Dec 31, 2002
    risk 0.00cvss epss 0.01

    Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string.

  • CVE-2002-2291Dec 31, 2002
    risk 0.00cvss epss 0.02

    Calisto Internet Talker 0.04 and earlier allows remote attackers to cause a denial of service (hang) via a long request, possibly triggering a buffer overflow.

  • CVE-2002-2294Dec 31, 2002
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed…

  • CVE-2002-2333Dec 31, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

  • CVE-2002-2366Dec 31, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.

  • CVE-2002-2367Dec 31, 2002
    risk 0.00cvss epss 0.05

    Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.

  • CVE-2002-1365Dec 23, 2002
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.

  • CVE-2002-1200Oct 28, 2002
    risk 0.00cvss epss 0.06

    Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and…

  • CVE-2002-1174Oct 11, 2002
    risk 0.00cvss epss 0.05

    Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly…

  • CVE-2001-1456Sep 4, 2001
    risk 0.00cvss epss 0.06

    Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.

  • CVE-2001-0629Aug 14, 2001
    risk 0.00cvss epss 0.05

    HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.

  • CVE-1999-0876Jan 4, 2000
    risk 0.00cvss epss 0.06

    Buffer overflow in Internet Explorer 4.0 via EMBED tag.