CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (11,748)
page 588 of 588| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-2248 | 0.00 | — | 0.06 | Dec 31, 2002 | Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. | |||
| CVE-2002-2332 | 0.00 | — | 0.02 | Dec 31, 2002 | Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. | |||
| CVE-2002-1365 | 0.00 | — | 0.05 | Dec 23, 2002 | Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses. | |||
| CVE-2002-1200 | 0.00 | — | 0.06 | Oct 28, 2002 | Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and… | |||
| CVE-2002-1174 | 0.00 | — | 0.05 | Oct 11, 2002 | Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly… | |||
| CVE-2001-1456 | 0.00 | — | 0.06 | Sep 4, 2001 | Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message. | |||
| CVE-2001-0629 | 0.00 | — | 0.05 | Aug 14, 2001 | HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter. | |||
| CVE-1999-0876 | 0.00 | — | 0.06 | Jan 4, 2000 | Buffer overflow in Internet Explorer 4.0 via EMBED tag. |
- CVE-2002-2248Dec 31, 2002risk 0.00cvss —epss 0.06
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
- CVE-2002-2332Dec 31, 2002risk 0.00cvss —epss 0.02
Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
- CVE-2002-1365Dec 23, 2002risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
- CVE-2002-1200Oct 28, 2002risk 0.00cvss —epss 0.06
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and…
- CVE-2002-1174Oct 11, 2002risk 0.00cvss —epss 0.05
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly…
- CVE-2001-1456Sep 4, 2001risk 0.00cvss —epss 0.06
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.
- CVE-2001-0629Aug 14, 2001risk 0.00cvss —epss 0.05
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
- CVE-1999-0876Jan 4, 2000risk 0.00cvss —epss 0.06
Buffer overflow in Internet Explorer 4.0 via EMBED tag.