VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 79 of 549
  • CVE-2021-30454CriApr 7, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader.

  • CVE-2021-28033CriMar 5, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.

  • CVE-2020-25489CriSep 17, 2020
    risk 0.57cvss 9.8epss 0.03

    A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.

  • CVE-2020-25614CriSep 16, 2020
    risk 0.57cvss 9.8epss 0.02

    xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.

  • CVE-2020-14968CriJun 22, 2020
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse…

  • CVE-2018-20998CriAug 26, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption.

  • CVE-2018-21000CriAug 26, 2019
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption.

  • CVE-2018-19800CriJun 7, 2019
    risk 0.57cvss 9.8epss 0.02

    aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.

  • CVE-2018-18920HigNov 12, 2018
    risk 0.57cvss 8.8epss 0.03

    Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart…

  • CVE-2018-18193HigOct 9, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.

  • CVE-2018-16711HigSep 26, 2018
    risk 0.57cvss 8.8epss 0.02

    IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction…

  • CVE-2018-17076HigSep 16, 2018
    risk 0.57cvss 8.8epss 0.01

    GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file.

  • CVE-2018-16782HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.01

    libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c.

  • CVE-2018-16768HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.01

    In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end.

  • CVE-2018-16767HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.01

    In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOp…

  • CVE-2018-16765HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.01

    In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.

  • CVE-2017-15406HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.01

    A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-15409HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15408HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.

  • CVE-2018-14793HigAug 21, 2018
    risk 0.57cvss 8.8epss 0.01

    DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.