CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 79 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30454 | — | Cri | 0.57 | 9.8 | 0.01 | Apr 7, 2021 | An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader. | |
| CVE-2021-28033 | — | Cri | 0.57 | 9.8 | 0.01 | Mar 5, 2021 | An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. | |
| CVE-2020-25489 | — | Cri | 0.57 | 9.8 | 0.03 | Sep 17, 2020 | A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption. | |
| CVE-2020-25614 | — | Cri | 0.57 | 9.8 | 0.02 | Sep 16, 2020 | xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact. | |
| CVE-2020-14968 | — | Cri | 0.57 | 9.8 | 0.03 | Jun 22, 2020 | An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse… | |
| CVE-2018-20998 | — | Cri | 0.57 | 9.8 | 0.02 | Aug 26, 2019 | An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption. | |
| CVE-2018-21000 | — | Cri | 0.57 | 9.8 | 0.02 | Aug 26, 2019 | An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption. | |
| CVE-2018-19800 | — | Cri | 0.57 | 9.8 | 0.02 | Jun 7, 2019 | aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. | |
| CVE-2018-18920 | — | Hig | 0.57 | 8.8 | 0.03 | Nov 12, 2018 | Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart… | |
| CVE-2018-18193 | Hig | 0.57 | 8.8 | 0.01 | Oct 9, 2018 | An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp. | ||
| CVE-2018-16711 | Hig | 0.57 | 8.8 | 0.02 | Sep 26, 2018 | IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction… | ||
| CVE-2018-17076 | Hig | 0.57 | 8.8 | 0.01 | Sep 16, 2018 | GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file. | ||
| CVE-2018-16782 | Hig | 0.57 | 8.8 | 0.01 | Sep 10, 2018 | libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c. | ||
| CVE-2018-16768 | Hig | 0.57 | 8.8 | 0.01 | Sep 10, 2018 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end. | ||
| CVE-2018-16767 | Hig | 0.57 | 8.8 | 0.01 | Sep 10, 2018 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOp… | ||
| CVE-2018-16765 | Hig | 0.57 | 8.8 | 0.01 | Sep 10, 2018 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_. | ||
| CVE-2017-15406 | Hig | 0.57 | 8.8 | 0.01 | Aug 28, 2018 | A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2017-15409 | Hig | 0.57 | 8.8 | 0.02 | Aug 28, 2018 | Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2017-15408 | Hig | 0.57 | 8.8 | 0.02 | Aug 28, 2018 | Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. | ||
| CVE-2018-14793 | Hig | 0.57 | 8.8 | 0.01 | Aug 21, 2018 | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. |
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader.
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.
- risk 0.57cvss 9.8epss 0.03
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
- risk 0.57cvss 9.8epss 0.02
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.
- risk 0.57cvss 9.8epss 0.03
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse…
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption.
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption.
- risk 0.57cvss 9.8epss 0.02
aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.
- risk 0.57cvss 8.8epss 0.03
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
- risk 0.57cvss 8.8epss 0.02
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction…
- risk 0.57cvss 8.8epss 0.01
GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file.
- risk 0.57cvss 8.8epss 0.01
libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c.
- risk 0.57cvss 8.8epss 0.01
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end.
- risk 0.57cvss 8.8epss 0.01
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOp…
- risk 0.57cvss 8.8epss 0.01
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.
- risk 0.57cvss 8.8epss 0.01
A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
- risk 0.57cvss 8.8epss 0.01
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.