CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
BaseIncompleteLikelihood: High
Description
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92
CVEs mapped to this weakness (520)
page 1 of 26| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-10174 | Cri | 0.86 | 9.8 | 0.91 | KEV | Jan 30, 2017 | The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. |
| CVE-2017-6862 | Cri | 0.79 | 9.8 | 0.43 | KEV | May 26, 2017 | NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261. |
| CVE-2017-7269 | Cri | 0.79 | 9.8 | 0.94 | KEV | Mar 27, 2017 | Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. |
| CVE-2016-6366 | Hig | 0.79 | 8.8 | 0.91 | KEV | Aug 18, 2016 | Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON. |
| CVE-2016-0099 | Hig | 0.79 | 7.8 | 0.90 | KEV | Mar 9, 2016 | The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability." |
| CVE-2006-2492 | Hig | 0.76 | 8.8 | 0.79 | KEV | May 20, 2006 | Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. |
| CVE-2010-10016 | Cri | 0.73 | — | 0.59 | Aug 30, 2025 | BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client. | |
| CVE-2007-5659 | Hig | 0.73 | 7.8 | 0.93 | KEV | Feb 12, 2008 | Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. |
| CVE-2012-10035 | Cri | 0.72 | — | 0.53 | Aug 5, 2025 | Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges. | |
| CVE-2013-1331 | Hig | 0.70 | 7.8 | 0.89 | KEV | Jun 12, 2013 | Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." |
| CVE-2013-0641 | Hig | 0.70 | 7.8 | 0.88 | KEV | Feb 14, 2013 | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. |
| CVE-2010-2572 | Hig | 0.69 | 7.8 | 0.75 | KEV | Nov 10, 2010 | Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability." |
| CVE-2024-29671 | Cri | 0.68 | 9.8 | 0.55 | Dec 16, 2024 | Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. | |
| CVE-2010-1205 | Cri | 0.68 | 9.8 | 0.15 | Jun 30, 2010 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | |
| CVE-2026-32746 | Cri | 0.67 | 9.8 | 0.05 | Mar 13, 2026 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | |
| CVE-2009-0182 | Hig | 0.67 | 8.8 | 0.79 | Jan 20, 2009 | Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line. | |
| CVE-2004-0210 | Hig | 0.66 | 7.8 | 0.07 | KEV | Aug 6, 2004 | The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. |
| CVE-2026-4689 | Cri | 0.65 | 10.0 | 0.00 | Mar 24, 2026 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | |
| CVE-2026-24823 | Cri | 0.65 | — | 0.00 | Jan 27, 2026 | Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7. | |
| CVE-2026-24810 | Cri | 0.65 | — | 0.00 | Jan 27, 2026 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb (src/cjson modules). This vulnerability is associated with program files cJSON.Cc. This issue affects rethinkdb: through v2.4.4. |