VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 11 of 41
  • CVE-2026-5981HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched…

  • CVE-2026-5980HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated…

  • CVE-2026-5979HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can…

  • CVE-2026-5567HigApr 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be…

  • CVE-2026-5566HigApr 5, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The…

  • CVE-2026-34875CriApr 1, 2026
    risk 0.57cvss 9.8epss 0.00

    An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.

  • CVE-2026-5279HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-4976HigMar 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launched remotely. The exploit has…

  • CVE-2026-4862HigMar 26, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer…

  • CVE-2026-4565HigMar 23, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and…

  • CVE-2026-4488HigMar 20, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is…

  • CVE-2026-4487HigMar 20, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may…

  • CVE-2026-4318HigMar 17, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been…

  • CVE-2026-22627HigMar 10, 2026
    risk 0.57cvss 8.8epss 0.00

    A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a…

  • CVE-2025-12345HigMar 3, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to…

  • CVE-2025-14196HigDec 7, 2025
    risk 0.57cvss 8.8epss 0.00

    A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made…

  • CVE-2025-66287HigDec 4, 2025
    risk 0.57cvss 8.8epss 0.00

    A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

  • CVE-2025-65102HigNov 21, 2025
    risk 0.57cvss epss 0.00

    PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who…

  • CVE-2025-36553HigNov 17, 2025
    risk 0.57cvss 8.8epss 0.00

    A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger…

  • CVE-2025-32089HigNov 17, 2025
    risk 0.57cvss 8.8epss 0.00

    A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call…