VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 15 of 41
  • CVE-2020-37049HigJan 30, 2026
    risk 0.55cvss 8.4epss 0.00

    Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a…

  • CVE-2020-37042HigJan 30, 2026
    risk 0.55cvss 8.4epss 0.00

    Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow,…

  • CVE-2020-37040HigJan 30, 2026
    risk 0.55cvss 8.4epss 0.00

    Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field…

  • CVE-2020-37036HigJan 30, 2026
    risk 0.55cvss 8.4epss 0.00

    RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute…

  • CVE-2020-37029HigJan 30, 2026
    risk 0.55cvss 8.4epss 0.00

    FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite…

  • CVE-2020-37028HigJan 30, 2026
    risk 0.55cvss 8.4epss 0.00

    Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a…

  • CVE-2020-37025HigJan 30, 2026
    risk 0.55cvss 8.4epss 0.00

    Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to potentially execute…

  • CVE-2020-37024HigJan 30, 2026
    risk 0.55cvss 8.4epss 0.00

    Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer…

  • CVE-2024-53589HigDec 5, 2024
    risk 0.55cvss 8.4epss 0.00

    GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.

  • CVE-2009-2502HigOct 14, 2009
    risk 0.54cvss 8.1epss 0.22

    Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003…

  • CVE-2026-12328HigJun 16, 2026
    risk 0.53cvss 8.1epss 0.00

    Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary…

  • CVE-2025-14310CriDec 9, 2025
    risk 0.53cvss epss 0.00

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.

  • CVE-2025-31701HigJul 23, 2025
    risk 0.53cvss 8.1epss 0.01

    A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed…

  • CVE-2025-31700HigJul 23, 2025
    risk 0.53cvss 8.1epss 0.01

    A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed…

  • CVE-2024-42040HigAug 23, 2024
    risk 0.53cvss 8.1epss 0.01

    Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on…

  • CVE-2024-39207HigJun 27, 2024
    risk 0.53cvss 8.2epss 0.01

    lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.

  • CVE-2024-5564HigMay 31, 2024
    risk 0.53cvss 8.1epss 0.01

    A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

  • CVE-2024-37017HigMay 31, 2024
    risk 0.53cvss 8.1epss 0.01

    asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so.

  • CVE-2024-22472HigMay 7, 2024
    risk 0.53cvss 8.1epss 0.01

    A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.

  • CVE-2024-1969HigApr 29, 2024
    risk 0.53cvss 8.2epss 0.00

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Secomea GateManager (webserver modules) allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033.