VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 17 of 41
  • CVE-2024-0146HigJan 28, 2025
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.

  • CVE-2024-50131HigNov 5, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no…

  • CVE-2024-44218HigOct 28, 2024
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to heap corruption.

  • CVE-2024-49996HigOct 21, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from…

  • CVE-2024-0099HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of…

  • CVE-2023-52614HigMar 18, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are…

  • CVE-2024-23286HigMar 8, 2024
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing an image may lead…

  • CVE-2021-47107HigMar 4, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small (say, zero), then the buffer size calculation in the new init_dirlist helper functions results in an underflow,…

  • CVE-2021-43619HigMar 1, 2022
    risk 0.51cvss 7.8epss 0.00

    Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

  • CVE-2018-10637HigSep 13, 2018
    risk 0.51cvss 7.8epss 0.02

    A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.

  • CVE-2018-8343HigAug 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server…

  • CVE-2018-8342HigAug 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server…

  • CVE-2018-5840HigJun 6, 2018
    risk 0.51cvss 7.8epss 0.00

    Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2018-6233HigMay 25, 2018
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must…

  • CVE-2018-6232HigMay 25, 2018
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must…

  • CVE-2017-2840HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.

  • CVE-2018-1100HigApr 11, 2018
    risk 0.51cvss 7.8epss 0.01

    zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.

  • CVE-2017-17771HigMar 30, 2018
    risk 0.51cvss 7.8epss 0.00

    In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur.

  • CVE-2018-1083HigMar 28, 2018
    risk 0.51cvss 7.8epss 0.01

    Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse…

  • CVE-2017-11003HigJan 10, 2018
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size.