VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 20 of 41
  • CVE-2026-28959HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause…

  • CVE-2026-28925HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination or write kernel memory.

  • CVE-2018-25294HigApr 26, 2026
    risk 0.49cvss 7.5epss 0.00

    CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service…

  • CVE-2025-50673HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint.

  • CVE-2025-50672HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_dlink.asp endpoint.

  • CVE-2025-50670HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters.

  • CVE-2025-50669HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wan_ping parameter in the /wan_ping.asp endpoint.

  • CVE-2025-50668HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /web_list_opt.asp endpoint.

  • CVE-2025-50667HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the iface parameter in the /wan_line_detection.asp endpoint.

  • CVE-2025-50666HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and…

  • CVE-2025-50665HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and mem_utf8…

  • CVE-2025-50654HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.

  • CVE-2025-50653HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint.

  • CVE-2025-50652HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint.

  • CVE-2025-50650HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.

  • CVE-2025-50649HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint.

  • CVE-2025-50648HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.

  • CVE-2025-50647HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint.

  • CVE-2025-50646HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint.

  • CVE-2025-50645HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger…