VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 21 of 41
  • CVE-2025-50644HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint.

  • CVE-2025-52222HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth,…

  • CVE-2025-45059HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-45058HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2025-45057HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-30075HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for…

  • CVE-2019-25354HigFeb 18, 2026
    risk 0.49cvss 7.5epss 0.00

    iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS…

  • CVE-2019-25353HigFeb 18, 2026
    risk 0.49cvss 7.5epss 0.00

    Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash…

  • CVE-2019-25349HigFeb 18, 2026
    risk 0.49cvss 7.5epss 0.00

    ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.

  • CVE-2020-37215HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the…

  • CVE-2020-37213HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application…

  • CVE-2020-37203HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an…

  • CVE-2020-37202HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an…

  • CVE-2020-37195HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.

  • CVE-2020-37194HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an…

  • CVE-2020-37193HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when…

  • CVE-2020-37191HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and…

  • CVE-2020-37190HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input…

  • CVE-2020-37189HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.

  • CVE-2020-37188HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become…