VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 22 of 41
  • CVE-2020-37187HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.

  • CVE-2020-37185HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application…

  • CVE-2020-37180HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.

  • CVE-2020-37179HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an…

  • CVE-2020-37175HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.

  • CVE-2020-37155HigFeb 7, 2026
    risk 0.49cvss 7.5epss 0.00

    Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without…

  • CVE-2020-37109HigFeb 7, 2026
    risk 0.49cvss 7.5epss 0.00

    aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an…

  • CVE-2020-37107HigFeb 7, 2026
    risk 0.49cvss 7.5epss 0.00

    Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the…

  • CVE-2020-37130HigFeb 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the…

  • CVE-2020-36995HigJan 29, 2026
    risk 0.49cvss 7.5epss 0.00

    Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash…

  • CVE-2021-47815HigJan 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash.

  • CVE-2021-47813HigJan 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key field to trigger…

  • CVE-2021-47797HigJan 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application…

  • CVE-2025-9558HigNov 26, 2025
    risk 0.49cvss 7.6epss 0.00

    There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. The full length of the received data is copied into the link.rx.buf receiver buffer without any validation on the data size.

  • CVE-2025-9557HigNov 26, 2025
    risk 0.49cvss 7.6epss 0.00

    ‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬

  • CVE-2025-7345HigJul 8, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing…

  • CVE-2025-44879HigMay 14, 2025
    risk 0.49cvss 7.5epss 0.00

    WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2025-3496HigMay 12, 2025
    risk 0.49cvss 7.5epss 0.00

    An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface.

  • CVE-2025-3194HigApr 4, 2025
    risk 0.49cvss 7.5epss 0.01

    Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

  • CVE-2024-57392HigFeb 6, 2025
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.