VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 24 of 41
  • CVE-2024-41631HigJul 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow vulnerability in host-host NEUQ_board v.1.0 allows a remote attacker to cause a denial of service via the password.h component.

  • CVE-2023-52729HigMay 4, 2024
    risk 0.49cvss 7.5epss 0.00

    TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error that causes a buffer overflow when trying to add '\0' to the end of long msg data. It can be exploited via crafted TCP packets.

  • CVE-2023-46566HigApr 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.

  • CVE-2023-43615HigOct 7, 2023
    risk 0.49cvss 7.5epss 0.01

    Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

  • CVE-2022-3786HigNov 1, 2022
    risk 0.49cvss 7.5epss 0.91

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue…

  • CVE-2022-3602HigNov 1, 2022
    risk 0.49cvss 7.5epss 0.90

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to…

  • CVE-2021-41499HigDec 17, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.

  • CVE-2021-36155HigJul 9, 2021
    risk 0.49cvss 7.5epss 0.02

    LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.

  • CVE-2020-36120HigApr 14, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).

  • CVE-2017-2876HigSep 19, 2018
    risk 0.49cvss 7.5epss 0.01

    An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.

  • CVE-2017-2878HigSep 19, 2018
    risk 0.49cvss 7.5epss 0.02

    An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker…

  • CVE-2018-1054HigMar 7, 2018
    risk 0.49cvss 7.5epss 0.05

    An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus…

  • CVE-2017-15134HigMar 1, 2018
    risk 0.49cvss 7.5epss 0.04

    A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially…

  • CVE-2017-2831HigJun 21, 2017
    risk 0.49cvss 7.5epss 0.03

    An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker…

  • CVE-2017-2830HigJun 21, 2017
    risk 0.49cvss 7.5epss 0.03

    An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker…

  • CVE-2017-6058HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN…

  • CVE-2025-71263HigMar 13, 2026
    risk 0.48cvss 7.4epss 0.00

    In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small…

  • CVE-2025-43520MedKEVDec 12, 2025
    risk 0.48cvss 5.5epss 0.00

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may…

  • CVE-2024-27619HigMar 29, 2024
    risk 0.48cvss 7.3epss 0.01

    Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which…

  • CVE-2016-9363HigFeb 13, 2017
    risk 0.48cvss 7.3epss 0.02

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…