CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
BaseIncompleteLikelihood: High
Description
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92
CVEs mapped to this weakness (599)
page 24 of 30| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-43312 | Med | 0.36 | 5.5 | 0.00 | Sep 15, 2025 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause unexpected system termination. | |
| CVE-2025-29476 | Med | 0.36 | 5.5 | 0.00 | Apr 4, 2025 | Buffer Overflow vulnerability in compress_chunk_fuzzer with oss-fuzz on commit 16450518afddcb3139de627157208e49bfef6987 in c-blosc2 v.2.17.0 and before. | |
| CVE-2025-24157 | Med | 0.36 | 5.6 | 0.00 | Mar 31, 2025 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory. | |
| CVE-2024-44234 | Med | 0.36 | 5.5 | 0.00 | Nov 1, 2024 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination. | |
| CVE-2024-44233 | Med | 0.36 | 5.5 | 0.00 | Nov 1, 2024 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination. | |
| CVE-2024-44232 | Med | 0.36 | 5.5 | 0.00 | Nov 1, 2024 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination. | |
| CVE-2024-44144 | Med | 0.36 | 5.5 | 0.00 | Oct 28, 2024 | A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination. | |
| CVE-2024-31007 | Med | 0.36 | 5.5 | 0.00 | Oct 21, 2024 | Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll. | |
| CVE-2024-44160 | Med | 0.36 | 5.5 | 0.00 | Sep 17, 2024 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. Processing a maliciously crafted texture may lead to unexpected app termination. | |
| CVE-2024-26889 | Med | 0.36 | 5.5 | 0.00 | Apr 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy. | |
| CVE-2022-30552 | Med | 0.36 | 5.5 | 0.00 | Jun 8, 2022 | Das U-Boot 2022.01 has a Buffer Overflow. | |
| CVE-2016-10066 | Med | 0.36 | 5.5 | 0.00 | Mar 3, 2017 | Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file. | |
| CVE-2008-3275 | Med | 0.36 | 5.5 | 0.00 | Aug 12, 2008 | The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. | |
| CVE-2025-25280 | Med | 0.35 | 5.3 | 0.01 | Mar 3, 2025 | Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request. | |
| CVE-2024-24450 | Med | 0.35 | 5.3 | 0.11 | Nov 15, 2024 | Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource Setup Response with a suffciently large FailedToSetupList IE. | |
| CVE-2026-24799 | Med | 0.34 | — | 0.00 | Jan 27, 2026 | Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in davisking dlib (dlib/external/zlib modules). This vulnerability is associated with program files inflate.C. This issue affects dlib: before v19.24.9. | |
| CVE-2026-1110 | Med | 0.34 | 5.3 | 0.00 | Jan 18, 2026 | A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2026-1109 | Med | 0.34 | 5.3 | 0.00 | Jan 18, 2026 | A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. Attacking locally is a requirement. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2026-1108 | Med | 0.34 | 5.3 | 0.00 | Jan 18, 2026 | A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsp_rely_dumps. The manipulation leads to buffer overflow. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-41707 | Med | 0.34 | 5.3 | 0.00 | Oct 14, 2025 | The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality. |