VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 26 of 41
  • CVE-2025-40815HigNov 11, 2025
    risk 0.47cvss 7.2epss 0.00

    A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2)…

  • CVE-2022-23817HigAug 13, 2024
    risk 0.47cvss epss 0.00

    Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.

  • CVE-2023-38671HigJul 26, 2023
    risk 0.47cvss 8.3epss 0.01

    Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.

  • CVE-2017-2851HigJun 29, 2017
    risk 0.47cvss 7.2epss 0.02

    In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.

  • CVE-2026-42859HigMay 11, 2026
    risk 0.46cvss epss 0.01

    Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security…

  • CVE-2025-55131HigJan 20, 2026
    risk 0.46cvss 7.1epss 0.03

    A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like…

  • CVE-2025-24209HigMar 31, 2025
    risk 0.46cvss 7.0epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2024-37305HigJun 17, 2024
    risk 0.46cvss 8.2epss 0.00

    oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at…

  • CVE-2024-30165HigMay 28, 2024
    risk 0.46cvss 7.1epss 0.00

    Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.

  • CVE-2023-52309HigJan 3, 2024
    risk 0.46cvss 8.2epss 0.01

    Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.

  • CVE-2023-52307HigJan 3, 2024
    risk 0.46cvss 8.2epss 0.01

    Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

  • CVE-2023-52304HigJan 3, 2024
    risk 0.46cvss 8.2epss 0.01

    Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

  • CVE-2017-0614HigMay 12, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2017-0465HigMay 12, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…

  • CVE-2017-0327HigApr 5, 2017
    risk 0.46cvss 7.0epss 0.02

    An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0520HigMar 8, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product:…

  • CVE-2017-0442HigFeb 8, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0441HigFeb 8, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0440HigFeb 8, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-0439HigFeb 8, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…