CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

CWE-787

Children

CWE-785

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (714)

page 29 of 36

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2011-3353	Linux Kernel	Med	0.29	5.5	0.00	May 24, 2012	Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
CVE-2026-39869	—	Med	0.28	4.3	0.00	May 11, 2026	The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously…
CVE-2024-6351	Silabs.com EmberZNet	Med	0.28	4.3	0.00	Jan 28, 2025	A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert
CVE-2024-6352	Silabs.com Ember ZNet stack	Med	0.28	4.3	0.00	Jan 13, 2025	A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert
CVE-2022-29974	Ami NTFS driver	Med	0.28	4.3	0.00	Dec 9, 2024	AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices.
CVE-2024-37571	Sas Broker	Med	0.28	4.3	0.00	Jun 26, 2024	Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter.
CVE-2024-28759	Windriver Vxworks	Med	0.28	4.3	0.00	May 14, 2024	A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09.
CVE-2026-24807	Liuyueyi Quick Media	Med	0.27	—	0.00	Jan 27, 2026	Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java. This issue…
CVE-2024-37816	Quectel Official EC25-EUX	Med	0.27	4.2	0.00	Nov 27, 2024	Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.
CVE-2022-4969	—	Med	0.27	5.3	0.00	May 27, 2024	A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer…
CVE-2023-42757	Sysinternals Process Explorer	Med	0.27	4.2	0.00	May 7, 2024	Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur through an issue in wcscat_s…
CVE-2026-10275	Openscad openscad	Med	0.26	5.0	0.00	Jun 1, 2026	A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The…
CVE-2026-0849	Zephyrproject Rtos Zephyr	Low	0.25	3.8	0.00	Mar 16, 2026	Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
CVE-2026-5404	Wireshark Wireshark	Med	0.24	4.7	0.00	May 1, 2026	K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-0056	Google ResourceTypes.cpp	Low	0.21	3.3	0.00	Jun 1, 2026	In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-6948	Dji Mavic 3 Pro	Low	0.20	3.0	0.00	Apr 2, 2024	A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf…
CVE-2025-43532	Apple Inc. macOS	Low	0.18	2.8	0.00	Dec 12, 2025	A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing malicious data…
CVE-2014-0195	OpenSSL Project OpenSSL		0.10	—	0.93	Jun 5, 2014	The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2012-2763	GIMP Gimp		0.10	—	0.89	Jul 12, 2012	Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
CVE-2009-3023	Microsoft Internet Information Server		0.09	—	0.78	Aug 31, 2009	Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and…

CVE-2011-3353MedMay 24, 2012
Linux
Kernel
risk 0.29cvss 5.5epss 0.00
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
CVE-2026-39869MedMay 11, 2026
risk 0.28cvss 4.3epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously…
CVE-2024-6351MedJan 28, 2025
Silabs.com
EmberZNet
risk 0.28cvss 4.3epss 0.00
A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert
CVE-2024-6352MedJan 13, 2025
Silabs.com
Ember ZNet stack
risk 0.28cvss 4.3epss 0.00
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert
CVE-2022-29974MedDec 9, 2024
Ami
NTFS driver
risk 0.28cvss 4.3epss 0.00
AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices.
CVE-2024-37571MedJun 26, 2024
Sas
Broker
risk 0.28cvss 4.3epss 0.00
Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter.
CVE-2024-28759MedMay 14, 2024
Windriver
Vxworks
risk 0.28cvss 4.3epss 0.00
A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09.
CVE-2026-24807MedJan 27, 2026
Liuyueyi
Quick Media
risk 0.27cvss —epss 0.00
Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java. This issue…
CVE-2024-37816MedNov 27, 2024
Quectel Official
EC25-EUX
risk 0.27cvss 4.2epss 0.00
Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.
CVE-2022-4969MedMay 27, 2024
risk 0.27cvss 5.3epss 0.00
A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer…
CVE-2023-42757MedMay 7, 2024
Sysinternals
Process Explorer
risk 0.27cvss 4.2epss 0.00
Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur through an issue in wcscat_s…
CVE-2026-10275MedJun 1, 2026
Openscad
openscad
risk 0.26cvss 5.0epss 0.00
A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The…
CVE-2026-0849LowMar 16, 2026
Zephyrproject Rtos
Zephyr
risk 0.25cvss 3.8epss 0.00
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
CVE-2026-5404MedMay 1, 2026
Wireshark
Wireshark
risk 0.24cvss 4.7epss 0.00
K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-0056LowJun 1, 2026
Google
ResourceTypes.cpp
risk 0.21cvss 3.3epss 0.00
In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-6948LowApr 2, 2024
Dji
Mavic 3 Pro
risk 0.20cvss 3.0epss 0.00
A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf…
CVE-2025-43532LowDec 12, 2025
Apple Inc.
macOS
risk 0.18cvss 2.8epss 0.00
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing malicious data…
CVE-2014-0195Jun 5, 2014
OpenSSL Project
OpenSSL
risk 0.10cvss —epss 0.93
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2012-2763Jul 12, 2012
GIMP
Gimp
risk 0.10cvss —epss 0.89
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
CVE-2009-3023Aug 31, 2009
Microsoft
Internet Information Server
risk 0.09cvss —epss 0.78
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and…