CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Description
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92
CVEs mapped to this weakness (743)
page 35 of 38| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29575 | 0.00 | — | 0.00 | May 14, 2021 | TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.ReverseSequence` allows for stack overflow and/or `CHECK`-fail based denial of service. The implementation(https://github.com/tensorflow/tensorflow/blob/5b3b071975e01f0d250c92… | |||
| CVE-2021-29540 | 0.00 | — | 0.00 | May 14, 2021 | TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in `Conv2DBackpropFilter`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensor… | |||
| CVE-2021-29512 | 0.00 | — | 0.00 | May 14, 2021 | TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow.… | |||
| CVE-2020-26759 | — | 0.00 | — | 0.03 | Jan 6, 2021 | clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow. | ||
| CVE-2020-35887 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut. | ||
| CVE-2020-8927 | — | 0.00 | — | 0.00 | Sep 15, 2020 | A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to… | ||
| CVE-2020-8215 | 0.00 | — | 0.02 | Jul 20, 2020 | A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. | |||
| CVE-2020-10379 | — | 0.00 | — | 0.00 | Jun 25, 2020 | In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. | ||
| CVE-2019-5064 | 0.00 | — | 0.03 | Jan 3, 2020 | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker… | |||
| CVE-2020-5311 | — | 0.00 | — | 0.01 | Jan 3, 2020 | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | ||
| CVE-2020-5312 | — | 0.00 | — | 0.02 | Jan 3, 2020 | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | ||
| CVE-2015-8126 | 0.00 | — | 0.05 | Nov 13, 2015 | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application… | |||
| CVE-2015-6692 | 0.00 | — | 0.02 | Oct 14, 2015 | Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive… | |||
| CVE-2015-5093 | 0.00 | — | 0.04 | Jul 15, 2015 | Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code… | |||
| CVE-2015-3717 | 0.00 | — | 0.02 | Jul 3, 2015 | Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2015-0982 | 0.00 | — | 0.06 | Mar 14, 2015 | Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-3554 | 0.00 | — | 0.01 | Jul 31, 2014 | Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement. | |||
| CVE-2014-0049 | 0.00 | — | 0.00 | Mar 11, 2014 | Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data. | |||
| CVE-2013-4344 | 0.00 | — | 0.00 | Oct 4, 2013 | Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. | |||
| CVE-2013-0894 | 0.00 | — | 0.00 | Feb 23, 2013 | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote… |
- CVE-2021-29575May 14, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.ReverseSequence` allows for stack overflow and/or `CHECK`-fail based denial of service. The implementation(https://github.com/tensorflow/tensorflow/blob/5b3b071975e01f0d250c92…
- CVE-2021-29540May 14, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in `Conv2DBackpropFilter`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensor…
- CVE-2021-29512May 14, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow.…
- CVE-2020-26759Jan 6, 2021risk 0.00cvss —epss 0.03
clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
- CVE-2020-35887Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut.
- CVE-2020-8927Sep 15, 2020risk 0.00cvss —epss 0.00
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to…
- CVE-2020-8215Jul 20, 2020risk 0.00cvss —epss 0.02
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
- CVE-2020-10379Jun 25, 2020risk 0.00cvss —epss 0.00
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
- CVE-2019-5064Jan 3, 2020risk 0.00cvss —epss 0.03
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker…
- CVE-2020-5311Jan 3, 2020risk 0.00cvss —epss 0.01
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
- CVE-2020-5312Jan 3, 2020risk 0.00cvss —epss 0.02
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
- CVE-2015-8126Nov 13, 2015risk 0.00cvss —epss 0.05
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application…
- CVE-2015-6692Oct 14, 2015risk 0.00cvss —epss 0.02
Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive…
- CVE-2015-5093Jul 15, 2015risk 0.00cvss —epss 0.04
Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code…
- CVE-2015-3717Jul 3, 2015risk 0.00cvss —epss 0.02
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2015-0982Mar 14, 2015risk 0.00cvss —epss 0.06
Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2014-3554Jul 31, 2014risk 0.00cvss —epss 0.01
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.
- CVE-2014-0049Mar 11, 2014risk 0.00cvss —epss 0.00
Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.
- CVE-2013-4344Oct 4, 2013risk 0.00cvss —epss 0.00
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
- CVE-2013-0894Feb 23, 2013risk 0.00cvss —epss 0.00
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote…