VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 4 of 41
  • CVE-2025-5408CriJun 1, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request…

  • CVE-2025-24266CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

  • CVE-2025-24237CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination.

  • CVE-2023-46271CriFeb 19, 2025
    risk 0.64cvss 9.8epss 0.01

    Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on TCP port 3009 by default.

  • CVE-2025-25530CriFeb 11, 2025
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information. Attackers who successfully exploit this vulnerability can cause the remote target device to…

  • CVE-2025-0960CriFeb 4, 2025
    risk 0.64cvss 9.8epss 0.01

    AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.

  • CVE-2024-53320CriJan 31, 2025
    risk 0.64cvss 9.8epss 0.00

    Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions.

  • CVE-2024-55564CriDec 9, 2024
    risk 0.64cvss 9.8epss 0.00

    The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.

  • CVE-2024-37863CriDec 5, 2024
    risk 0.64cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.

  • CVE-2024-37861CriDec 5, 2024
    risk 0.64cvss 9.8epss 0.01

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.

  • CVE-2024-48406CriNov 29, 2024
    risk 0.64cvss 9.8epss 0.01

    Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c.

  • CVE-2024-45746CriOct 9, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument list contains a buffer…

  • CVE-2024-40568CriSep 18, 2024
    risk 0.64cvss 9.8epss 0.01

    Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component

  • CVE-2024-41660CriJul 31, 2024
    risk 0.64cvss 9.8epss 0.01

    slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the…

  • CVE-2024-4143CriJul 15, 2024
    risk 0.64cvss 9.8epss 0.01

    A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. AMI has released firmware updates to mitigate this vulnerability.

  • CVE-2024-33278CriJun 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field.

  • CVE-2022-32504CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on certain Nuki Home Solutions devices. The code used to parse the JSON objects received from the WebSocket service provided by the device leads to a stack buffer overflow. An attacker would be able to exploit this to gain arbitrary code execution on a…

  • CVE-2024-3871CriApr 16, 2024
    risk 0.64cvss 9.8epss 0.02

    The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote…

  • CVE-2023-45199CriOct 7, 2023
    risk 0.64cvss 9.8epss 0.01

    Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

  • CVE-2017-16347CriAug 2, 2018
    risk 0.64cvss 9.9epss 0.01

    An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the…