VYPR

CWE-1260

Improper Handling of Overlap Between Protected Memory Ranges

BaseStable

Description

The product allows address regions to overlap, which can result in the bypassing of intended memory protection.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-456 · CAPEC-679

CVEs mapped to this weakness (10)

  • CVE-2025-22889HigAug 12, 2025
    risk 0.51cvss 7.9epss 0.00

    Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2025-1937HigMar 4, 2025
    risk 0.49cvss 7.5epss 0.01

    Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.…

  • CVE-2025-0012MedFeb 10, 2026
    risk 0.44cvss epss 0.00

    Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality.

  • CVE-2018-25240MedApr 4, 2026
    risk 0.40cvss 6.2epss 0.00

    Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation…

  • CVE-2018-25238MedApr 4, 2026
    risk 0.40cvss 6.2epss 0.00

    VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can paste a buffer of 5000 characters into the search bar and navigate back to…

  • CVE-2019-25592MedMar 22, 2026
    risk 0.40cvss 6.2epss 0.00

    PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to…

  • CVE-2019-25572MedMar 21, 2026
    risk 0.40cvss 6.2epss 0.00

    NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an…

  • CVE-2025-29948MedFeb 10, 2026
    risk 0.38cvss epss 0.00

    Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.

  • CVE-2019-25602MedMar 22, 2026
    risk 0.36cvss 5.5epss 0.00

    GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result…

  • CVE-2019-25559MedMar 21, 2026
    risk 0.36cvss 5.5epss 0.00

    SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during…