VYPR

CWE-129

Improper Validation of Array Index

VariantDraftLikelihood: High

Description

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-100

CVEs mapped to this weakness (149)

page 4 of 8
  • CVE-2016-8815HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or…

  • CVE-2026-23246HigMar 18, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration link_id is taken from the ML Reconfiguration element (control & 0x000f), so it can be 0..15. link_removal_timeout[] has…

  • CVE-2026-45104HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any carrying — it assumes msSLDParseRule added one class. When the rule has no…

  • CVE-2026-32286HigMar 26, 2026
    risk 0.49cvss 7.5epss 0.00

    The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

  • CVE-2024-21522HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.

  • CVE-2018-17848HigOct 1, 2018
    risk 0.49cvss 7.5epss 0.03

    The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.

  • CVE-2017-5445HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9,…

  • CVE-2014-10044HigApr 18, 2018
    risk 0.49cvss 7.5epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and cause an array index to…

  • CVE-2017-8797HigJul 2, 2017
    risk 0.49cvss 7.5epss 0.09

    The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions.…

  • CVE-2026-24181HigJun 9, 2026
    risk 0.47cvss 7.3epss 0.00

    NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

  • CVE-2025-23278HigAug 2, 2025
    risk 0.46cvss 7.1epss 0.00

    NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering  or denial of service.

  • CVE-2017-16899HigNov 20, 2017
    risk 0.46cvss 7.1epss 0.01

    An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in…

  • CVE-2026-46163HigMay 28, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacy_rx() can exceed dev->max_nr_keys. The existing B43legacy_WARN_ON is…

  • CVE-2023-31309MedMay 15, 2026
    risk 0.44cvss epss 0.00

    Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability.

  • CVE-2026-31776HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daio_device_index() for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow…

  • CVE-2026-31764HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only The st_lsm6dsx_hwfifo_odr_store() function, which is called when userspace writes the buffer sampling frequency sysfs attribute, calls…

  • CVE-2026-31729HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsi_notify_common() The connector number extracted from CCI via UCSI_CCI_CONNECTOR() is a 7-bit field (0-127) that is used to index into the connector array in…

  • CVE-2026-23448HigApr 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: …

  • CVE-2026-23447HigApr 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdc_ncm_rx_verify_ndp32(). The DPE array size is validated against…

  • CVE-2026-23354HigMar 25, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fred_extint() array_index_nospec() is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory…