VYPR

CWE-131

Incorrect Calculation of Buffer Size

BaseDraftLikelihood: High

Description

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-100 · CAPEC-47

CVEs mapped to this weakness (71)

page 1 of 4
  • CVE-2005-3120CriOct 17, 2005
    risk 0.69cvss 9.8epss 0.23

    Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

  • CVE-2005-2103CriAug 16, 2005
    risk 0.68cvss 9.8epss 0.16

    Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.

  • CVE-2003-0899CriNov 3, 2003
    risk 0.68cvss 9.8epss 0.22

    Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.

  • CVE-2008-0599CriMay 5, 2008
    risk 0.65cvss 9.8epss 0.11

    The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

  • CVE-2001-0249CriJun 18, 2001
    risk 0.65cvss 9.8epss 0.20

    Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

  • CVE-2001-0248CriJun 18, 2001
    risk 0.65cvss 9.8epss 0.11

    Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

  • CVE-2026-1949CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

  • CVE-2026-20911CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.00

    A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2004-1363CriAug 4, 2004
    risk 0.64cvss 9.8epss 0.09

    Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

  • CVE-2004-0434CriJul 7, 2004
    risk 0.64cvss 9.8epss 0.07

    k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.

  • CVE-2002-1347CriDec 18, 2002
    risk 0.64cvss 9.8epss 0.07

    Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication…

  • CVE-2026-41197CriApr 23, 2026
    risk 0.60cvss epss 0.00

    Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig…

  • CVE-2023-50736CriFeb 28, 2024
    risk 0.59cvss 9.0epss 0.01

    A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

  • CVE-2005-0490HigMay 2, 2005
    risk 0.58cvss 8.8epss 0.06

    Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the…

  • CVE-2026-49841CriJun 9, 2026
    risk 0.57cvss 9.8epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a…

  • CVE-2026-41676CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x,…

  • CVE-2026-27820CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.01

    zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously…

  • CVE-2004-0940HigFeb 9, 2005
    risk 0.54cvss 7.8epss 0.05

    Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

  • CVE-2017-0166HigApr 12, 2017
    risk 0.53cvss 8.1epss 0.06

    An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain…

  • CVE-2017-13289HigApr 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed.…