VYPR

CWE-131

Incorrect Calculation of Buffer Size

BaseDraftLikelihood: High

Description

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-100 · CAPEC-47

CVEs mapped to this weakness (71)

page 2 of 4
  • CVE-2017-0715HigAug 9, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372.

  • CVE-2004-0747HigOct 20, 2004
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

  • CVE-2026-20049HigMar 4, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an…

  • CVE-2022-43945HigNov 4, 2022
    risk 0.50cvss 7.5epss 0.21

    The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client…

  • CVE-2001-0334HigJun 27, 2001
    risk 0.50cvss 7.5epss 0.15

    FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

  • CVE-2026-40618HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled, undisclosed traffic can cause the Traffic Management…

  • CVE-2024-11425HigJan 17, 2025
    risk 0.49cvss 7.5epss 0.01

    CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.

  • CVE-2024-8361HigJan 7, 2025
    risk 0.49cvss 7.5epss 0.00

    In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If…

  • CVE-2024-5000HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

  • CVE-2018-1000224HigAug 20, 2018
    risk 0.49cvss 7.5epss 0.04

    Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can…

  • CVE-2017-0569HigApr 7, 2017
    risk 0.49cvss 7.0epss 0.08

    An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…

  • CVE-2002-0184HigMay 16, 2002
    risk 0.47cvss 7.8epss 0.01

    Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

  • CVE-2017-0620HigMay 12, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process.…

  • CVE-2025-46723HigMay 2, 2025
    risk 0.44cvss epss 0.00

    OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of…

  • CVE-2018-14618HigSep 5, 2018
    risk 0.43cvss 7.5epss 0.11

    curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length…

  • CVE-2026-29645HigApr 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings…

  • CVE-2026-33986HigMar 30, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns…

  • CVE-2026-33984HigMar 30, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels…

  • CVE-2025-0395MedJan 22, 2025
    risk 0.40cvss 6.2epss 0.00

    When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

  • CVE-2026-33987HigMar 30, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData…