CWE-466
Return of Pointer Value Outside of Expected Range
Description
A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-33602 | Hig | 0.48 | 7.4 | 0.00 | May 6, 2024 | nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to… | ||
| CVE-2018-25234 | Med | 0.40 | 6.2 | 0.00 | Mar 30, 2026 | SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to… | ||
| CVE-2018-25227 | Med | 0.40 | 6.2 | 0.00 | Mar 30, 2026 | Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host… | ||
| CVE-2019-25599 | Med | 0.40 | 6.2 | 0.00 | Mar 22, 2026 | Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to… | ||
| CVE-2019-25548 | Med | 0.40 | 6.2 | 0.00 | Mar 21, 2026 | BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation… | ||
| CVE-2019-10356 | 0.00 | — | 0.03 | Jul 31, 2019 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. |
- risk 0.48cvss 7.4epss 0.00
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to…
- risk 0.40cvss 6.2epss 0.00
SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to…
- risk 0.40cvss 6.2epss 0.00
Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host…
- risk 0.40cvss 6.2epss 0.00
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to…
- risk 0.40cvss 6.2epss 0.00
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation…
- CVE-2019-10356Jul 31, 2019risk 0.00cvss —epss 0.03
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.