VYPR

CWE-466

Return of Pointer Value Outside of Expected Range

BaseDraft

Description

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (6)

  • CVE-2024-33602HigMay 6, 2024
    risk 0.48cvss 7.4epss 0.00

    nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to…

  • CVE-2018-25234MedMar 30, 2026
    risk 0.40cvss 6.2epss 0.00

    SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to…

  • CVE-2018-25227MedMar 30, 2026
    risk 0.40cvss 6.2epss 0.00

    Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host…

  • CVE-2019-25599MedMar 22, 2026
    risk 0.40cvss 6.2epss 0.00

    Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to…

  • CVE-2019-25548MedMar 21, 2026
    risk 0.40cvss 6.2epss 0.00

    BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation…

  • CVE-2019-10356Jul 31, 2019
    risk 0.00cvss epss 0.03

    A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.