CWE-787
Out-of-bounds Write
Description
The product writes data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (2,513)
page 115 of 126| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36206 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur. | ||
| CVE-2020-36207 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | ||
| CVE-2020-36208 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption. | ||
| CVE-2020-36211 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | ||
| CVE-2020-36215 | — | 0.00 | — | 0.01 | Jan 22, 2021 | An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur. | ||
| CVE-2020-36216 | — | 0.00 | — | 0.01 | Jan 22, 2021 | An issue was discovered in Input in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur. | ||
| CVE-2020-36217 | — | 0.00 | — | 0.01 | Jan 22, 2021 | An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur. | ||
| CVE-2020-36220 | — | 0.00 | — | 0.01 | Jan 22, 2021 | An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer omits a required T: Send bound, a data race and memory corruption can occur. | ||
| CVE-2021-25900 | — | 0.00 | — | 0.02 | Jan 22, 2021 | An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many. | ||
| CVE-2020-35654 | — | 0.00 | — | 0.02 | Jan 12, 2021 | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | ||
| CVE-2019-25001 | — | 0.00 | — | 0.01 | Dec 31, 2020 | An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. | ||
| CVE-2020-35858 | — | 0.00 | — | 0.03 | Dec 31, 2020 | An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM). | ||
| CVE-2020-35859 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption. | ||
| CVE-2020-35881 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x. | ||
| CVE-2020-35895 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion. | ||
| CVE-2020-35924 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex allows cross-thread sending of a non-Send type. | ||
| CVE-2020-17131 | 0.00 | — | 0.02 | Dec 9, 2020 | Chakra Scripting Engine Memory Corruption Vulnerability | |||
| CVE-2020-29367 | — | 0.00 | — | 0.01 | Nov 27, 2020 | blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. | ||
| CVE-2020-17054 | 0.00 | — | 0.02 | Nov 11, 2020 | Chakra Scripting Engine Memory Corruption Vulnerability | |||
| CVE-2020-17048 | 0.00 | — | 0.02 | Nov 11, 2020 | Chakra Scripting Engine Memory Corruption Vulnerability |
- CVE-2020-36206Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.
- CVE-2020-36207Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
- CVE-2020-36208Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.
- CVE-2020-36211Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
- CVE-2020-36215Jan 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.
- CVE-2020-36216Jan 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Input in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.
- CVE-2020-36217Jan 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur.
- CVE-2020-36220Jan 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer omits a required T: Send bound, a data race and memory corruption can occur.
- CVE-2021-25900Jan 22, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
- CVE-2020-35654Jan 12, 2021risk 0.00cvss —epss 0.02
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
- CVE-2019-25001Dec 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags.
- CVE-2020-35858Dec 31, 2020risk 0.00cvss —epss 0.03
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM).
- CVE-2020-35859Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption.
- CVE-2020-35881Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.
- CVE-2020-35895Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion.
- CVE-2020-35924Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex allows cross-thread sending of a non-Send type.
- CVE-2020-17131Dec 9, 2020risk 0.00cvss —epss 0.02
Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2020-29367Nov 27, 2020risk 0.00cvss —epss 0.01
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
- CVE-2020-17054Nov 11, 2020risk 0.00cvss —epss 0.02
Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2020-17048Nov 11, 2020risk 0.00cvss —epss 0.02
Chakra Scripting Engine Memory Corruption Vulnerability