CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

CWE-119

Children

CVEs mapped to this weakness (1,906)

page 77 of 96

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2023-34614	—	—	0.00	Jun 14, 2023	An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34620	hjson hjson-java	—	0.00	Jun 14, 2023	An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34617	—	—	0.00	Jun 14, 2023	An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-35110	—	—	0.00	Jun 14, 2023	An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-33546	—	—	0.00	Jun 1, 2023	Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE:…
CVE-2023-2798	Htmlunit Htmlunit	—	0.00	May 25, 2023	Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of…
CVE-2023-32981	Jenkins Project Jenkins Jira Pipeline Steps Plugin	—	0.04	May 16, 2023	An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
CVE-2023-31146	Vyperlang Vyper	—	0.00	May 11, 2023	Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and…
CVE-2023-25671	Nbsdx Tensorflow	—	0.00	Mar 24, 2023	TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
CVE-2023-28445	Denoland Deno	—	0.01	Mar 23, 2023	Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in…
CVE-2023-26489	Bytecodealliance Wasmtime	—	0.02	Mar 8, 2023	wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective…
CVE-2023-26470	Cryptpad Xwiki Platform	—	0.01	Mar 2, 2023	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). Most of the time this will fill the memory allocated to XWiki and…
CVE-2014-125026	Cloudflare Github.com/cloudflare/golz4	—	0.01	Dec 27, 2022	LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
CVE-2022-45685	—	—	0.00	Dec 13, 2022	A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
CVE-2022-45688	—	—	0.01	Dec 13, 2022	A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CVE-2022-45693	—	—	0.00	Dec 13, 2022	Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-41902	Nbsdx Tensorflow	—	0.00	Dec 6, 2022	TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is…
CVE-2022-41900	Nbsdx Tensorflow	—	0.01	Nov 18, 2022	TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading…
CVE-2022-43171	—	—	0.00	Nov 17, 2022	A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.
CVE-2022-41854	SnakeYAML SnakeYAML	—	0.00	Nov 11, 2022	Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of…

CVE-2023-34614Jun 14, 2023
risk 0.00cvss —epss 0.00
An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34620Jun 14, 2023
hjson
hjson-java
risk 0.00cvss —epss 0.00
An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34617Jun 14, 2023
risk 0.00cvss —epss 0.00
An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-35110Jun 14, 2023
risk 0.00cvss —epss 0.00
An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-33546Jun 1, 2023
risk 0.00cvss —epss 0.00
Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE:…
CVE-2023-2798May 25, 2023
Htmlunit
Htmlunit
risk 0.00cvss —epss 0.00
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of…
CVE-2023-32981May 16, 2023
Jenkins Project
Jenkins Jira Pipeline Steps Plugin
risk 0.00cvss —epss 0.04
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
CVE-2023-31146May 11, 2023
Vyperlang
Vyper
risk 0.00cvss —epss 0.00
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and…
CVE-2023-25671Mar 24, 2023
Nbsdx
Tensorflow
risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
CVE-2023-28445Mar 23, 2023
Denoland
Deno
risk 0.00cvss —epss 0.01
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in…
CVE-2023-26489Mar 8, 2023
Bytecodealliance
Wasmtime
risk 0.00cvss —epss 0.02
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective…
CVE-2023-26470Mar 2, 2023
Cryptpad
Xwiki Platform
risk 0.00cvss —epss 0.01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). Most of the time this will fill the memory allocated to XWiki and…
CVE-2014-125026Dec 27, 2022
Cloudflare
Github.com/cloudflare/golz4
risk 0.00cvss —epss 0.01
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
CVE-2022-45685Dec 13, 2022
risk 0.00cvss —epss 0.00
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
CVE-2022-45688Dec 13, 2022
risk 0.00cvss —epss 0.01
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CVE-2022-45693Dec 13, 2022
risk 0.00cvss —epss 0.00
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-41902Dec 6, 2022
Nbsdx
Tensorflow
risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is…
CVE-2022-41900Nov 18, 2022
Nbsdx
Tensorflow
risk 0.00cvss —epss 0.01
TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading…
CVE-2022-43171Nov 17, 2022
risk 0.00cvss —epss 0.00
A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.
CVE-2022-41854Nov 11, 2022
SnakeYAML
SnakeYAML
risk 0.00cvss —epss 0.00
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of…