VYPR

CWE-805

Buffer Access with Incorrect Length Value

BaseIncompleteLikelihood: High

Description

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

When the length value exceeds the size of the destination, a buffer overflow could occur.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-100 · CAPEC-256

CVEs mapped to this weakness (21)

page 1 of 2
  • CVE-2025-20315HigSep 24, 2025
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition. This vulnerability is due to improper…

  • CVE-2026-12087CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both…

  • CVE-2025-63547HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field

  • CVE-2026-1837HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to…

  • CVE-2026-20033HigFeb 25, 2026
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation when processing specific Ethernet…

  • CVE-2026-20010HigFeb 25, 2026
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to…

  • CVE-2025-20191HigMay 7, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2023-5396HigApr 17, 2024
    risk 0.48cvss 7.4epss 0.01

    Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.

  • CVE-2025-36463HigNov 17, 2025
    risk 0.47cvss 7.3epss 0.00

    Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to…

  • CVE-2025-36462HigNov 17, 2025
    risk 0.47cvss 7.3epss 0.00

    Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to…

  • CVE-2025-36461HigNov 17, 2025
    risk 0.47cvss 7.3epss 0.00

    Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to…

  • CVE-2025-36460HigNov 17, 2025
    risk 0.47cvss 7.3epss 0.00

    Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to…

  • CVE-2024-37305HigJun 17, 2024
    risk 0.46cvss 8.2epss 0.00

    oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at…

  • CVE-2026-34002MedMay 5, 2026
    risk 0.40cvss 6.1epss 0.00

    A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its…

  • CVE-2025-20360MedOct 15, 2025
    risk 0.38cvss 5.8epss 0.00

    Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of…

  • CVE-2026-1767MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This…

  • CVE-2026-1766MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment)…

  • CVE-2026-6245MedApr 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit…

  • CVE-2026-0716MedJan 13, 2026
    risk 0.31cvss 4.8epss 0.00

    A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure…

  • CVE-2024-0131MedFeb 2, 2025
    risk 0.29cvss 4.4epss 0.00

    NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read  a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service.