Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,226)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25529 - - Jun 17, 2026 Feb 11, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length verification, which is related to the configuration of static NAT rules. Attackers who successfully exploit this vulnerabili...Show more Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length verification, which is related to the configuration of static NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.Show less
CVE-2025-25528 1Wavlink 1Wl Wn575a3 Firmware Jun 17, 2026 Feb 11, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can...Show more Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices or execute arbitrary commands without any authorization verification.Show less
CVE-2025-25527 1Ruijie 1Rg Nbr2600s Firmware Jun 17, 2026 Feb 11, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vu...Show more Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.Show less
CVE-2025-25526 - - Jun 17, 2026 Feb 11, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 due to the lack of length verification, which is related to the configuration of the PPTP server. Attackers who successfully exploit this vulnerability can ca...Show more Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 due to the lack of length verification, which is related to the configuration of the PPTP server. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.Show less
CVE-2025-25525 - - Jun 17, 2026 Feb 11, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules. Attackers who successfully exploit this vulnerability...Show more Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.Show less
CVE-2025-25524 1Totolink 1X6000r Firmware Jun 17, 2026 Feb 11, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this v...Show more Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.Show less
CVE-2025-25523 1Trendnet 1Teg 40128 Firmware Jun 17, 2026 Feb 11, 2025 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the...Show more Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability.Show less
CVE-2025-25522 1Linksys 1Wap610n Firmware Jun 17, 2026 Feb 11, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target device by successfu...Show more Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability.Show less
CVE-2025-24956 1Siemens 1Openv2g Jun 17, 2026 Feb 11, 2025 6.9 MEDIUM· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that...Show more A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.Show less
CVE-2024-46431 1Tenda 1W18e Firmware Jun 17, 2026 Feb 10, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.
CVE-2025-1147 1Gnu 1Binutils Jun 17, 2026 Feb 10, 2025 2.3 LOW· v4 5.3 MEDIUM· v3 2.6 LOW· v2 A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulati...Show more A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-35106 - - Jun 17, 2026 Feb 7, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a craft...Show more NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request.Show less
CVE-2025-0303 1Openatom 1Openharmony Jun 17, 2026 Feb 7, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.
CVE-2024-57392 - - Jun 17, 2026 Feb 6, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFT...Show more Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.Show less
CVE-2025-23236 1Hummingheads 1Defense Platform Jun 17, 2026 Feb 6, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obt...Show more Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained.Show less
CVE-2025-23412 1F5 1Big Ip Access Policy Manager Jun 17, 2026 Feb 5, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-0725 2Haxx Netapp 8Curl Hci Baseboard Management ControllerHci H610c Firmware+5 more Jun 17, 2026 Feb 5, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would ma...Show more When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.Show less
CVE-2025-0960 - - Jun 17, 2026 Feb 4, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution...Show more AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.Show less
CVE-2024-53320 - - Jun 17, 2026 Jan 31, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions.
CVE-2024-53319 - - Jun 17, 2026 Jan 31, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows attackers to cause Denial of Service (DoS) via escaping special XML characters.

Previous 1...626364...212 Next