Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,226)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-24731 1Silabs 1Gecko Os Jun 17, 2026 Jan 31, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists w...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.Show less
CVE-2024-23973 1Silabs 1Gecko Os Jun 17, 2026 Jan 31, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.Show less
CVE-2024-23968 1Chargepoint 3Home Flex Hardwired Firmware Home Flex Nema 14 50 Plug FirmwareHome Flex Nema 6 50 Plug Firmware Jun 17, 2026 Jan 31, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The spec...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.Show less
CVE-2024-57513 - - Jun 17, 2026 Jan 29, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4.
CVE-2024-57510 - - Jun 17, 2026 Jan 29, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial.
CVE-2024-57509 - - Jun 17, 2026 Jan 29, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.
CVE-2024-57376 1Dlink 6Dsr 1000n Firmware Dsr 150 FirmwareDsr 150n Firmware+3 more Jun 17, 2026 Jan 28, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.
CVE-2024-40674 1Google 1Android Jun 17, 2026 Jan 28, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution pri...Show more In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-6351 - - Jun 17, 2026 Jan 28, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert
CVE-2024-0146 - - Jun 17, 2026 Jan 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service,...Show more NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.Show less
CVE-2025-24153 1Apple 1Macos Jun 17, 2026 Jan 27, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app with root privileges may be able to execute arbitrary code with kernel privileges.
CVE-2025-24131 1Apple 6Ipados Iphone OsMacos+3 more Jun 17, 2026 Jan 27, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker o...Show more The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.Show less
CVE-2024-48420 1Edimax 1Br 6476ac Firmware Jun 17, 2026 Jan 27, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.
CVE-2024-48416 1Edimax 1Br 6476ac Firmware Jun 17, 2026 Jan 27, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.
CVE-2024-39750 1Ibm 1Analytics Content Hub Jun 17, 2026 Jan 25, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the serve...Show more IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.Show less
CVE-2024-50697 1Sungrowpower 1Winet S Firmware Jun 17, 2026 Jan 24, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow.
CVE-2024-57184 1Gpac 1Gpac Jun 17, 2026 Jan 24, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 f...Show more An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.Show less
CVE-2022-47090 - - Jun 17, 2026 Jan 24, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns
CVE-2024-53379 - - Jun 17, 2026 Jan 23, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-S...Show more Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message.Show less
CVE-2024-55194 1Openimageio 1Openimageio Jun 17, 2026 Jan 23, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

Previous 1...636465...212 Next