Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-50667 1Trendnet 1Tew 820ap Firmware Jun 17, 2026 Nov 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which all...Show more The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks.Show less
CVE-2024-46952 2Artifex Debian 2Debian Linux Ghostscript Jun 17, 2026 Nov 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
CVE-2024-35426 1Lonelycoder 1Vmir Jun 17, 2026 Nov 8, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c.
CVE-2024-35422 1Lonelycoder 1Vmir Jun 17, 2026 Nov 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c.
CVE-2024-35420 1Kanaka 1Wac Jun 17, 2026 Nov 8, 2024 N/A· v4 6.2 MEDIUM· v3 N/A· v2 wac commit 385e1 was discovered to contain a heap overflow.
CVE-2024-35419 1Kanaka 1Wac Jun 17, 2026 Nov 8, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.
CVE-2024-35418 1Kanaka 1Wac Jun 17, 2026 Nov 8, 2024 N/A· v4 6.2 MEDIUM· v3 N/A· v2 wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.
CVE-2024-35410 1Kanaka 1Wac Jun 17, 2026 Nov 8, 2024 N/A· v4 6.2 MEDIUM· v3 N/A· v2 wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.
CVE-2024-10964 1Emqx 1Neuron Jun 17, 2026 Nov 7, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads...Show more A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handle_add_plugin in the library cmd.library of the file plugins/restful/plugin_handle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.Show less
CVE-2024-51409 1Tenda 1O3 Firmware Jun 17, 2026 Nov 6, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware.
CVE-2024-51116 1Tenda 1Ac6 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'.
CVE-2024-50131 1Linux 1Linux Kernel Jun 17, 2026 Nov 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length e...Show more In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it.Show less
CVE-2024-50090 1Linux 1Linux Kernel Jun 17, 2026 Nov 5, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is not a problem if batch...Show more In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at each call it appends a MI_BATCH_BUFFER_END, printing the warning below and then overflowing. [ 381.072016] ------------[ cut here ]------------ [ 381.072019] xe 0000:00:02.0: [drm] Assertion `bb->len * 4 + bb_prefetch(q->gt) <= size` failed! platform: LUNARLAKE subplatform: 1 graphics: Xe2_LPG / Xe2_HPG 20.04 step B0 media: Xe2_LPM / Xe2_HPM 20.00 step B0 tile: 0 VRAM 0 B GT: 0 type 1 So here checking if batch buffer already have MI_BATCH_BUFFER_END if not append it. v2: - simply fix, suggestion from Ashutosh (cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a)Show less
CVE-2024-52030 1Netgear 1R7000p Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST reque...Show more Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-52029 1Netgear 1R7000p Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST reques...Show more Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-52028 1Netgear 1R7000p Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-52026 1Netgear 3R6400v2 Firmware R7000p FirmwareXr300 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Ser...Show more Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-52025 1Netgear 3R6400v2 Firmware R7000p FirmwareXr300 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Se...Show more Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-52024 1Netgear 3R6400v2 Firmware R7000p FirmwareXr300 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Serv...Show more Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-52023 1Netgear 3R6400v2 Firmware R7000p FirmwareXr300 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Servic...Show more Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less

Previous 1...727374...212 Next