Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-45619 2Opensc Project Redhat 2Enterprise Linux Opensc Jun 25, 2026 Sep 3, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs....Show more A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.Show less
CVE-2024-41433 1Pingcap 1Tidb Jun 17, 2026 Sep 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. NOTE: PingCA...Show more PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. NOTE: PingCAP maintains that the actual reproduction of this issue did not cause the security impact of service interruption to other users. They argue that this is a complex query bug and not a DoS vulnerability.Show less
CVE-2024-41436 1Clickhouse 1Clickhouse Jun 17, 2026 Sep 3, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.
CVE-2024-41435 1Yugabyte 1Yugabytedb Jun 17, 2026 Sep 3, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.
CVE-2024-6343 1Zyxel 1Zld Jun 17, 2026 Sep 3, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from...Show more A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.Show less
CVE-2024-5412 1Zyxel 50Ax7501 B0 Firmware Ax7501 B1 FirmwareDx3300 T0 Firmware+47 more Jun 17, 2026 Sep 3, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafte...Show more A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.Show less
CVE-2024-33054 1Qualcomm 32Fastconnect 6700 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+29 more Jun 17, 2026 Sep 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.
CVE-2024-33052 1Qualcomm 197205 Mobile Firmware 215 Mobile FirmwareApq8017 Firmware+194 more Jun 17, 2026 Sep 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when user provides data for FM HCI command control operations.
CVE-2024-33042 1Qualcomm 196205 Firmware 215 FirmwareApq8017 Firmware+193 more Jun 17, 2026 Sep 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when Alternative Frequency offset value is set to 255.
CVE-2024-43700 1Philiphazel 1Xfpt Jun 17, 2026 Aug 29, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a speci...Show more xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.Show less
CVE-2024-8198 1Google 1Chrome Jun 17, 2026 Aug 28, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security...Show more Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2024-34198 1Totolink 1A3002ru Firmware Jun 17, 2026 Aug 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allo...Show more TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks.Show less
CVE-2024-41176 1Beckhoff 2Mdp Package Twincat/bsd Jun 17, 2026 Aug 27, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP...Show more The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request.Show less
CVE-2024-44555 1Tenda 1Ax1806 Firmware Jun 17, 2026 Aug 26, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.
CVE-2024-41285 1Fastcom 1Fw300r Firmware Jun 17, 2026 Aug 26, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path.
CVE-2024-45237 1Nicmx 1Fort Validator Jun 17, 2026 Aug 24, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more...Show more An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow.Show less
CVE-2024-42040 1Denx 1U Boot Jun 17, 2026 Aug 23, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of me...Show more Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.Show less
CVE-2024-8079 1Totolink 1T8 Firmware Jun 17, 2026 Aug 22, 2024 8.7 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated rem...Show more A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-8078 1Totolink 1T8 Firmware Jun 17, 2026 Aug 22, 2024 8.7 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can...Show more A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-8076 1Totolink 1T8 Firmware Jun 17, 2026 Aug 22, 2024 8.7 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launc...Show more A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less

Previous 1...828384...212 Next