Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-24479 2Fedoraproject Wireshark 2Fedora Wireshark Jun 17, 2026 Feb 21, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither...Show more A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.Show less
CVE-2024-24474 1Qemu 1Qemu Jun 17, 2026 Feb 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/s...Show more QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.Show less
CVE-2024-25196 2Opennav Openrobotics 2Nav2 Robot Operating System Jun 17, 2026 Feb 20, 2024 N/A· v4 3.3 LOW· v3 N/A· v2 Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.
CVE-2024-26134 2Agronholm Fedoraproject 2Cbor2 Fedora Jun 17, 2026 Feb 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2...Show more cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue.Show less
CVE-2023-52377 1Huawei 2Emui Harmonyos Jun 17, 2026 Feb 18, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2023-52370 1Huawei 2Emui Harmonyos Jun 17, 2026 Feb 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access.
CVE-2023-52366 1Huawei 2Emui Harmonyos Jun 17, 2026 Feb 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-52365 1Huawei 2Emui Harmonyos Jun 17, 2026 Feb 18, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-25373 1Tenda 1Ac10 Firmware Jun 17, 2026 Feb 15, 2024 N/A· v4 4.6 MEDIUM· v3 N/A· v2 Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function.
CVE-2024-20723 1Adobe 1Substance 3d Painter Jun 17, 2026 Feb 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...Show more Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-23093 1Freebsd 1Freebsd Jun 17, 2026 Feb 15, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which...Show more ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes. The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.Show less
CVE-2022-23085 1Freebsd 1Freebsd Jun 17, 2026 Feb 15, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in th...Show more A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.Show less
CVE-2024-25165 1Swftools 1Swftools Jun 17, 2026 Feb 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.
CVE-2023-43519 1Qualcomm 129Aqt1000 Firmware Fastconnect 6200 FirmwareFastconnect 6700 Firmware+126 more Jun 17, 2026 Feb 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.
CVE-2023-33077 1Qualcomm 95Aqt1000 Firmware Ar8035 FirmwareC V2x 9150 Firmware+92 more Jun 17, 2026 Feb 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in HLOS while converting from authorization token to HIDL vector.
CVE-2023-33072 1Qualcomm 239315 5g Iot Modem Firmware 9205 Lte Modem FirmwareAqt1000 Firmware+236 more Jun 17, 2026 Feb 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Core while processing control functions.
CVE-2023-33069 1Qualcomm 1109206 Lte Modem Firmware Aqt1000 FirmwareAr8035 Firmware+107 more Jun 17, 2026 Feb 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Audio while processing the calibration data returned from ACDB loader.
CVE-2023-33068 1Qualcomm 1109206 Lte Modem Firmware Aqt1000 FirmwareAr8035 Firmware+107 more Jun 17, 2026 Feb 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Audio while processing IIR config data from AFE calibration block.
CVE-2023-45037 1Qnap 3Qts Quts HeroQutscloud Jun 17, 2026 Feb 2, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via...Show more A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later Show less
CVE-2023-45036 1Qnap 3Qts Quts HeroQutscloud Jun 17, 2026 Feb 2, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via...Show more A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later Show less

Previous 1...979899...212 Next