Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-28580 1Qualcomm 44Ar8035 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+41 more Jun 17, 2026 Dec 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
CVE-2023-28579 1Qualcomm 34Fastconnect 6900 Firmware Fastconnect 7800 FirmwareQam8295p Firmware+31 more Jun 17, 2026 Dec 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.
CVE-2023-28546 1Qualcomm 274315 5g Iot Modem Firmware 9205 Lte Modem FirmwareApq8017 Firmware+271 more Jun 17, 2026 Dec 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in SPS Application while exporting public key in sorter TA.
CVE-2023-49287 1Cxong 1Tinydir Jun 17, 2026 Dec 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.
CVE-2023-32860 1Google 1Android Jun 17, 2026 Dec 4, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploita...Show more In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788.Show less
CVE-2023-32859 1Google 1Android Jun 17, 2026 Dec 4, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitatio...Show more In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473.Show less
CVE-2023-47307 1Szlbt 1Lbt T300 T310 Firmware Jun 17, 2026 Nov 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter.
CVE-2023-5908 4Ge PtcRockwellautomation+1 more 8Industrial Gateway Server KeepserverexKepserver Enterprise+5 more Jun 17, 2026 Nov 30, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
CVE-2023-49700 1Asrmicro 2Asr1803 Firmware Asr1806 Firmware Jun 17, 2026 Nov 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large.
CVE-2023-24294 1Zumtobel 1Netlink Ccd Firmware Jun 17, 2026 Nov 29, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.
CVE-2023-4397 1Zyxel 1Zld Jun 17, 2026 Nov 28, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allo...Show more A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.Show less
CVE-2023-37926 1Zyxel 1Zld Jun 17, 2026 Nov 28, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN se...Show more A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.Show less
CVE-2023-4590 1Kimmov 1Frhed Jun 17, 2026 Nov 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH)...Show more Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.Show less
CVE-2023-49208 1Glewlwyd Sso Server Project 1Glewlwyd Sso Server Jun 17, 2026 Nov 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.
CVE-2023-28812 1Hikvision 1Localservicecomponents Jun 17, 2026 Nov 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary c...Show more There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.Show less
CVE-2023-28811 1Hikvision 40Ds 7104ni Q1(c) Firmware Ds 7104ni Q1(d) FirmwareDs 7108ni Q1(c) Firmware+37 more Jun 17, 2026 Nov 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted p...Show more There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.Show less
CVE-2023-43887 1Struktur 1Libde265 Jun 17, 2026 Nov 22, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.
CVE-2023-6238 2Fedoraproject Linux 2Fedora Linux Kernel Jun 17, 2026 Nov 21, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the...Show more A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.Show less
CVE-2023-4424 1Zephyrproject 1Zephyr Jun 17, 2026 Nov 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
CVE-2023-38823 1Tenda 4Ac18 Firmware Ac19 FirmwareAc6 Firmware+1 more Jun 17, 2026 Nov 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

Previous 1...103104105...212 Next