Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-46256 1Dronecode 1Px4 Drone Autopilot Jun 17, 2026 Oct 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value...Show more PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.Show less
CVE-2023-45797 1Dreamsecurity 1Magicline 4.0 Jun 17, 2026 Oct 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.
CVE-2023-46587 1Xnview 1Xnview Jun 17, 2026 Oct 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
CVE-2023-46852 1Memcached 1Memcached Jun 17, 2026 Oct 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.
CVE-2022-34886 1Lenovo 3G263dns Firmware Gm265dn FirmwareGm266dns Firmware Jun 17, 2026 Oct 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack...Show more A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.Show less
CVE-2018-17878 1Abus 47Tvip 10000 Firmware Tvip 10001 FirmwareTvip 10005 Firmware+44 more Nov 21, 2024 Oct 26, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.
CVE-2023-5139 1Zephyrproject 1Zephyr Jun 17, 2026 Oct 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
CVE-2023-5753 1Zephyrproject 1Zephyr Jun 17, 2026 Oct 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c
CVE-2023-43250 1Xnview 1Nconvert Jun 17, 2026 Oct 18, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
CVE-2023-36321 1Covesa 1Dlt Daemon Jun 17, 2026 Oct 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c.
CVE-2023-4257 1Zephyrproject 1Zephyr Jun 17, 2026 Oct 13, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
CVE-2023-4263 1Zephyrproject 1Zephyr Jun 17, 2026 Oct 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
CVE-2023-32973 1Qnap 3Qts Quts HeroQutscloud Jun 17, 2026 Oct 13, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via...Show more A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later Show less
CVE-2023-45468 1Netis Systems 1N3m Firmware Jun 17, 2026 Oct 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2023-45464 1Netis Systems 1N3m Firmware Jun 17, 2026 Oct 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2023-45463 1Netis Systems 1N3m Firmware Jun 17, 2026 Oct 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2023-32722 1Zabbix 1Zabbix Jun 17, 2026 Oct 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
CVE-2023-35056 1Yifanwireless 1Yf325 Firmware Jun 17, 2026 Oct 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigg...Show more A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function.Show less
CVE-2023-35055 1Yifanwireless 1Yf325 Firmware Jun 17, 2026 Oct 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigg...Show more A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.Show less
CVE-2023-26320 1Mi 1Xiaomi Router Ax3200 Firmware Jun 17, 2026 Oct 11, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

Previous 1...106107108...212 Next