Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,201)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-50665 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET...Show more A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and mem_utf8 parameters.Show less
CVE-2025-50654 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.
CVE-2025-50653 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint.
CVE-2025-50652 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint.
CVE-2025-50650 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.
CVE-2025-50649 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint.
CVE-2025-50648 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.
CVE-2025-50647 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint.
CVE-2025-50646 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint.
CVE-2025-50645 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessive...Show more A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow condition.Show less
CVE-2025-50644 1Dlink 1Di 8003 Firmware Apr 22, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint.
CVE-2025-52222 1Dlink 9Di 8003 Firmware Di 8003g FirmwareDi 8100 Firmware+6 more Apr 14, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered t...Show more D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.Show less
CVE-2025-52221 1Tenda 1Ac6 Firmware Apr 13, 2026 Apr 8, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.
CVE-2025-45059 1Dlink 1Di 8300 Firmware Apr 10, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-45058 1Dlink 1Di 8300 Firmware Apr 10, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-45057 1Dlink 1Di 8300 Firmware Apr 10, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-30075 1Openairinterface 1Oai Cn5g Amf Apr 14, 2026 Apr 8, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is d...Show more OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).Show less
CVE-2025-52908 1Samsung 10Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+7 more Apr 9, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads...Show more An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2.Show less
CVE-2025-52909 1Samsung 10Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+7 more Apr 13, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads...Show more An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 2 of 2.Show less
CVE-2026-5734 1Mozilla 2Firefox Thunderbird Apr 13, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of...Show more Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.Show less

Previous 1...111213...211 Next