Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-28209 1Apple 1Macos Jun 17, 2026 Sep 6, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.
CVE-2023-28562 1Qualcomm 66Aqt1000 Firmware Fastconnect 6200 FirmwareFastconnect 6800 Firmware+63 more Jun 17, 2026 Sep 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption while handling payloads from remote ESL.
CVE-2023-28560 1Qualcomm 2678098 Firmware 8998 FirmwareApq5053 Aa Firmware+264 more Jun 17, 2026 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
CVE-2023-28559 1Qualcomm 211Aqt1000 Firmware Ar8031 FirmwareAr9380 Firmware+208 more Jun 17, 2026 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
CVE-2023-28544 1Qualcomm 205Aqt1000 Firmware Ar9380 FirmwareCsr8811 Firmware+202 more Jun 17, 2026 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.
CVE-2023-21664 1Qualcomm 137Aqt1000 Firmware Ar8035 FirmwareFsm10056 Firmware+134 more Jun 17, 2026 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in Core Platform while printing the response buffer in log.
CVE-2023-21662 1Qualcomm 136Aqt1000 Firmware Ar8035 FirmwareFsm10056 Firmware+133 more Jun 17, 2026 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Core Platform while printing the response buffer in log.
CVE-2023-40968 1Hzeller 1Timg Jun 17, 2026 Sep 1, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address.
CVE-2023-36187 1Netgear 15Cbr40 Firmware Lax20 FirmwareMk62 Firmware+12 more Jun 17, 2026 Sep 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
CVE-2022-46527 1Elsys 1Ers 1.5 Firmware Jun 17, 2026 Sep 1, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser.
CVE-2023-40589 3Debian FedoraprojectFreerdp 3Debian Linux FedoraFreerdp Jun 17, 2026 Aug 31, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input in...Show more FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.Show less
CVE-2023-4163 1Broadcom 1Fabric Operating System Jun 17, 2026 Aug 31, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.
CVE-2023-38975 1Qdrant 1Qdrant Jun 17, 2026 Aug 29, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 * Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component.
CVE-2023-24548 1Arista 1Eos Jun 17, 2026 Aug 29, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device wil...Show more On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place. Show less
CVE-2023-41361 2Debian Frrouting 2Debian Linux Frrouting Jun 17, 2026 Aug 29, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
CVE-2023-40998 1O Ran Sc 1Ric Message Router Jun 17, 2026 Aug 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.
CVE-2023-40997 1O Ran Sc 1Ric Message Router Jun 17, 2026 Aug 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.
CVE-2023-36481 1Samsung 13Exynos 1080 Firmware Exynos 1280 FirmwareExynos 1330 Firmware+10 more Jun 17, 2026 Aug 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency ca...Show more An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop.Show less
CVE-2023-40166 1Notepad Plus Plus 1Notepad++ Jun 17, 2026 Aug 25, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clea...Show more Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.Show less
CVE-2023-40164 1Notepad Plus Plus 1Notepad++ Jun 17, 2026 Aug 25, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potenti...Show more Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.Show less

Previous 1...110111112...212 Next