Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-40036 1Notepad Plus Plus 1Notepad++ Jun 17, 2026 Aug 25, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear....Show more Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.Show less
CVE-2023-40031 1Notepad Plus Plus 1Notepad++ Jun 17, 2026 Aug 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of pub...Show more Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.Show less
CVE-2023-36198 1Skale 1Sgxwallet Jun 17, 2026 Aug 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function.
CVE-2023-39742 1Giflib Project 1Giflib Jun 17, 2026 Aug 25, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.
CVE-2022-3742 1Lenovo 87Ideapad 1 14ijl7 Firmware Ideapad 1 15ijl7 FirmwareIdeapad 1 14iau7 Firmware+84 more Jun 17, 2026 Aug 23, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.
CVE-2023-20168 1Cisco 1Nx Os Jun 17, 2026 Aug 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorre...Show more A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. Show less
CVE-2023-4041 1Silabs 1Gecko Bootloader Jun 17, 2026 Aug 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser mod...Show more Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.Show less
CVE-2022-29654 1Nasm 1Netwide Assembler Jun 17, 2026 Aug 22, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.
CVE-2021-32422 1Dpic Project 1Dpic Jun 17, 2026 Aug 22, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.
CVE-2020-35357 2Debian Gnu 2Debian Linux Gnu Scientific Library Jun 17, 2026 Aug 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_...Show more A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.Show less
CVE-2020-25887 1Cesanta 1Mongoose Jun 17, 2026 Aug 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.
CVE-2020-24295 1Freeimage Project 1Freeimage Jun 17, 2026 Aug 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
CVE-2020-24294 1Freeimage Project 1Freeimage Jun 17, 2026 Aug 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2020-24293 1Freeimage Project 1Freeimage Jun 17, 2026 Aug 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24292 1Freeimage Project 1Freeimage Jun 17, 2026 Aug 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-22628 1Libraw 1Libraw Jun 17, 2026 Aug 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
CVE-2020-22524 1Freeimage Project 1Freeimage Jun 17, 2026 Aug 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.
CVE-2020-22219 1Flac Project 1Flac Jun 17, 2026 Aug 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.
CVE-2020-21469 1Postgresql 1Postgresql Jun 17, 2026 Aug 22, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; the...Show more An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).Show less
CVE-2020-21428 1Freeimage Project 1Freeimage Jun 17, 2026 Aug 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

Previous 1...111112113...212 Next