Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-30383 1Tp Link 3Archer C20 Firmware Archer C2 V1 FirmwareArcher C50 Firmware Jun 17, 2026 Jul 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service...Show more TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.Show less
CVE-2023-31998 1Ui 2Aircube Firmware Edgemax Edgerouter Firmware Jun 17, 2026 Jul 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.
CVE-2021-43072 1Fortinet 4Fortianalyzer FortimanagerFortios+1 more Jun 17, 2026 Jul 18, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and b...Show more A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.Show less
CVE-2023-34140 1Zyxel 24Nxc2500 Firmware Nxc5500 FirmwareUsg 20w Vpn Firmware+21 more Jun 17, 2026 Jul 17, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36...Show more A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.Show less
CVE-2023-35802 1Extremenetworks 1Iq Engine Jun 17, 2026 Jul 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the...Show more IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.Show less
CVE-2023-37793 1Wayos 1Fbm 291w Firmware Jun 17, 2026 Jul 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp.
CVE-2023-21243 1Google 1Android Jun 17, 2026 Jul 13, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additio...Show more In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Show less
CVE-2023-3618 3Debian LibtiffRedhat 3Debian Linux Enterprise LinuxLibtiff Jun 17, 2026 Jul 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
CVE-2023-29414 1Schneider Electric 1Accutech Manager Jun 17, 2026 Jul 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call.
CVE-2020-20118 1Avas!t 1Antivirus Jun 17, 2026 Jul 11, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.
CVE-2023-34561 1Robtopgames 1Geometry Dash Jun 17, 2026 Jul 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A buffer overflow in the level parsing code of RobTop Games AB Geometry Dash v2.113 allows attackers to execute arbitrary code via entering a Geometry Dash level.
CVE-2023-24019 1Milesight 1Ur32l Firmware Jun 17, 2026 Jul 6, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can...Show more A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.Show less
CVE-2021-46896 1Dronecode 1Px4 Drone Autopilot Jun 17, 2026 Jul 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.
CVE-2023-37245 1Huawei 2Emui Harmonyos Jun 17, 2026 Jul 6, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.
CVE-2020-25969 1Gnuplot 1Gnuplot Jun 17, 2026 Jul 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().
CVE-2023-35979 1Arubanetworks 1Arubaos Jun 17, 2026 Jul 5, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) conditio...Show more There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.Show less
CVE-2023-24851 1Qualcomm 186Ar8035 Firmware Csr8811 FirmwareCsra6620 Firmware+183 more Jun 17, 2026 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
CVE-2023-22386 1Qualcomm 196215 Firmware Ar8035 FirmwareCsr8811 Firmware+193 more Jun 17, 2026 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
CVE-2023-21640 1Qualcomm 6Fastconnect 6900 Firmware Fastconnect 7800 FirmwareSnapdragon 8 Gen 1 Firmware+3 more Jun 17, 2026 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Linux when the file upload API is called with parameters having large buffer.
CVE-2023-21639 1Qualcomm 22Aqt1000 Firmware Fastconnect 6200 FirmwareQca6420 Firmware+19 more Jun 17, 2026 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.

Previous 1...115116117...212 Next