Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-33457 1Sogou 1C++ Workflow Jun 17, 2026 Jun 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash.
CVE-2022-33230 1Qualcomm 44Aqt1000 Firmware Qca6420 FirmwareQca6430 Firmware+41 more Jun 17, 2026 Jun 6, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host
CVE-2022-33226 1Qualcomm 33Aqt1000 Firmware Qam8255p FirmwareQca6420 Firmware+30 more Jun 17, 2026 Jun 6, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.
CVE-2022-33224 1Qualcomm 46Aqt1000 Firmware Qam8255p FirmwareQca6420 Firmware+43 more Jun 17, 2026 Jun 6, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.
CVE-2022-48439 1Google 1Android Jun 17, 2026 Jun 6, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2023-27989 1Zyxel 4Lte7480 M804 Firmware Lte7490 M904 FirmwareNebula Nr7101 Firmware+1 more Jun 17, 2026 Jun 5, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a craf...Show more A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.Show less
CVE-2023-32181 1Opensuse 1Libeconf Jun 17, 2026 Jun 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2.
CVE-2023-22652 1Opensuse 1Libeconf Jun 17, 2026 Jun 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.
CVE-2023-24584 1Gallagher 1Controller 6000 Firmware Jun 17, 2026 Jun 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.2302...Show more Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior. Show less
CVE-2021-45039 1Uniview 1Camera Firmware Jun 17, 2026 May 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthentica...Show more Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command.Show less
CVE-2023-32763 1Qt 1Qt Jun 17, 2026 May 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
CVE-2021-46886 1Huawei 1Emui Jun 17, 2026 May 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46885 1Huawei 1Emui Jun 17, 2026 May 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46884 1Huawei 1Emui Jun 17, 2026 May 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46883 1Huawei 1Emui Jun 17, 2026 May 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46882 1Huawei 1Emui Jun 17, 2026 May 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46881 1Huawei 1Emui Jun 17, 2026 May 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2023-33010 1Zyxel 23Atp100 Firmware Atp100w FirmwareAtp200 Firmware+20 more Jun 17, 2026 May 24, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions...Show more A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.Show less
CVE-2023-33009 1Zyxel 23Atp100 Firmware Atp100w FirmwareAtp200 Firmware+20 more Jun 17, 2026 May 24, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions...Show more A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.Show less
CVE-2023-1424 1Mitsubishielectric 39Melsec Iq Fx5u 32mr/ds Firmware Melsec Iq Fx5u 32mr/dss FirmwareMelsec Iq Fx5u 32mr/es Firmware+36 more Jun 17, 2026 May 24, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated at...Show more Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.Show less

Previous 1...118119120...212 Next