Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-23305 1Garmin 1Connect Iq Jun 17, 2026 May 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the ex...Show more The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.Show less
CVE-2023-23303 1Garmin 1Connect Iq Jun 17, 2026 May 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious applic...Show more The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.Show less
CVE-2023-23302 1Garmin 1Connect Iq Jun 17, 2026 May 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application...Show more The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.Show less
CVE-2023-23300 1Garmin 1Connect Iq Jun 17, 2026 May 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call t...Show more The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.Show less
CVE-2023-27518 1Contec 2Sv Cpt Mc310 Firmware Sv Cpt Mc310f Firmware Jun 17, 2026 May 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbi...Show more Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.Show less
CVE-2023-2597 1Eclipse 1Openj9 Jun 17, 2026 May 22, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
CVE-2023-20189 1Cisco 229Business 250 16p 2g Firmware Business 250 16t 2g FirmwareBusiness 250 24fp 4g Firmware+226 more Jun 17, 2026 May 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary c...Show more Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-20162 1Cisco 229Business 250 16p 2g Firmware Business 250 16t 2g FirmwareBusiness 250 24fp 4g Firmware+226 more Jun 17, 2026 May 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary c...Show more Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-20161 1Cisco 229Business 250 16p 2g Firmware Business 250 16t 2g FirmwareBusiness 250 24fp 4g Firmware+226 more Jun 17, 2026 May 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary c...Show more Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-20160 1Cisco 229Business 250 16p 2g Firmware Business 250 16t 2g FirmwareBusiness 250 24fp 4g Firmware+226 more Jun 17, 2026 May 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary c...Show more Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-20159 1Cisco 229Business 250 16p 2g Firmware Business 250 16t 2g FirmwareBusiness 250 24fp 4g Firmware+226 more Jun 17, 2026 May 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary c...Show more Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-20158 1Cisco 229Business 250 16p 2g Firmware Business 250 16t 2g FirmwareBusiness 250 24fp 4g Firmware+226 more Jun 17, 2026 May 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary c...Show more Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-20157 1Cisco 229Business 250 16p 2g Firmware Business 250 16t 2g FirmwareBusiness 250 24fp 4g Firmware+226 more Jun 17, 2026 May 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary c...Show more Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-20156 1Cisco 229Business 250 16p 2g Firmware Business 250 16t 2g FirmwareBusiness 250 24fp 4g Firmware+226 more Jun 17, 2026 May 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary c...Show more Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-20024 1Cisco 229Business 250 16p 2g Firmware Business 250 16t 2g FirmwareBusiness 250 24fp 4g Firmware+226 more Jun 17, 2026 May 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary c...Show more Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2023-31475 1Gl Inet 32Gl A1300 Firmware Gl Ap1300 FirmwareGl Ap1300lte Firmware+29 more Jun 17, 2026 May 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a...Show more An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.Show less
CVE-2021-45345 1Webcamserver Project 1Webcamserver Jun 17, 2026 May 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file.
CVE-2023-22661 1Intel 10Server System D50tnp1mhcpac Firmware Server System D50tnp1mhcrac FirmwareServer System D50tnp1mhcrlc Firmware+7 more Jun 17, 2026 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-43507 1Intel 1Quickassist Technology Engine Jun 17, 2026 May 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access.
CVE-2022-36330 1Westerndigital 3My Cloud Home Duo Firmware My Cloud Home FirmwareSandisk Ibi Firmware Jun 17, 2026 May 10, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An at...Show more A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. Show less

Previous 1...119120121...212 Next