Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,226)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-25655 1Qualcomm 238Apq8009 Firmware Apq8017 FirmwareApq8076 Firmware+235 more Jun 17, 2026 Mar 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
CVE-2023-27853 1Netgear 1Rax30 Firmware Jun 17, 2026 Mar 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.
CVE-2023-27852 1Netgear 1Rax30 Firmware Jun 17, 2026 Mar 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.
CVE-2023-26075 1Samsung 9Exynos 1080 Firmware Exynos 1280 FirmwareExynos 2200 Firmware+6 more Jun 17, 2026 Mar 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object...Show more An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.Show less
CVE-2023-26110 1Node Bluetooth Project 1Node Bluetooth Jun 17, 2026 Mar 9, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.
CVE-2023-26109 1Node Bluetooth Serial Port Project 1Node Bluetooth Serial Port Jun 17, 2026 Mar 9, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.
CVE-2023-20624 1Google 1Android Jun 17, 2026 Mar 7, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation....Show more In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530.Show less
CVE-2023-1161 2Debian Wireshark 2Debian Linux Wireshark Jun 17, 2026 Mar 6, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
CVE-2023-1190 1Imageinfo Project 1Imageinfo Jun 17, 2026 Mar 6, 2023 N/A· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. L...Show more A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability.Show less
CVE-2022-47664 1Struktur 1Libde265 Jun 17, 2026 Mar 3, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse
CVE-2023-22757 1Arubanetworks 2Arubaos Sd Wan Jun 17, 2026 Mar 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful...Show more There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Show less
CVE-2023-22756 1Arubanetworks 2Arubaos Sd Wan Jun 17, 2026 Mar 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful...Show more There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Show less
CVE-2023-22755 1Arubanetworks 2Arubaos Sd Wan Jun 17, 2026 Mar 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful...Show more There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Show less
CVE-2023-22754 1Arubanetworks 2Arubaos Sd Wan Jun 17, 2026 Mar 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful...Show more There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Show less
CVE-2023-22753 1Arubanetworks 2Arubaos Sd Wan Jun 17, 2026 Mar 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful...Show more There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Show less
CVE-2023-20032 3Cisco ClamavStormshield 5Clamav Secure EndpointSecure Endpoint Private Cloud+2 more Jun 17, 2026 Mar 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and...Show more On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].Show less
CVE-2023-23513 1Apple 1Macos Jun 17, 2026 Feb 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.Show less
CVE-2022-48260 1Huawei 1Bisheng Wnm Firmware Jun 17, 2026 Feb 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to device service exceptions.
CVE-2023-0996 1Struktur 1Libheif Jun 17, 2026 Feb 24, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a mem...Show more There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. Show less
CVE-2023-24809 1Nethack 1Nethack Jun 17, 2026 Feb 17, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnera...Show more NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.Show less

Previous 1...125126127...212 Next