Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,226)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-33983 1Flatcc Project 1Flatcc Jun 17, 2026 Feb 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function.
CVE-2021-33226 1Saltstack 1Salt Jun 17, 2026 Feb 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacke...Show more Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval inputShow less
CVE-2023-24482 1Siemens 1Comos Jun 17, 2026 Feb 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3...Show more A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.Show less
CVE-2022-42444 1Ibm 1App Connect Enterprise Jun 17, 2026 Feb 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID...Show more IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.Show less
CVE-2022-40514 1Qualcomm 228Aqt1000 Firmware Ar8031 FirmwareAr8035 Firmware+225 more Jun 17, 2026 Feb 12, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
CVE-2022-33277 1Qualcomm 243Aqt1000 Firmware Ar8031 FirmwareAr8035 Firmware+240 more Jun 17, 2026 Feb 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
CVE-2022-33232 1Qualcomm 111Aqt1000 Firmware Ar8035 FirmwareQam8295p Firmware+108 more Jun 17, 2026 Feb 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
CVE-2023-0687 1Gnu 1Glibc Jun 17, 2026 Feb 6, 2023 N/A· v4 9.8 CRITICAL· v3 4.0 MEDIUM· v2 A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to bu...Show more A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.Show less
CVE-2021-37311 1Fcitx 5 Project 1Fcitx 5 Jun 17, 2026 Feb 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application's listening port.
CVE-2023-22422 1F5 12Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+9 more Jun 17, 2026 Feb 1, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server...Show more On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Show less
CVE-2023-0617 1Trendnet 1Tew 811dru Firmware Jun 17, 2026 Feb 1, 2023 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer...Show more A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219957 was assigned to this vulnerability.Show less
CVE-2023-0612 1Trendnet 1Tew 811dru Firmware Jun 17, 2026 Feb 1, 2023 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overf...Show more A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936.Show less
CVE-2022-24324 1Schneider Electric 1Interactive Graphical Scada System Jun 17, 2026 Feb 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. A...Show more A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)Show less
CVE-2022-47035 1Dlink 1Dir 825 Firmware Jun 17, 2026 Jan 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
CVE-2022-32529 1Schneider Electric 1Interactive Graphical Scada System Jun 17, 2026 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data re...Show more A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32527 1Schneider Electric 1Interactive Graphical Scada System Jun 17, 2026 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache...Show more A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32526 1Schneider Electric 1Interactive Graphical Scada System Jun 17, 2026 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting val...Show more A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32525 1Schneider Electric 1Interactive Graphical Scada System Jun 17, 2026 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data...Show more A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32524 1Schneider Electric 1Interactive Graphical Scada System Jun 17, 2026 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduce...Show more A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32523 1Schneider Electric 1Interactive Graphical Scada System Jun 17, 2026 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data...Show more A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less

Previous 1...126127128...212 Next