Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,225)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-47656 1Gpac 1Gpac Jun 17, 2026 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273
CVE-2022-47654 1Gpac 1Gpac Jun 17, 2026 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261
CVE-2022-47653 1Gpac 1Gpac Jun 17, 2026 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113
CVE-2022-47095 1Gpac 1Gpac Jun 17, 2026 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c
CVE-2022-47091 1Gpac 1Gpac Jun 17, 2026 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c
CVE-2022-47089 1Gpac 1Gpac Jun 17, 2026 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c
CVE-2022-47088 1Gpac 1Gpac Jun 17, 2026 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.
CVE-2022-47087 1Gpac 1Gpac Jun 17, 2026 Jan 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c
CVE-2022-45995 1Tenda 1Ax12 Firmware Jun 17, 2026 Jan 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE...Show more There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.Show less
CVE-2022-46456 1Nasm 1Netwide Assembler Jun 17, 2026 Jan 4, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
CVE-2022-39118 1Google 1Android Jun 17, 2026 Jan 4, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-42262 1Nvidia 3Cloud Gaming Gpu Display DriverVirtual Gpu Jun 17, 2026 Dec 30, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclos...Show more NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.Show less
CVE-2022-42261 1Nvidia 3Cloud Gaming Gpu Display DriverVirtual Gpu Jun 17, 2026 Dec 30, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclos...Show more NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.Show less
CVE-2022-4857 1Modbustools 1Modbus Poll Jun 17, 2026 Dec 30, 2022 N/A· v4 7.8 HIGH· v3 7.5 HIGH· v2 A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulati...Show more A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-217022 is the identifier assigned to this vulnerability.Show less
CVE-2022-4856 1Modbustools 1Modbus Slave Jun 17, 2026 Dec 30, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. Th...Show more A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.Show less
CVE-2022-48196 1Netgear 9R6400v2 Firmware R6700v3 FirmwareR6900p Firmware+6 more Jun 17, 2026 Dec 30, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3...Show more Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.Show less
CVE-2022-41966 1Xstream 1Xstream Jun 17, 2026 Dec 28, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation...Show more XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.Show less
CVE-2019-11851 1Sierrawireless 1Aleos Jun 17, 2026 Dec 26, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.
CVE-2022-47949 1Nintendo 9Animal Crossing\ ArmsMario Kart 7+6 more Jun 17, 2026 Dec 24, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLB...Show more The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a game session with the attacker. Other affected products include Mario Kart 7 before 1.2, Mario Kart 8, Mario Kart 8 Deluxe before 2.1.0, ARMS before 5.4.1, Splatoon, Splatoon 2 before 5.5.1, Splatoon 3 before late 2022, Super Mario Maker 2 before 3.0.2, and Nintendo Switch Sports before late 2022.Show less
CVE-2022-45721 1Ip Com 1M50 Firmware Jun 17, 2026 Dec 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function.

Previous 1...131132133...212 Next