Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,224)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-3786 3Fedoraproject NodejsOpenssl 3Fedora Node.jsOpenssl Jun 17, 2026 Nov 1, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed...Show more A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Show less
CVE-2022-43752 1Common Desktop Environment Project 1 Common Desktop Environment Jun 17, 2026 Oct 31, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and doubl...Show more Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.Show less
CVE-2021-40241 1Xfig Project 1Xfig Jun 17, 2026 Oct 31, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 xfig 3.2.7 is vulnerable to Buffer Overflow.
CVE-2022-43365 1Ip Com 1Ew9 Firmware Jun 17, 2026 Oct 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-23462 1Softmotions 1Iowow Jun 17, 2026 Oct 21, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation num...Show more IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch.Show less
CVE-2021-42553 1St 1Stm32 Mw Usb Host Jun 17, 2026 Oct 21, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. Th...Show more A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.Show less
CVE-2022-33217 1Qualcomm 8Sd 8 Gen1 5g Firmware Wcd9380 FirmwareWcn6855 Firmware+5 more Jun 17, 2026 Oct 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile
CVE-2022-25687 1Qualcomm 181Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+178 more Jun 17, 2026 Oct 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...Show more memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2022-3550 3Debian FedoraprojectX.org 3Debian Linux FedoraX Server Jun 17, 2026 Oct 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to ap...Show more A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.Show less
CVE-2022-39122 1Google 1Android Jun 17, 2026 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39121 1Google 1Android Jun 17, 2026 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39120 1Google 1Android Jun 17, 2026 Oct 14, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-41485 1Tenda 2Ac6 Firmware Ac6v2.0 Firmware Jun 17, 2026 Oct 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2022-41484 1Tenda 1Ap500v1 Firmware Jun 17, 2026 Oct 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2022-41483 1Tenda 1Ac6v2.0 Firmware Jun 17, 2026 Oct 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2022-41482 1Tenda 1Ac6v2.0 Firmware Jun 17, 2026 Oct 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2022-41481 1Tenda 1Ac6v2.0 Firmware Jun 17, 2026 Oct 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2022-41480 1Tenda 1Ac6v2.0 Firmware Jun 17, 2026 Oct 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2022-32491 1Dell 290Alienware Area 51m R1 Firmware Alienware Area 51m R2 FirmwareAlienware Aurora R10 Firmware+287 more Jun 17, 2026 Oct 12, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.
CVE-2022-36361 1Siemens 2Logo!8 Bm Fs 05 Firmware Logo! 8 Bm Firmware Jun 17, 2026 Oct 11, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB...Show more A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.Show less

Previous 1...137138139...212 Next