CWE-120
4,224 CVEs • Abstraction: Base • Likelihood of Exploit: High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CVEs (4,224)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. |
Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto |
1Qualcomm 154Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+151 moreJun 17, 2026 Sep 2, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mo...Show more |
1Qualcomm 107Apq8017 Firmware Apq8053 FirmwareAqt1000 Firmware+104 moreJun 17, 2026 Sep 2, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobil...Show more |
Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL. |
1Realtek 1Bluetooth Mesh Software Development Kit Jun 17, 2026 Aug 30, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vuln...Show more |
1Realtek 1Bluetooth Mesh Software Development Kit Jun 17, 2026 Aug 30, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can ex...Show more |
1Realtek 1Bluetooth Mesh Software Development Kit Jun 17, 2026 Aug 30, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can...Show more |
1Realtek 1Bluetooth Mesh Software Development Kit Jun 17, 2026 Aug 30, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulner...Show more |
1Draytek 68Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+65 moreJun 17, 2026 Aug 29, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. |
Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. |
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, |
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. |
A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root...Show more |
1Sound Exchange Project 1Sound Exchange Jun 17, 2026 Aug 25, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash. |
1Sound Exchange Project 1Sound Exchange Jun 17, 2026 Aug 25, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. |
3Apache DebianFedoraproject3Debian Linux FedoraLibapreq2Jun 17, 2026 Aug 25, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of s...Show more |
3Debian LibpngNetapp3Debian Linux LibpngOntap Select Deploy Administration UtilityJun 17, 2026 Aug 24, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading...Show more |
1Sony 3Xperia 1 Firmware Xperia 5 FirmwareXperia Pro FirmwareJun 17, 2026 Aug 17, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. |
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc. |