Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,223)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-35129 1Qualcomm 45Ar8035 Firmware Ipq5010 FirmwareIpq5018 Firmware+42 more Jun 17, 2026 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industria...Show more Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and NetworkingShow less
CVE-2021-35114 1Qualcomm 2Sa8540p Firmware Sa9000p Firmware Jun 17, 2026 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto
CVE-2021-35104 1Qualcomm 176Apq8009w Firmware Apq8017 FirmwareApq8064au Firmware+173 more Jun 17, 2026 Jun 14, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrago...Show more Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and NetworkingShow less
CVE-2021-35102 1Qualcomm 68Ar8035 Firmware Qca6390 FirmwareQca6391 Firmware+65 more Jun 17, 2026 Jun 14, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CVE-2021-35081 1Qualcomm 73Aqt1000 Firmware Ar8035 FirmwareQca6390 Firmware+70 more Jun 17, 2026 Jun 14, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electr...Show more Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & MusicShow less
CVE-2021-30327 1Qualcomm 79Apq8097 Firmware Apq8098 FirmwareIpq6000 Firmware+76 more Jun 17, 2026 Jun 14, 2022 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon...Show more Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & MusicShow less
CVE-2022-29797 1Huawei 1Cv81 Wdm Firmware Jun 17, 2026 Jun 13, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation.
CVE-2022-32981 1Linux 1Linux Kernel Jun 17, 2026 Jun 10, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.
CVE-2022-31031 2Debian Teluu 2Debian Linux Pjsip Jun 17, 2026 Jun 9, 2022 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack b...Show more PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.Show less
CVE-2022-31019 1Vapor 1Vapor Jun 17, 2026 Jun 9, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][...Show more Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1.Show less
CVE-2022-30552 1Denx 1U Boot Jun 17, 2026 Jun 8, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Das U-Boot 2022.01 has a Buffer Overflow.
CVE-2022-31482 2Carrier Hidglobal 14Ep4502 Firmware Lenels2 Lnl 4420 FirmwareLenels2 Lnl X2210 Firmware+11 more Jun 17, 2026 Jun 6, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1...Show more An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.Show less
CVE-2022-31481 2Carrier Hidglobal 14Ep4502 Firmware Lenels2 Lnl 4420 FirmwareLenels2 Lnl X2210 Firmware+11 more Jun 17, 2026 Jun 6, 2022 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP45...Show more An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.Show less
CVE-2022-24702 1Winaprs 1Winaprs Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only...Show more An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2022-24701 1Winaprs 1Winaprs Jun 17, 2026 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects produc...Show more An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2022-24700 1Winaprs 1Winaprs Jun 17, 2026 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air....Show more An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2021-3555 1Eufylife 2Solo Indoorcam C24 Firmware Solo Indoorcam P24 Firmware Jun 17, 2026 May 31, 2022 N/A· v4 8.8 HIGH· v3 5.4 MEDIUM· v2 A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and...Show more A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions.Show less
CVE-2022-26754 1Apple 1Macos Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-26753 1Apple 1Macos Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-26752 1Apple 1Macos Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.

Previous 1...146147148...212 Next