Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,223)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-26750 1Apple 1Macos Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-26749 1Apple 1Macos Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-26742 1Apple 1Macos Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-26741 1Apple 1Macos Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-30784 3Debian FedoraprojectTuxera 3Debian Linux FedoraNtfs 3g Jun 17, 2026 May 26, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2022-29246 1Eclipse 1Threadx Usbx Jun 17, 2026 May 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory content...Show more Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected.Show less
CVE-2022-29242 1Gost Engine Project 1Gost Engine Jun 17, 2026 May 24, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512...Show more GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1 contains a patch for this issue. Disabling ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is a possible workaround.Show less
CVE-2022-29223 1Eclipse 1Threadx Usbx Jun 17, 2026 May 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts`...Show more Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 - `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10.Show less
CVE-2022-29210 1Google 1Tensorflow Jun 17, 2026 May 21, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash functi...Show more TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1.Show less
CVE-2022-29189 1Pion 1Dtls Jun 17, 2026 May 21, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the re...Show more Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.Show less
CVE-2022-29023 1Openrazer Project 1Openrazer Jun 17, 2026 May 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to th...Show more A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.Show less
CVE-2022-29022 1Openrazer Project 1Openrazer Jun 17, 2026 May 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent t...Show more A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.Show less
CVE-2022-29021 1Openrazer Project 1Openrazer Jun 17, 2026 May 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the...Show more A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.Show less
CVE-2022-27242 1Siemens 1Openv2g Jun 17, 2026 May 20, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memor...Show more A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.Show less
CVE-2022-30033 1Tenda 1Tx9 Pro Firmware Jun 17, 2026 May 18, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module.
CVE-2022-1110 1Lenovo 1Smart Standby Driver Jun 17, 2026 May 18, 2022 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service.
CVE-2022-1735 2Apple Vim 2Macos Vim Jun 17, 2026 May 17, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVE-2022-30067 1Gimp 1Gimp Jun 17, 2026 May 17, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.
CVE-2022-30950 1Jenkins 1Wmi Windows Agents Jun 17, 2026 May 17, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Wind...Show more Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.Show less
CVE-2022-30055 1Mersenne 1Prime95 Jun 17, 2026 May 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.

Previous 1...147148149...212 Next