Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,223)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-30767 2Denx Fedoraproject 2Fedora U Boot Jun 17, 2026 May 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix...Show more nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.Show less
CVE-2022-22281 1Sonicwall 1Netextender Jun 17, 2026 May 13, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating...Show more A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.Show less
CVE-2021-22275 1Br Automation 1Automation Runtime Jun 17, 2026 May 13, 2022 N/A· v4 8.6 HIGH· v3 7.8 HIGH· v2 Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.
CVE-2022-24910 1Inhandnetworks 1Ir302 Firmware Jun 17, 2026 May 12, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence o...Show more A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2021-42863 1Jerryscript 1Jerryscript Jun 17, 2026 May 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.
CVE-2022-29591 1Tenda 1Tx9 Pro Firmware Jun 17, 2026 May 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.
CVE-2022-28463 2Debian Imagemagick 2Debian Linux Imagemagick Jun 17, 2026 May 8, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-24903 4Debian FedoraprojectNetapp+1 more 4Active Iq Unified Manager Debian LinuxFedora+1 more Jun 17, 2026 May 6, 2022 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As o...Show more Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.Show less
CVE-2021-3643 1Sound Exchange Project 1Sound Exchange Jun 17, 2026 May 2, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
CVE-2022-28994 1Smallsrv 1Small Http Server Jun 17, 2026 Apr 29, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.
CVE-2022-28480 1Allmediaserver 1Allmediaserver Jun 17, 2026 Apr 29, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe.
CVE-2021-4207 3Debian QemuRedhat 3Debian Linux Enterprise LinuxQemu Jun 17, 2026 Apr 29, 2022 N/A· v4 8.2 HIGH· v3 4.6 MEDIUM· v2 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a...Show more A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.Show less
CVE-2021-4206 3Debian QemuRedhat 3Debian Linux Enterprise LinuxQemu Jun 17, 2026 Apr 29, 2022 N/A· v4 8.2 HIGH· v3 4.6 MEDIUM· v2 A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. Th...Show more A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.Show less
CVE-2022-0636 1Lenovo 1Thin Installer Jun 17, 2026 Apr 22, 2022 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.
CVE-2021-46122 1Tp Link 1Tl Wr840n Firmware Jun 17, 2026 Apr 18, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.
CVE-2021-44493 2Fisglobal Yottadb 2Gt.m Yottadb Jun 17, 2026 Apr 15, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take o...Show more An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow.Show less
CVE-2022-1328 3Debian FedoraprojectMutt 3Debian Linux FedoraMutt Jun 17, 2026 Apr 14, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
CVE-2021-21967 1Sealevel 1Seaconnect 370w Firmware Jun 17, 2026 Apr 14, 2022 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform...Show more An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.Show less
CVE-2021-21939 1Accusoft 1Imagegear Jun 17, 2026 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this...Show more A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2022-27008 1F5 1Njs Jun 17, 2026 Apr 14, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.

Previous 1...148149150...212 Next