Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,223)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-43636 1Totolink 1T10 V2 Firmware Jun 17, 2026 Mar 25, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.
CVE-2022-22687 1Synology 2Diskstation Manager Diskstation Manager Unified Controller Jun 17, 2026 Mar 25, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary...Show more Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2022-22819 1Nxp 6Lpc55s66jbd100 Firmware Lpc55s66jbd64 FirmwareLpc55s66jev98 Firmware+3 more Jun 17, 2026 Mar 23, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This ca...Show more NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update.Show less
CVE-2022-26243 1Tendacn 1Ac10 Firmware Jun 17, 2026 Mar 23, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.
CVE-2021-38772 1Tendacn 1Ac10 Firmware Jun 17, 2026 Mar 23, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
CVE-2021-46064 1Irfanview 1Irfanview Jun 17, 2026 Mar 23, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.
CVE-2021-45757 1Asus 1Rt Ac68u Firmware Jun 17, 2026 Mar 23, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).
CVE-2021-45756 1Asus 2Rt Ac5300 Firmware Rt Ac68u Firmware Jun 17, 2026 Mar 23, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.
CVE-2022-24764 2Debian Teluu 2Debian Linux Pjsip Jun 17, 2026 Mar 22, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print...Show more PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.Show less
CVE-2022-22634 1Apple 3Ipados Iphone OsTvos Jun 17, 2026 Mar 18, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2022-22593 1Apple 6Ipados Iphone OsMac Os X+3 more Jun 17, 2026 Mar 18, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3....Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.Show less
CVE-2020-16232 1Yokogawa 1Widefield3 Jun 17, 2026 Mar 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.
CVE-2022-27240 1Glewlwyd Sso Server Project 1Glewlwyd Sso Server Jun 17, 2026 Mar 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.
CVE-2022-25514 1Nothings 1Stb Truetype.h Jun 17, 2026 Mar 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only b...Show more stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.Show less
CVE-2021-42728 1Adobe 1Bridge Jun 17, 2026 Mar 16, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitati...Show more Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.Show less
CVE-2022-26981 3Apple FedoraprojectLiblouis 7Fedora IpadosIphone Os+4 more Jun 17, 2026 Mar 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).
CVE-2022-24754 2Debian Teluu 2Debian Linux Pjsip Jun 17, 2026 Mar 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who acce...Show more PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.Show less
CVE-2022-23187 1Adobe 1Illustrator Jun 17, 2026 Mar 11, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current us...Show more Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator.Show less
CVE-2021-44632 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post requ...Show more A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.Show less
CVE-2021-44631 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post re...Show more A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.Show less

Previous 1...150151152...212 Next