Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,223)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-44630 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted pos...Show more A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.Show less
CVE-2021-44629 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request...Show more A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.Show less
CVE-2021-44628 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2021-44627 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a craf...Show more A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.Show less
CVE-2021-44626 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted po...Show more A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.Show less
CVE-2021-44625 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
CVE-2021-44623 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.
CVE-2021-44622 1Tp Link 1Tl Wr886n Firmware Jun 17, 2026 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post r...Show more A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.Show less
CVE-2021-40062 1Huawei 2Emui Magic Ui Jun 17, 2026 Mar 10, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.
CVE-2021-40056 1Huawei 2Emui Magic Ui Jun 17, 2026 Mar 10, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.
CVE-2022-22805 1Schneider Electric 8Scl Series 1029 Ups Firmware Scl Series 1030 Ups FirmwareScl Series 1036 Ups Firmware+5 more Jun 17, 2026 Mar 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartC...Show more A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)Show less
CVE-2022-26490 4Debian FedoraprojectLinux+1 more 11Debian Linux FedoraH300e Firmware+8 more Jun 17, 2026 Mar 6, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVE-2022-21716 4Debian FedoraprojectOracle+1 more 5Debian Linux FedoraHttp Server+2 more Jun 17, 2026 Mar 3, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version iden...Show more Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.Show less
CVE-2021-44343 1Ok File Formats Project 1Ok File Formats Jun 17, 2026 Mar 3, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in "/ok_png.c".
CVE-2021-43619 2Arm Trustedfirmware 2Trusted Firmware M Trusted Firmware M Jun 17, 2026 Mar 1, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
CVE-2020-22845 1Mikrotik 1Routeros Jun 17, 2026 Feb 28, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
CVE-2021-22394 1Huawei 3Emui HarmonyosMagic Ui Jun 17, 2026 Feb 25, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.
CVE-2021-29220 1Hp 1Ilo Amplifier Pack Jun 17, 2026 Feb 24, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code th...Show more Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack.Show less
CVE-2022-22333 1Ibm 2Sterling External Authentication Server Sterling Secure Proxy Jun 17, 2026 Feb 23, 2022 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of...Show more IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.Show less
CVE-2021-43303 2Debian Teluu 2Debian Linux Pjsip Jun 17, 2026 Feb 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer...Show more Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument suppliedShow less

Previous 1...151152153...212 Next