Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,223)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-21970 1Sealevel 1Seaconnect 370w Firmware Jun 17, 2026 Feb 4, 2022 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string...Show more An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write.Show less
CVE-2021-21969 1Sealevel 1Seaconnect 370w Firmware Jun 17, 2026 Feb 4, 2022 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string...Show more An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write.Show less
CVE-2021-45429 1Virustotal 1Yara Jun 17, 2026 Feb 4, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.
CVE-2022-24130 3Debian FedoraprojectInvisible Island 3Debian Linux FedoraXterm Jun 17, 2026 Jan 31, 2022 N/A· v4 5.5 MEDIUM· v3 2.6 LOW· v2 xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
CVE-2021-46526 1Cesanta 1Mjs Jun 17, 2026 Jan 27, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c.
CVE-2021-46521 1Cesanta 1Mjs Jun 17, 2026 Jan 27, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c.
CVE-2021-46513 1Cesanta 1Mjs Jun 17, 2026 Jan 27, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c.
CVE-2021-45342 3Debian FedoraprojectLibrecad 3Debian Linux FedoraLibrecad Jun 17, 2026 Jan 25, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
CVE-2021-45341 3Debian FedoraprojectLibrecad 3Debian Linux FedoraLibrecad Jun 17, 2026 Jan 25, 2022 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
CVE-2021-44738 1Lexmark 2336500e Firmware B2236 FirmwareB2338 Firmware+230 more Jun 17, 2026 Jan 20, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.
CVE-2022-23219 3Debian GnuOracle 8Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Function Cloud Native EnvironmentCommunications Cloud Native Core Network Repository Function+5 more Jun 17, 2026 Jan 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer o...Show more The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.Show less
CVE-2022-23218 3Debian GnuOracle 4Communications Cloud Native Core Unified Data Repository Debian LinuxEnterprise Operations Monitor+1 more Jun 17, 2026 Jan 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer ov...Show more The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.Show less
CVE-2021-38692 1Qnap 3Qvr Elite Qvr GuardQvr Pro Jun 17, 2026 Jan 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this...Show more A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and laterShow less
CVE-2021-38691 1Qnap 3Qvr Elite Qvr GuardQvr Pro Jun 17, 2026 Jan 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this...Show more A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and laterShow less
CVE-2021-38690 1Qnap 3Qvr Elite Qvr GuardQvr Pro Jun 17, 2026 Jan 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this...Show more A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and laterShow less
CVE-2021-38689 1Qnap 3Qvr Elite Qvr GuardQvr Pro Jun 17, 2026 Jan 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this...Show more A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and laterShow less
CVE-2021-38682 1Qnap 3Qvr Elite Qvr GuardQvr Pro Jun 17, 2026 Jan 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this...Show more A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and laterShow less
CVE-2021-34979 1Netgear 1R6260 Firmware Jun 17, 2026 Jan 13, 2022 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13512.Show less
CVE-2021-40568 1Gpac 1Gpac Jun 17, 2026 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalati...Show more A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.Show less
CVE-2021-30308 1Qualcomm 86Aqt1000 Firmware Ar8035 FirmwareCsrb31024 Firmware+83 more Jun 17, 2026 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indu...Show more Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MobileShow less

Previous 1...153154155...212 Next