Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,220)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-1983 1Qualcomm 95Apq8017 Firmware Apq8053 FirmwareApq8064au Firmware+92 more Jun 17, 2026 Oct 20, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon...Show more Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon WearablesShow less
CVE-2021-1966 1Qualcomm 65Aqt1000 Firmware Ar8031 FirmwareAr8035 Firmware+62 more Jun 17, 2026 Oct 20, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Possible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrag...Show more Possible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & MusicShow less
CVE-2021-38297 2Fedoraproject Golang 2Fedora Go Jun 17, 2026 Oct 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
CVE-2021-37726 2Arubanetworks Siemens 2Aruba Instant Scalance W1750d Firmware Jun 17, 2026 Oct 12, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security v...Show more A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.Show less
CVE-2021-40239 1Miniftpd Project 1Miniftpd Jun 17, 2026 Oct 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c
CVE-2020-27372 1Brandy Project 1Brandy Jun 17, 2026 Oct 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
CVE-2021-35977 1Digi 186350 Sr Firmware Cm FirmwareConnect Es Firmware+15 more Jun 17, 2026 Oct 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.
CVE-2021-41794 1Open5gs 1Open5gs Jun 17, 2026 Oct 7, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Net...Show more ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.Show less
CVE-2021-34780 1Cisco 16Business 220 16p 2g Firmware Business 220 16t 2g FirmwareBusiness 220 24fp 4g Firmware+13 more Jun 17, 2026 Oct 6, 2021 N/A· v4 8.8 HIGH· v3 7.9 HIGH· v2 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute cod...Show more Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.Show less
CVE-2021-34779 1Cisco 16Business 220 16p 2g Firmware Business 220 16t 2g FirmwareBusiness 220 24fp 4g Firmware+13 more Jun 17, 2026 Oct 6, 2021 N/A· v4 8.8 HIGH· v3 7.9 HIGH· v2 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute cod...Show more Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.Show less
CVE-2021-34778 1Cisco 16Business 220 16p 2g Firmware Business 220 16t 2g FirmwareBusiness 220 24fp 4g Firmware+13 more Jun 17, 2026 Oct 6, 2021 N/A· v4 4.3 MEDIUM· v3 2.9 LOW· v2 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute cod...Show more Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.Show less
CVE-2021-34777 1Cisco 16Business 220 16p 2g Firmware Business 220 16t 2g FirmwareBusiness 220 24fp 4g Firmware+13 more Jun 17, 2026 Oct 6, 2021 N/A· v4 4.3 MEDIUM· v3 2.9 LOW· v2 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute cod...Show more Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.Show less
CVE-2021-34776 1Cisco 16Business 220 16p 2g Firmware Business 220 16t 2g FirmwareBusiness 220 24fp 4g Firmware+13 more Jun 17, 2026 Oct 6, 2021 N/A· v4 4.3 MEDIUM· v3 2.9 LOW· v2 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute cod...Show more Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.Show less
CVE-2021-34775 1Cisco 16Business 220 16p 2g Firmware Business 220 16t 2g FirmwareBusiness 220 24fp 4g Firmware+13 more Jun 17, 2026 Oct 6, 2021 N/A· v4 4.3 MEDIUM· v3 2.9 LOW· v2 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute cod...Show more Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.Show less
CVE-2021-25498 1Samsung 1Notes Jun 17, 2026 Oct 6, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
CVE-2021-25497 1Samsung 1Notes Jun 17, 2026 Oct 6, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
CVE-2021-25496 1Samsung 1Notes Jun 17, 2026 Oct 6, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
CVE-2021-25494 1Samsung 1Notes Jun 17, 2026 Oct 6, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
CVE-2021-25469 1Google 1Android Jun 17, 2026 Oct 6, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.
CVE-2021-25467 1Google 1Android Jun 17, 2026 Oct 6, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.

Previous 1...159160161...211 Next