Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,202)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-18974 1Nasm 1Netwide Assembler Jun 17, 2026 Aug 25, 2021 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.
CVE-2021-32781 1Envoyproxy 1Envoy Jun 17, 2026 Aug 24, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of requ...Show more Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.Show less
CVE-2021-30993 1Apple 5Ipados Iphone OsMacos+2 more Jun 17, 2026 Aug 24, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in a privileged network position may be able...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in a privileged network position may be able to execute arbitrary code.Show less
CVE-2021-30983 1Apple 2Ipados Iphone Os Jun 17, 2026 Aug 24, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30981 1Apple 2Mac Os X Macos Jun 17, 2026 Aug 24, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code wit...Show more A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.Show less
CVE-2021-30979 1Apple 4Ipados Iphone OsMac Os X+1 more Jun 17, 2026 Aug 24, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.Show less
CVE-2021-30977 1Apple 2Mac Os X Macos Jun 17, 2026 Aug 24, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary...Show more A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.Show less
CVE-2021-30963 1Apple 2Mac Os X Macos Jun 17, 2026 Aug 24, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.Show less
CVE-2021-30961 1Apple 2Mac Os X Macos Jun 17, 2026 Aug 24, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.Show less
CVE-2021-30960 1Apple 5Ipados Iphone OsMacos+2 more Jun 17, 2026 Aug 24, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Parsing a maliciously crafted audio file may lead to disc...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.Show less
CVE-2021-30959 1Apple 2Mac Os X Macos Jun 17, 2026 Aug 24, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.Show less
CVE-2021-30957 1Apple 5Ipados Iphone OsMacos+2 more Jun 17, 2026 Aug 24, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to a...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.Show less
CVE-2021-30941 1Apple 4Ipados Iphone OsMac Os X+1 more Jun 17, 2026 Aug 24, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents.Show less
CVE-2021-30940 1Apple 4Ipados Iphone OsMac Os X+1 more Jun 17, 2026 Aug 24, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents.Show less
CVE-2021-30934 3Apple DebianFedoraproject 8Debian Linux FedoraIpados+5 more Jun 17, 2026 Aug 24, 2021 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content m...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2021-30889 1Apple 5Ipados Iphone OsMacos+2 more Jun 17, 2026 Aug 24, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to...Show more A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2021-3711 5Debian NetappOpenssl+2 more 31Active Iq Unified Manager Clustered Data OntapClustered Data Ontap Antivirus Connector+28 more Jun 17, 2026 Aug 24, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be...Show more In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).Show less
CVE-2021-39602 1Miniftpd Project 1Miniftpd Jun 17, 2026 Aug 23, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.
CVE-2021-21828 1Att 1Xmill Jun 17, 2026 Aug 20, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to...Show more A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-21827 1Att 1Xmill Jun 17, 2026 Aug 20, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32...Show more A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.Show less

Previous 1...161162163...211 Next