Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,201)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-69674 - - Feb 25, 2026 Feb 19, 2026 N/A· v4 6.4 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of the mesh_node_config...Show more Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of the mesh_node_config and domiainblk_config modulesShow less
CVE-2019-25354 - - Feb 19, 2026 Feb 18, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and...Show more iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices.Show less
CVE-2019-25353 - - Feb 19, 2026 Feb 18, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of...Show more Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login.Show less
CVE-2019-25349 - - Feb 19, 2026 Feb 18, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer duri...Show more ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.Show less
CVE-2019-25326 1Nwpsw 1Ippulse Feb 24, 2026 Feb 18, 2026 4.6 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A...Show more ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content.Show less
CVE-2025-33130 1Ibm 1Db2 Merge Backup Feb 20, 2026 Feb 17, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.
CVE-2025-70314 1Ourway 1Webfsd Feb 18, 2026 Feb 12, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable
CVE-2025-69807 1P2r3 1Bareiron Feb 23, 2026 Feb 12, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server.
CVE-2026-25994 1Pjsip 1Pjsip Feb 19, 2026 Feb 11, 2026 8.1 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames...Show more PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.Show less
CVE-2020-37215 - - Feb 12, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-b...Show more MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the 'User Name and Registration Code' field to trigger an application crash.Show less
CVE-2020-37213 - - Feb 12, 2026 Feb 11, 2026 6.7 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and past...Show more TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash.Show less
CVE-2020-37212 1Nsasoft 1Spotmsn Feb 26, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' f...Show more SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.Show less
CVE-2020-37211 1Nsasoft 1Spotim Feb 26, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste i...Show more SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.Show less
CVE-2020-37210 1Nsasoft 1Spotie Feb 26, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' fie...Show more SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.Show less
CVE-2020-37209 1Nsasoft 1Spotftp Feb 20, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the...Show more SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.Show less
CVE-2020-37207 1Nsasoft 1Spotdialup Feb 26, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the...Show more SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.Show less
CVE-2020-37206 1Nsasoft 1Sharealarmpro Feb 26, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an app...Show more ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.Show less
CVE-2020-37205 1Nsasoft 1Remshutdown Feb 20, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste...Show more RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.Show less
CVE-2020-37204 1Nsasoft 1Remshutdown Feb 20, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the re...Show more RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.Show less
CVE-2020-37203 - - Feb 12, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file an...Show more Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash.Show less

Previous 1...171819...211 Next