Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,201)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-4204 1Ibm 1Db2 Jun 17, 2026 Feb 19, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbit...Show more IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.Show less
CVE-2020-8012 1Broadcom 1Unified Infrastructure Management Jun 17, 2026 Feb 18, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
CVE-2013-7173 1Belkin 1N750 Firmware Nov 21, 2024 Feb 13, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Belkin n750 routers have a buffer overflow.
CVE-2014-1617 1Promotic 1Promotic Nov 21, 2024 Feb 13, 2020 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service.
CVE-2020-8955 4Debian FedoraprojectOpensuse+1 more 5Backports Sle Debian LinuxFedora+2 more Jun 17, 2026 Feb 12, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malfor...Show more irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).Show less
CVE-2019-17519 1Nxp 1Mcuxpresso Software Development Kit Jun 17, 2026 Feb 12, 2020 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted pack...Show more The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet.Show less
CVE-2019-16336 1Cypress 2Cybl11573 Cyble 416045 Jun 17, 2026 Feb 12, 2020 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows att...Show more The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.Show less
CVE-2019-19196 1Telink Semi 5Tlsr8232 Ble Sdk Tlsr8251 Ble SdkTlsr8253 Ble Sdk+2 more Jun 17, 2026 Feb 12, 2020 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices acc...Show more The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an attacker in radio range to cause a buffer overflow and denial of service (crash) via crafted packets.Show less
CVE-2015-7890 1Samsung 1Galaxy S6 Edge Firmware Nov 21, 2024 Feb 12, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer o...Show more Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.Show less
CVE-2009-4067 2Linux Redhat 2Enterprise Linux Linux Kernel Nov 21, 2024 Feb 11, 2020 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafte...Show more Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.Show less
CVE-2019-17520 1Ti 1Cc2640r2 Software Development Kit Jun 17, 2026 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a deni...Show more The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.Show less
CVE-2019-17518 1Dialog Semiconductor 1Software Development Kit Jun 17, 2026 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to...Show more The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock.Show less
CVE-2019-17517 1Dialog Semiconductor 1Software Development Kit Jun 17, 2026 Feb 10, 2020 N/A· v4 5.7 MEDIUM· v3 6.1 MEDIUM· v2 The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflo...Show more The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet.Show less
CVE-2019-17061 1Cypress 1Psoc 4 Ble Jun 17, 2026 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Lay...Show more The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.Show less
CVE-2019-17060 1Nxp 1Mcuxpresso Software Development Kit Jun 17, 2026 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes cert...Show more The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.Show less
CVE-2019-14041 1Qualcomm 43Apq8009 Firmware Apq8017 FirmwareApq8053 Firmware+40 more Jun 17, 2026 Feb 7, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdra...Show more During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Show less
CVE-2020-8608 3Debian Libslirp ProjectOpensuse 3Debian Linux LeapLibslirp Jun 17, 2026 Feb 6, 2020 N/A· v4 5.6 MEDIUM· v3 6.8 MEDIUM· v2 In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2014-8271 1Tianocore 1Edk2 Nov 21, 2024 Feb 6, 2020 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.
CVE-2014-1958 3Canonical ImagemagickOpensuse 3Imagemagick OpensuseUbuntu Linux Nov 21, 2024 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulne...Show more Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.Show less
CVE-2020-5208 4Debian FedoraprojectIpmitool Project+1 more 4Debian Linux FedoraIpmitool+1 more Jun 17, 2026 Feb 5, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the i...Show more It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.Show less

Previous 1...191192193...211 Next