Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVEs (569)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2570 1Schneider Electric 1Ecostruxure Foxboro Dcs Control Core Services Nov 21, 2024 Jun 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using...Show more A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver. Show less
CVE-2023-0950 2Debian Libreoffice 2Debian Linux Libreoffice Apr 23, 2025 May 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded...Show more Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.Show less
CVE-2022-33281 1Qualcomm 8Sm8450 Firmware Wcd9380 FirmwareWcn685x 1 Firmware+5 more Nov 21, 2024 May 2, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.
CVE-2023-28004 1Schneider Electric 1Powerlogic Hdpm6000 Firmware Nov 21, 2024 Apr 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.
CVE-2023-2008 1Linux 1Linux Kernel May 5, 2025 Apr 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory acce...Show more A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.Show less
CVE-2022-33302 1Qualcomm 225315 5g Iot Modem Firmware 8905 Firmware8909 Firmware+222 more Nov 21, 2024 Apr 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
CVE-2022-33289 1Qualcomm 226315 5g Iot Modem Firmware 7wcn785x 1 Firmware8905 Firmware+223 more Nov 21, 2024 Apr 13, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
CVE-2023-26066 1Lexmark 26Cslbl Firmware Cslbn FirmwareCsnzj Firmware+23 more Feb 11, 2025 Apr 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.
CVE-2022-38072 2Admesh Project Slic3r 2Admesh Libslic3r Nov 21, 2024 Apr 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An atta...Show more An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2023-20080 1Cisco 2Ios Ios Xe Nov 21, 2024 Mar 23, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerab...Show more A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly.Show less
CVE-2022-40539 1Qualcomm 25Qam8295p Firmware Qca6574au FirmwareQca6696 Firmware+22 more Nov 21, 2024 Mar 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Automotive Android OS due to improper validation of array index.
CVE-2022-40537 1Qualcomm 162Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+159 more Nov 21, 2024 Mar 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.
CVE-2022-33256 1Qualcomm 65Ar8035 Firmware Qca6390 FirmwareQca6391 Firmware+62 more Nov 21, 2024 Mar 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption due to improper validation of array index in Multi-mode call processor.
CVE-2023-20633 1Google 1Android Mar 6, 2025 Mar 7, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Pa...Show more In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508.Show less
CVE-2023-0755 3Ge PtcRockwellautomation 9Digital Industrial Gateway Server Kepserver EnterpriseKepware Server+6 more Nov 21, 2024 Feb 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
CVE-2022-47348 1Google 1Android Mar 26, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
CVE-2022-47347 1Google 1Android Mar 25, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
CVE-2022-47346 1Google 1Android Mar 25, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
CVE-2022-47345 1Google 1Android Mar 26, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
CVE-2022-47344 1Google 1Android Mar 26, 2025 Feb 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.

Previous 1...141516...29 Next