← Back
CWE-131

205 CVEs • Abstraction: Base • Likelihood of Exploit: High

Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

JSON object

Loading...

CVEs (205)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
2Fedoraproject
Redis
2Fedora
Redis
Jun 17, 2026
Jul 11, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random hea...Show more
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.Show less
1Apache
1Guacamole
Jun 17, 2026
Jun 7, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the ha...Show more
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data. Show less
1Silabs
1Gecko Software Development Kit
Jun 17, 2026
Jun 2, 2023
N/A· v4
3.3 LOW· v3
N/A· v2
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.
1Riot Os
1Riot
Jun 17, 2026
Apr 24, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device res...Show more
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.Show less
1Qualcomm
12Mdm8207 Firmware
Mdm9205 FirmwareMdm9206 Firmware+9 more
Jun 17, 2026
Apr 13, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
memory corruption in modem due to improper check while calculating size of serialized CoAP message
1Qualcomm
13Mdm8207 Firmware
Mdm9205 FirmwareMdm9206 Firmware+10 more
Jun 17, 2026
Apr 13, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Information disclosure in modem due to buffer over-read while processing packets from DNS server
1Google
1Android
Jun 17, 2026
Mar 7, 2023
N/A· v4
6.7 MEDIUM· v3
N/A· v2
In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploita...Show more
In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585.Show less
1Vim
1Vim
Jun 17, 2026
Mar 4, 2023
N/A· v4
6.6 MEDIUM· v3
N/A· v2
Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.
1Php
1Php
Jun 17, 2026
Feb 16, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lea...Show more
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.Show less
1Linux
1Linux Kernel
Jun 17, 2026
Jan 5, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the...Show more
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.Show less
1Google
1Android
Jun 17, 2026
Jan 3, 2023
N/A· v4
6.7 MEDIUM· v3
N/A· v2
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: AL...Show more
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225857; Issue ID: ALPS07225857.Show less
1Google
1Android
Jun 17, 2026
Jan 3, 2023
N/A· v4
6.7 MEDIUM· v3
N/A· v2
In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: AL...Show more
In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225853; Issue ID: ALPS07225853.Show less
1Google
1Android
Jun 17, 2026
Jan 3, 2023
N/A· v4
6.7 MEDIUM· v3
N/A· v2
In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0...Show more
In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225840; Issue ID: ALPS07225840.Show less
1Google
1Android
Jun 17, 2026
Dec 5, 2022
N/A· v4
6.7 MEDIUM· v3
N/A· v2
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee...Show more
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966.Show less
1Google
1Android
Jun 17, 2026
Dec 5, 2022
N/A· v4
6.7 MEDIUM· v3
N/A· v2
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee...Show more
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923.Show less
1Google
1Tensorflow
Jun 17, 2026
Nov 18, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690...Show more
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.Show less
1Google
1Tensorflow
Jun 17, 2026
Nov 18, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`...Show more
TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9.Show less
1Google
1Tensorflow
Jun 17, 2026
Nov 18, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a316...Show more
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.Show less
1Google
1Tensorflow
Jun 17, 2026
Nov 18, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a10...Show more
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.Show less
1Php
1Php
Jun 17, 2026
Nov 14, 2022
N/A· v4
7.1 HIGH· v3
N/A· v2
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() functio...Show more
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. Show less