← Back
CWE-131

205 CVEs • Abstraction: Base • Likelihood of Exploit: High

Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

JSON object

Loading...

CVEs (205)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Google
1Android
Jun 17, 2026
Nov 8, 2022
N/A· v4
6.8 MEDIUM· v3
N/A· v2
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additiona...Show more
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454.Show less
1Google
1Android
Jun 17, 2026
Nov 8, 2022
N/A· v4
6.8 MEDIUM· v3
N/A· v2
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additiona...Show more
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364.Show less
3Debian
FedoraprojectSysstat Project
3Debian Linux
FedoraSysstat
Jun 17, 2026
Nov 8, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocat...Show more
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.Show less
2Linux
Netapp
7Active Iq Unified Manager
H300s FirmwareH410c Firmware+4 more
Jun 17, 2026
Nov 4, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote p...Show more
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HShow less
1Google
1Android
Jun 17, 2026
Oct 7, 2022
N/A· v4
6.7 MEDIUM· v3
N/A· v2
In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need...Show more
In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717.Show less
1Qualcomm
30Qca6391 Firmware
Qcm6490 FirmwareQcs6490 Firmware+27 more
Jun 17, 2026
Sep 2, 2022
N/A· v4
8.4 HIGH· v3
N/A· v2
Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
2Debian
Libtiff
2Debian Linux
Libtiff
Jun 17, 2026
Aug 31, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
1Linux
1Linux Kernel
Jun 17, 2026
Aug 24, 2022
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise...Show more
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.Show less
5Debian
FedoraprojectLinux+2 more
9Debian Linux
Enterprise LinuxFedora+6 more
Jun 17, 2026
Aug 22, 2022
N/A· v4
5.5 MEDIUM· v3
N/A· v2
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This f...Show more
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.Show less
1Rti
2Connext Professional
Connext Secure
Jun 17, 2026
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.
1Gurum
1Gurumdds
Jun 17, 2026
May 5, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.
1Accusoft
1Imagegear
Jun 17, 2026
May 3, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file...Show more
A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability.Show less
3Debian
QemuRedhat
3Debian Linux
Enterprise LinuxQemu
Jun 17, 2026
Apr 29, 2022
N/A· v4
8.2 HIGH· v3
4.6 MEDIUM· v2
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. Th...Show more
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.Show less
1Fisglobal
1Gt.m
Jun 17, 2026
Apr 15, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in...Show more
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application.Show less
1Huawei
3Emui
HarmonyosMagic Ui
Jun 17, 2026
Mar 10, 2022
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability.
1Huawei
3Emui
HarmonyosMagic Ui
Jun 17, 2026
Mar 10, 2022
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.
1Onepeloton
1Ttr01 Firmware
Jun 17, 2026
Oct 25, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflo...Show more
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton BikeShow less
3Arm
DebianSiemens
8Debian Linux
Logo! Cmr2020 FirmwareLogo! Cmr2040 Firmware+5 more
Jun 17, 2026
Aug 23, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to de...Show more
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.Show less
1Huawei
2Emui
Magic Ui
Jun 17, 2026
Aug 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code.
1Huawei
2Emui
Magic Ui
Jun 17, 2026
Aug 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.