CWE-131
205 CVEs • Abstraction: Base • Likelihood of Exploit: High
Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
CVEs (205)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00. |
1Atlantiswordprocessor 1Atlantis Word Processor Nov 21, 2024 Dec 1, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an a...Show more |
4Canonical DebianHaxx+1 more4Debian Linux Enterprise LinuxLibcurl+1 moreNov 21, 2024 Sep 5, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large tem...Show more |
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)S...Show more |
In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system pr...Show more |
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file tha...Show more |
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372. |
2Google Linux2Android Linux KernelMay 13, 2026 May 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High bec...Show more |
1Microsoft 8Windows 10 Windows 7Windows 8.1+5 moreMay 13, 2026 Apr 12, 2017 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially craft...Show more |
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first req...Show more |
5Debian F5Gnu+2 more15Arx Firmware Debian LinuxEnterprise Linux Desktop+12 moreMay 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN....Show more |
4Apple CanonicalFedoraproject+1 more5Fedora Mac Os XMac Os X Server+2 moreApr 23, 2026 May 5, 2008 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbit...Show more |
2Debian Invisible Island2Debian Linux LynxApr 16, 2026 Oct 17, 2005 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escap...Show more |
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM s...Show more |
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengt...Show more |
6Apache HpOpenpkg+3 more6Hp Ux Http ServerOpenpkg+3 moreApr 16, 2026 Feb 9, 2005 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a lengt...Show more |
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. |
1Oracle 7Application Server Collaboration SuiteDatabase Server+4 moreApr 16, 2026 Aug 4, 2004 N/A· v4 9.8 CRITICAL· v3 7.2 HIGH· v2 Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. |
2Debian Heimdal Project2Debian Linux HeimdalApr 16, 2026 Jul 7, 2004 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. |
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expa...Show more |