← Back
CWE-131

205 CVEs • Abstraction: Base • Likelihood of Exploit: High

Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

JSON object

Loading...

CVEs (205)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
2Apple
Cyrusimap
3Cyrus Sasl
Mac Os XMac Os X Server
Apr 16, 2026
Dec 18, 2002
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) charact...Show more
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.Show less
2Debian
Sudo Project
2Debian Linux
Sudo
Apr 16, 2026
May 16, 2002
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly...Show more
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.Show less
1Microsoft
1Internet Information Server
Apr 16, 2026
Jun 27, 2001
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
3Hp
OracleSgi
3Hp Ux
IrixSolaris
Apr 16, 2026
Jun 18, 2001
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
2Hp
Sgi
2Hp Ux
Irix
Apr 16, 2026
Jun 18, 2001
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.