Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-43540 1Qualcomm 29Aqt1000 Firmware Fastconnect 6200 FirmwareFastconnect 6700 Firmware+26 more Jan 10, 2025 Mar 4, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while processing the IOCTL FM HCI WRITE request.
CVE-2023-33066 1Qualcomm 307205 Mobile Firmware 215 Mobile Firmware315 5g Iot Modem Firmware+304 more Aug 11, 2025 Mar 4, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Audio while processing RT proxy port register driver.
CVE-2023-28582 1Qualcomm 42Ar8035 Firmware Fastconnect 6700 FirmwareFastconnect 6900 Firmware+39 more Jan 10, 2025 Mar 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.
CVE-2023-28578 1Qualcomm 333315 5g Iot Modem Firmware Aqt1000 FirmwareAr8031 Firmware+330 more Aug 11, 2025 Mar 4, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Core Services while executing the command for removing a single event listener.
CVE-2024-20033 1Google 1Android Apr 22, 2025 Mar 4, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...Show more In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945.Show less
CVE-2024-20031 1Google 1Android Apr 22, 2025 Mar 4, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch I...Show more In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541742.Show less
CVE-2024-20029 1Google 1Android Apr 22, 2025 Mar 4, 2024 N/A· v4 8.4 HIGH· v3 N/A· v2 In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exp...Show more In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477406; Issue ID: MSV-1010.Show less
CVE-2024-20028 1Google 1Android Apr 22, 2025 Mar 4, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch I...Show more In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541687.Show less
CVE-2024-20027 1Google 1Android Apr 22, 2025 Mar 4, 2024 N/A· v4 7.9 HIGH· v3 N/A· v2 In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation....Show more In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541633.Show less
CVE-2024-20024 1Google 1Android Apr 22, 2025 Mar 4, 2024 N/A· v4 6.0 MEDIUM· v3 N/A· v2 In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Pat...Show more In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635.Show less
CVE-2024-20023 4Google LinuxfoundationOpenwrt+1 more 4Android OpenwrtRdk B+1 more Apr 22, 2025 Mar 4, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Pat...Show more In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.Show less
CVE-2024-20020 1Google 1Android Mar 28, 2025 Mar 4, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...Show more In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.Show less
CVE-2024-20018 1Mediatek 1Software Development Kit Apr 22, 2025 Mar 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...Show more In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00348479; Issue ID: MSV-1019.Show less
CVE-2024-20017 2Mediatek Openwrt 2Openwrt Software Development Kit May 5, 2025 Mar 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for explo...Show more In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.Show less
CVE-2023-52531 1Linux 1Linux Kernel Dec 11, 2024 Mar 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee8021...Show more In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof(struct ieee80211_rate) 'mvm->nvm_data' is a 'struct iwl_nvm_data', so it is fine. At the end of this structure, there is the 'channels' flex array. Each element is of type 'struct ieee80211_channel'. So only 1 element is allocated in this array. When doing: mvm->nvm_data->bands[0].channels = mvm->nvm_data->channels; We point at the first element of the 'channels' flex array. So this is fine. However, when doing: mvm->nvm_data->bands[0].bitrates = (void )((u8 )mvm->nvm_data->channels + 1); because of the "(u8 *)" cast, we add only 1 to the address of the beginning of the flex array. It is likely that we want point at the 'struct ieee80211_rate' allocated just after. Remove the spurious casting so that the pointer arithmetic works as expected.Show less
CVE-2023-52512 1Linux 1Linux Kernel Mar 19, 2025 Mar 2, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl->gpio_bank' happens before the check for GPIO index validity, so out of bounds wr...Show more In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl->gpio_bank' happens before the check for GPIO index validity, so out of bounds write may happen. Found by Linux Verification Center (linuxtesting.org) with SVACE.Show less
CVE-2022-48627 2Debian Linux 2Debian Linux Linux Kernel Apr 29, 2025 Mar 2, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy...Show more In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministic. Fix this problem by using replacing the scr_memcpyw with scr_memmovew.Show less
CVE-2023-7244 1Cisa 1Icsnpp Ethercat Nov 21, 2024 Mar 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packet...Show more Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution. Show less
CVE-2023-7243 1Cisa 1Icsnpp Ethercat Nov 21, 2024 Mar 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an at...Show more Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution. Show less
CVE-2024-27570 1Libtor 1Lbt T300 T390 Firmware Apr 30, 2025 Mar 1, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PO...Show more LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less

Previous 1...189190191...706 Next