CWE-120— Buffer Copy without Checking Size (Classic Buffer Overflow)
4,158 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-120page 1 of 84
- CVE-1999-0038HIGHCVSS 8.4EG 8.41997-04-26
Buffer overflow in xlock program allows local users to execute commands as root.
- CVE-1999-0046NONECVSS 0.0EG 0.01997-02-06
Buffer overflow of rlogin program using TERM environmental variable.
- CVE-1999-0284NONECVSS 0.0EG 0.01998-01-01
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
- CVE-1999-0385NONECVSS 0.0EG 0.01998-12-01
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
- CVE-1999-0945NONECVSS 0.0EG 0.02001-03-12
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.
- CVE-1999-1237NONECVSS 0.0EG 0.01999-06-06
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) o…
- CVE-2000-0546NONECVSS 0.0EG 0.02000-06-09
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
- CVE-2000-0547NONECVSS 0.0EG 0.02000-06-09
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
- CVE-2000-0548NONECVSS 0.0EG 0.02000-06-09
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
- CVE-2000-1094NONECVSS 0.0EG 0.02001-01-09
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
- CVE-2000-1216NONECVSS 0.0EG 0.02000-01-27
Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine.
- CVE-2001-0191NONECVSS 0.0EG 0.02001-05-03
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentica…
- CVE-2001-0554NONECVSS 0.0EG 0.02001-08-14
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
- CVE-2001-1323NONECVSS 0.0EG 0.02001-05-16
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function proc…
- CVE-2002-0062NONECVSS 0.0EG 0.02002-03-08
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
- CVE-2002-0698NONECVSS 0.0EG 0.02002-08-12
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which trigger…
- CVE-2002-0969HIGHCVSS 7.8EG 7.82002-10-11
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on W…
- CVE-2003-0358NONECVSS 0.0EG 0.02003-06-09
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
- CVE-2003-0595NONECVSS 0.0EG 0.02003-08-27
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.
- CVE-2003-0947NONECVSS 0.0EG 0.02003-12-15
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
- CVE-2003-1228NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP r…
- CVE-2003-1387NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.
- CVE-2003-1388NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
- CVE-2004-0150NONECVSS 0.0EG 0.02004-04-15
Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.
- CVE-2004-0210HIGHCVSS 7.8EG 9.0⚠ KEV2004-08-06
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
- CVE-2004-0455NONECVSS 0.0EG 0.02004-12-06
Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.
- CVE-2004-0747HIGHCVSS 7.8EG 7.82004-10-20
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
- CVE-2005-1987NONECVSS 0.0EG 0.02005-10-13
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, a…
- CVE-2006-0963NONECVSS 0.0EG 0.02006-03-02
Multiple buffer overflows in STLport 5.0.2 might allow local users to execute arbitrary code via (1) long locale environment variables to a strcpy function call in c_locale_glibc2.c and (2) long arguments to unspecified functions in num_pu…
- CVE-2006-2492HIGHCVSS 8.8EG 9.0⚠ KEV2006-05-20
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally r…
- CVE-2006-2935NONECVSS 0.0EG 0.02006-07-05
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Stor…
- CVE-2006-3100CRITICALCVSS 9.8EG 9.82019-11-06
termpkg 3.3 suffers from buffer overflow.
- CVE-2006-3404NONECVSS 0.0EG 0.02006-07-06
Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes valu…
- CVE-2007-0455NONECVSS 0.0EG 0.02007-01-30
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a …
- CVE-2007-0803NONECVSS 0.0EG 0.02007-02-07
Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor."
- CVE-2007-1770NONECVSS 0.0EG 0.02007-03-30
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr…
- CVE-2007-1887NONECVSS 0.0EG 0.02007-04-06
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonst…
- CVE-2007-2809NONECVSS 0.0EG 0.02007-05-22
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same iss…
- CVE-2007-5659HIGHCVSS 7.8EG 9.0⚠ KEV2008-02-12
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-…
- CVE-2008-0379NONECVSS 0.0EG 0.02008-01-22
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSess…
- CVE-2008-1677NONECVSS 0.0EG 0.02008-05-12
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that trigg…
- CVE-2008-1887NONECVSS 0.0EG 0.02008-04-18
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expecte…
- CVE-2008-3142NONECVSS 0.0EG 0.02008-08-01
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation du…
- CVE-2008-3275MEDIUMCVSS 5.5EG 5.52008-08-12
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to ca…
- CVE-2008-3496NONECVSS 0.0EG 0.02008-08-06
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vec…
- CVE-2009-0182HIGHCVSS 8.8EG 8.82009-01-20
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.
- CVE-2009-0884NONECVSS 0.0EG 0.02009-03-12
Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets.
- CVE-2009-0948CRITICALCVSS 9.8EG 9.82021-06-02
Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.
- CVE-2009-1186NONECVSS 0.0EG 0.02009-04-17
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
- CVE-2009-2502HIGHCVSS 8.1EG 8.12009-10-14
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 G…
Map vulnerabilities like CWE-120 to your infrastructure
EchelonGraph correlates every CVE — across CWE-120 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →