CWE-120— Buffer Copy without Checking Size (Classic Buffer Overflow)
4,160 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-120page 15 of 84
- CVE-2020-22219HIGHCVSS 7.8EG 9.82023-08-22
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.
- CVE-2020-22283HIGHCVSS 7.5EG 7.52021-07-22
A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet.
- CVE-2020-22284HIGHCVSS 7.5EG 7.52021-07-22
A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet.
- CVE-2020-22524MEDIUMCVSS 6.5EG 6.52023-08-22
Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.
- CVE-2020-22628MEDIUMCVSS 6.5EG 6.52023-08-22
Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.
- CVE-2020-22845HIGHCVSS 7.5EG 7.52022-02-28
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
- CVE-2020-22873CRITICALCVSS 9.8EG 9.82021-07-13
Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.
- CVE-2020-22876HIGHCVSS 7.5EG 7.52021-07-13
Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release.
- CVE-2020-22884CRITICALCVSS 9.8EG 9.82021-07-13
Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.
- CVE-2020-22885HIGHCVSS 7.5EG 7.52021-07-13
Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.
- CVE-2020-22886HIGHCVSS 7.5EG 7.52021-07-13
Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.
- CVE-2020-23109HIGHCVSS 8.1EG 8.12021-11-03
Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.
- CVE-2020-23257HIGHCVSS 7.5EG 7.52023-04-04
Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.
- CVE-2020-23679CRITICALCVSS 9.8EG 9.82021-11-03
Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.
- CVE-2020-23705MEDIUMCVSS 6.5EG 6.52021-07-15
A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.
- CVE-2020-23884MEDIUMCVSS 5.5EG 5.52021-11-10
A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file.
- CVE-2020-23890MEDIUMCVSS 5.5EG 5.52021-11-10
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+…
- CVE-2020-23900MEDIUMCVSS 5.5EG 5.52021-11-10
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.
- CVE-2020-23902MEDIUMCVSS 5.5EG 5.52021-11-10
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x52…
- CVE-2020-24020HIGHCVSS 8.8EG 8.82021-05-26
Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.
- CVE-2020-24222HIGHCVSS 7.8EG 7.82023-08-11
Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.
- CVE-2020-24292HIGHCVSS 8.8EG 8.82023-08-22
Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
- CVE-2020-24293HIGHCVSS 8.8EG 8.82023-08-22
Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
- CVE-2020-24294MEDIUMCVSS 6.5EG 6.52023-08-22
Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
- CVE-2020-24295HIGHCVSS 8.8EG 8.82023-08-22
Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
- CVE-2020-24336CRITICALCVSS 9.8EG 9.82020-12-11
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an addres…
- CVE-2020-24474HIGHCVSS 8.0EG 8.02021-06-09
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
- CVE-2020-24498MEDIUMCVSS 4.4EG 4.42021-02-17
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.
- CVE-2020-24500MEDIUMCVSS 4.4EG 4.42021-02-17
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.
- CVE-2020-24501MEDIUMCVSS 6.5EG 6.52021-02-17
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
- CVE-2020-24633CRITICALCVSS 9.8EG 9.82020-12-11
There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points…
- CVE-2020-24736MEDIUMCVSS 5.5EG 5.52023-04-11
Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.
- CVE-2020-24824MEDIUMCVSS 5.5EG 5.52021-08-04
A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS).
- CVE-2020-24889HIGHCVSS 7.8EG 7.82020-09-16
A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
- CVE-2020-24918CRITICALCVSS 9.8EG 9.82021-04-30
A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authenticati…
- CVE-2020-24995HIGHCVSS 7.8EG 7.82021-03-30
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).
- CVE-2020-25125HIGHCVSS 7.8EG 7.82020-09-03
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g1…
- CVE-2020-25185HIGHCVSS 8.8EG 8.82020-11-21
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).
- CVE-2020-25211MEDIUMCVSS 6.0EG 6.02020-09-09
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilt…
- CVE-2020-25279CRITICALCVSS 9.8EG 9.82020-09-11
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung …
- CVE-2020-25577CRITICALCVSS 9.8EG 9.82021-03-29
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received pack…
- CVE-2020-25583CRITICALCVSS 9.8EG 9.82021-03-29
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in…
- CVE-2020-25756CRITICALCVSS 9.8EG 9.82020-09-18
A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice.
- CVE-2020-25887HIGHCVSS 8.8EG 8.82023-08-22
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.
- CVE-2020-25928CRITICALCVSS 9.8EG 9.82021-08-18
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The at…
- CVE-2020-25969CRITICALCVSS 9.8EG 9.82023-07-05
gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().
- CVE-2020-26154CRITICALCVSS 9.8EG 9.82020-09-30
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
- CVE-2020-26422LOWCVSS 3.7EG 5.32020-12-21
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
- CVE-2020-26759CRITICALCVSS 9.8EG 9.82021-01-06
clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
- CVE-2020-27372CRITICALCVSS 9.8EG 9.82021-10-11
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
Map vulnerabilities like CWE-120 to your infrastructure
EchelonGraph correlates every CVE — across CWE-120 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →