CWE-131— Incorrect Calculation of Buffer Size
158 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-131page 1 of 4
- CVE-2001-0334HIGHCVSS 7.5EG 7.52001-06-27
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
- CVE-2002-0184HIGHCVSS 7.8EG 7.82002-05-16
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
- CVE-2004-0747HIGHCVSS 7.8EG 7.82004-10-20
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
- CVE-2004-0940HIGHCVSS 7.8EG 7.82005-02-09
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
- CVE-2005-0490HIGHCVSS 8.8EG 8.82005-05-02
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, wh…
- CVE-2014-3468NONECVSS 0.0EG 0.02014-06-05
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
- CVE-2017-13289HIGHCVSS 7.8EG 7.82018-04-04
In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no a…
- CVE-2017-13315HIGHCVSS 7.8EG 7.82024-11-19
In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no addi…
- CVE-2018-1000224HIGHCVSS 7.5EG 7.52018-08-20
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functi…
- CVE-2018-14618HIGHCVSS 7.5EG 9.82018-09-05
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area…
- CVE-2018-4038HIGHCVSS 7.8EG 7.82018-12-01
An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an …
- CVE-2019-10500CRITICALCVSS 9.8EG 9.82019-12-18
While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobil…
- CVE-2019-10627CRITICALCVSS 9.8EG 9.82019-11-21
Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prio…
- CVE-2019-14078HIGHCVSS 7.8EG 7.82020-06-02
Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrago…
- CVE-2019-15161MEDIUMCVSS 5.3EG 5.32019-10-03
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.
- CVE-2019-19282HIGHCVSS 7.5EG 7.52020-03-10
A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATC…
- CVE-2019-3560HIGHCVSS 7.5EG 7.52019-04-29
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.
- CVE-2019-5435LOWCVSS 3.7EG 3.72019-05-28
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
- CVE-2019-5696MEDIUMCVSS 5.5EG 5.52019-11-09
NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service.
- CVE-2020-11240HIGHCVSS 7.8EG 7.82021-06-09
Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Cons…
- CVE-2020-11901CRITICALCVSS 9.0EG 9.02020-06-17
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.
- CVE-2020-13546HIGHCVSS 7.8EG 7.82021-02-10
In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will…
- CVE-2020-13585HIGHCVSS 8.8EG 8.82021-02-10
An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vuln…
- CVE-2020-14385MEDIUMCVSS 5.5EG 5.52020-09-15
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being …
- CVE-2020-15350CRITICALCVSS 9.8EG 9.82020-07-07
RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_est…
- CVE-2020-1680MEDIUMCVSS 5.3EG 5.32020-10-16
On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating …
- CVE-2020-17087HIGHCVSS 7.8EG 9.0⚠ KEV2020-11-11
Windows Kernel Local Elevation of Privilege Vulnerability
- CVE-2020-3640HIGHCVSS 7.8EG 7.82020-09-08
u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls the function with wrong input' in Snapdragon Compute, Snapdragon Consumer IOT, Sn…
- CVE-2020-36475HIGHCVSS 7.5EG 7.52021-08-23
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service whe…
- CVE-2020-6070HIGHCVSS 7.8EG 7.82020-08-10
An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attac…
- CVE-2020-6106MEDIUMCVSS 5.5EG 5.52020-10-15
An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a maliciou…
- CVE-2020-6108HIGHCVSS 7.8EG 7.82020-10-15
An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can …
- CVE-2020-6113HIGHCVSS 7.8EG 7.82020-09-17
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application…
- CVE-2020-6116HIGHCVSS 7.8EG 7.82020-09-17
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculat…
- CVE-2020-8450HIGHCVSS 7.3EG 7.32020-02-04
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
- CVE-2021-0254CRITICALCVSS 9.8EG 9.82021-04-22
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) conditio…
- CVE-2021-1647HIGHCVSS 7.8EG 9.0⚠ KEV2021-01-12
Microsoft Defender Remote Code Execution Vulnerability
- CVE-2021-21773HIGHCVSS 7.8EG 7.82021-03-31
An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger…
- CVE-2021-21776HIGHCVSS 8.8EG 7.82021-03-31
An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to tr…
- CVE-2021-21782HIGHCVSS 8.8EG 8.82021-03-31
An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to tr…
- CVE-2021-21793HIGHCVSS 8.8EG 8.82021-07-08
An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious f…
- CVE-2021-21824CRITICALCVSS 9.8EG 7.82021-06-11
An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vuln…
- CVE-2021-22391HIGHCVSS 7.5EG 7.52021-08-02
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
- CVE-2021-22392HIGHCVSS 7.5EG 7.52021-08-02
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.
- CVE-2021-22415HIGHCVSS 7.5EG 7.52021-08-02
There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code.
- CVE-2021-27378CRITICALCVSS 9.8EG 9.82021-02-18
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.
- CVE-2021-28039MEDIUMCVSS 6.5EG 6.52021-03-05
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misu…
- CVE-2021-29521LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a segmentation fault being thrown out from the standard library as `std::vector` in…
- CVE-2021-29529LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float rounding results in off-by-one error i…
- CVE-2021-29535LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedMul` by passing in invalid thresholds for the quantization. This is because the implementation(https://github.…
Map vulnerabilities like CWE-131 to your infrastructure
EchelonGraph correlates every CVE — across CWE-131 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →