CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,999 vulnerabilities with CWE-119
CVE-2017-0238 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-0236 HIGH
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-0235 HIGH
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-0234 HIGH
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-0230 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-0229 HIGH
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 7.5
CVE-2017-0228 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-0227 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2017-0226 HIGH
Internet Explorer - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2017-0224 HIGH
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 7.5
CVE-2017-0221 HIGH
Microsoft Edge - Memory Corruption
CVSS 7.5
CVE-2017-8798 CRITICAL
MiniUPnP MiniUPnPc 1.4.20101221-2.0 - Denial of Service via Integer Signedness Error
CVSS 9.8
CVE-2017-8852 HIGH
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow via Crafted CAR Archive
CVSS 7.8
CVE-2017-8854 HIGH
wolfSSL < 3.10.2 - Buffer Overflow via Malformed DH Parameter File
CVSS 7.8
CVE-2017-7967 MEDIUM
Schneider Electric VAMPSET < 2.2.189 - Memory Corruption via Malformed VF2 File
CVSS 5.5
CVE-2017-0290 HIGH
Microsoft Malware Protection Engine < 1.1.13701.0 - Remote Code Execution via Crafted File Scan
CVSS 7.8
CVE-2017-6953 HIGH
Gemalto SmartDiag Diagnosis Tool v2.5 - Buffer Overflow
CVSS 7.8
CVE-2017-8844 HIGH
long_range_zip 0.631 - Heap-Based Buffer Overflow in read_1g Function
CVSS 7.8
CVE-2017-8786 CRITICAL
PCRE2 10.23 - Heap-Based Buffer Overflow via Crafted Regular Expression
CVSS 9.8
CVE-2017-5240 HIGH
Rapid7 AppSpider Pro <6.14.06 - Buffer Overflow
CVSS 7.5
CVE-2017-7476 CRITICAL
Gnulib <2017-04-26 - Buffer Overflow
CVSS 9.8
CVE-2017-8419 HIGH
LAME < 3.99.5 - Denial of Service via Crafted WAV or AIFF Header
CVSS 7.8
CVE-2017-8399 CRITICAL
PCRE2 < 10.30 - Out-of-Bounds Write via Stack-Based Buffer Overflow in pcre2_match.c
CVSS 9.8
CVE-2017-8398 HIGH
GNU Binutils 2.28 - Denial of Service via Corrupt Binary Debug Information
CVSS 7.5
CVE-2017-8397 HIGH
GNU Binutils 2.28 - Denial of Service via Corrupt Binary with Negative Relocation Addresses
CVSS 7.5
Details
Vulnerabilities 13,999
Exploit Likelihood High