CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,031 vulnerabilities with CWE-119
CVE-2002-1357
Cisco IOS - Denial of Service via Malformed SSH Packet Length
CVE-2002-1365
fetchmail < 6.1.3 - Heap-based Buffer Overflow via Local Address Header
CVE-2002-1200
Balabit Syslog-NG <1.4.15, <1.5.20 - DoS/Code Injection
CVE-2002-1222
Cisco Catalyst <7.3 - Buffer Overflow
CVE-2002-1174
fetchmail < 6.0.0 - Buffer Overflow via Long Headers
CVE-2002-0649
Microsoft SQL Server 2000 and MSDE 2000 - Remote Code Execution via UDP Port 1434
CVE-2002-0813
Cisco IOS 11.1-11.3 - Heap-Based Buffer Overflow via TFTP Long Filename
CVE-2002-0070
Windows 2000, 98, 98SE, NT - Buffer Overflow via Custom URL Handler
CVE-2002-0053
Windows SNMP Agent - Remote Code Execution via Malformed Management Request
CVE-2001-1587
Novell NetWare - Denial of Service via Anonymous STOU Command
CVE-2001-1539
Internet Explorer - Denial of Service via JavaScript settimeout Function
CVE-2001-1582
Solaris 8 - Buffer Overflow via LDAP_OPTIONS Environment Variable
CVE-2001-0803
CDE Common Desktop Environment - Remote Code Execution via Buffer Overflow in dtspcd Client Connection Routine
CVE-2001-0819
fetchmail < 5.8.6 - Remote Code Execution via Large 'To:' Header
CVE-2001-0775
xli 1.16-1.17 - Buffer Overflow via FACES Format Image Long Name Field
CVE-2001-1456
McAfee WebShield SMTP - Remote Code Execution via Crafted Mail Message
CVE-2001-0576
SCO OpenServer 5.0-5.0.6 - Local Privilege Escalation via lpusers -u Parameter Buffer Overflow
CVE-2001-0629
HP OpenView Network Node Manager 6.1 - Buffer Overflow via ecsd -restore_config Parameter
CVE-2001-0153
Visual Studio 6.0 Enterprise Edition - Remote Code Execution via VB-TSQL Debugger Object
CVE-2000-1246
Novell NetWare FTP Server < 5.01o - Authenticated Denial of Service via RNTO Command After Failed RNFR
CVE-1999-0876
Microsoft IE - Memory Corruption
CVE-1999-1588 CRITICAL
Solaris 2.4-2.5.1 - Remote Code Execution via nlps_server Long String
CVSS 9.8
CVE-1999-0898
Windows NT 4.0 - Buffer Overflow in Print Spooler via Malformed Spooler Request
CVE-1999-0700
Microsoft Windows 2000 and NT - Buffer Overflow in Phone Dialer via Malformed dialer.ini Entry
CVE-1999-0874
Internet Information Server 4.0 - Denial of Service via Malformed .HTR/.IDC/.STM Request
Details
Vulnerabilities 14,031
Exploit Likelihood High