CWE-680

Integer Overflow to Buffer Overflow

Parent: CWE-190 - Integer Overflow or Wraparound

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

104 vulnerabilities with CWE-680
CVE-2024-21470 HIGH
Qualcomm AQT1000 and FastConnect Firmware - Memory Corruption via Graphics Memory Allocation
CVSS 8.4
CVE-2024-21454 HIGH
Qualcomm C-V2X 9150 Firmware - Denial of Service via ToBeSignedMessage Decoding
CVSS 7.5
CVE-2024-2608 HIGH
Firefox <124, Firefox ESR <115.9, Thunderbird <115.9 - Buffer Overflow
CVSS 8.4
CVE-2024-24478 HIGH
Wireshark < 4.2.0 - Denial of Service via BGP Packet Dissection
CVSS 7.5
CVE-2023-33022 HIGH
Qualcomm 315 5G IoT Modem Firmware - Memory Corruption via HLOS IOCTL Calls
CVSS 8.4
CVE-2023-33018 HIGH
Qualcomm 315 5G IoT Modem Firmware - Memory Corruption via UIM Diag Command
CVSS 7.8
CVE-2023-28585 HIGH
Qualcomm 315 5G IoT Modem Firmware - Memory Corruption in TEE Kernel ELF Segment Loading
CVSS 8.2
CVE-2023-22305 MEDIUM
Intel Aptio V UEFI Firmware Integrator Tools - Authenticated Denial of Service via Integer Overflow
CVSS 6.5
CVE-2023-37536 HIGH
Xerces-C++ 3.2.3 - Integer Overflow via HTTP Request
CVSS 8.2
CVE-2023-21644 MEDIUM
Qualcomm RIL Firmware - Memory Corruption
CVSS 6.7
CVE-2023-21648 MEDIUM
Qualcomm RIL Firmware - Memory Corruption
CVSS 6.7
CVE-2023-22443 MEDIUM
Intel(R) Server Board BMC <2.90 - DoS
CVSS 6.0
CVE-2022-36765 HIGH
EDK2 < 202311 - Buffer Overflow via CreateHob Function Integer Overflow
CVSS 7.0
CVE-2022-24834 HIGH
Redis 2.6.0-6.0.19 - Authenticated Heap-based Buffer Overflow via Lua Script Execution
CVSS 7.0
CVE-2022-33296 MEDIUM
Qualcomm Modem Firmware - Memory Corruption via Integer Overflow
CVSS 5.9
CVE-2022-33282 HIGH
Automotive Multimedia - Buffer Overflow
CVSS 8.4
CVE-2022-40530 HIGH
Qualcomm WLAN Firmware - Memory Corruption via Integer Overflow
CVSS 8.4
CVE-2022-25705 HIGH
Qualcomm APQ8009 Firmware - Memory Corruption via APDU Response Integer Overflow
CVSS 7.8
CVE-2022-33248 HIGH
User Identity Module - Buffer Overflow
CVSS 7.8
CVE-2022-35289 CRITICAL
Hermes < 0.12.0 - Remote Code Execution via Integer Overflow
CVSS 9.8
CVE-2022-32543 HIGH
ESTsoft Alyac 2.5.8.544 - Integer Overflow in OLE File Parser
CVSS 7.8
CVE-2022-29886 HIGH
ESTsoft Alyac 2.5.8.544 - Integer Overflow via OLE File Parsing
CVSS 7.8
CVE-2022-29030 MEDIUM
JT2Go, Teamcenter Visualization <13.3.0.3 - DoS
CVSS 5.5
CVE-2021-40417 CRITICAL
DaVinci Resolve - Heap-Based Buffer Overflow via DPDecoder Service File Parsing
CVSS 9.8
CVE-2021-3321 HIGH
Zephyr 2.4.0-2.4.9 - Integer Underflow in IEEE 802.15.4 Fragment Reassembly
CVSS 7.5
Details
Vulnerabilities 104
Links
MITRE CWE Entry Search this CWE With Exploits