Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0495

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 Jan, 2011 | 18:00
Updated At-06 Aug, 2024 | 21:58
Rejected At-
Credits

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 Jan, 2011 | 18:00
Updated At:06 Aug, 2024 | 21:58
Rejected At:
▼CVE Numbering Authority (CNA)

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2011/0159
vdb-entry
x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
vendor-advisory
x_refsource_FEDORA
http://downloads.asterisk.org/pub/security/AST-2011-001.html
x_refsource_CONFIRM
http://secunia.com/advisories/43373
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0449
vdb-entry
x_refsource_VUPEN
http://osvdb.org/70518
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/bid/45839
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2011/0281
vdb-entry
x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2011/dsa-2171
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/43119
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
vdb-entry
x_refsource_XF
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
x_refsource_MISC
http://www.securityfocus.com/archive/1/515781/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/42935
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0159
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2011-001.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/43373
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0449
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://osvdb.org/70518
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/bid/45839
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2011/0281
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2011/dsa-2171
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/43119
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/515781/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/42935
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2011/0159
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://downloads.asterisk.org/pub/security/AST-2011-001.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/43373
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/0449
vdb-entry
x_refsource_VUPEN
x_transferred
http://osvdb.org/70518
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/bid/45839
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2011/0281
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2011/dsa-2171
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/43119
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
vdb-entry
x_refsource_XF
x_transferred
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/515781/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/42935
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0159
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2011-001.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/43373
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0449
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://osvdb.org/70518
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/45839
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0281
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2171
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/43119
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/515781/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/42935
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Jan, 2011 | 19:00
Updated At:29 Apr, 2026 | 01:13

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.0MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.0
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CPE Matches
Digium, Inc.
digium
>>asterisk>>Versions before c.3.6.2(exclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:*
Digium, Inc.
digium
>>asterisk>>Versions from 1.2.0(inclusive) to 1.2.40(inclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>Versions from 1.4.0(inclusive) to 1.4.38.1(exclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>Versions from 1.4.39(inclusive) to 1.4.39.1(exclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>Versions from 1.6.1(inclusive) to 1.6.1.21(exclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>Versions from 1.6.2(inclusive) to 1.6.2.15.1(exclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>Versions from 1.6.2.16(inclusive) to 1.6.2.16.1(exclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>Versions from 1.8.0(inclusive) to 1.8.1.2(exclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>Versions from 1.8.2(inclusive) to 1.8.2.2(exclusive)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisknow>>1.5
cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>13
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>14
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Digium, Inc.
digium
>>s800i_firmware>>1.2.0
cpe:2.3:o:digium:s800i_firmware:1.2.0:*:*:*:*:*:*:*
Digium, Inc.
digium
>>s800i>>-
cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diffcve@mitre.org
Patch
Vendor Advisory
http://downloads.asterisk.org/pub/security/AST-2011-001.htmlcve@mitre.org
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.htmlcve@mitre.org
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.htmlcve@mitre.org
Third Party Advisory
http://osvdb.org/70518cve@mitre.org
Broken Link
http://secunia.com/advisories/42935cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/43119cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/43373cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2011/dsa-2171cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/archive/1/515781/100/0/threadedcve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/45839cve@mitre.org
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2011/0159cve@mitre.org
Permissions Required
http://www.vupen.com/english/advisories/2011/0281cve@mitre.org
Permissions Required
http://www.vupen.com/english/advisories/2011/0449cve@mitre.org
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831cve@mitre.org
Third Party Advisory
VDB Entry
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diffaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://downloads.asterisk.org/pub/security/AST-2011-001.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://osvdb.org/70518af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/42935af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/43119af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/43373af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2011/dsa-2171af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/515781/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/45839af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2011/0159af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2011/0281af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2011/0449af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2011-001.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://osvdb.org/70518
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/42935
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/43119
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/43373
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2171
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/515781/100/0/threaded
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/45839
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2011/0159
Source: cve@mitre.org
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2011/0281
Source: cve@mitre.org
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2011/0449
Source: cve@mitre.org
Resource:
Permissions Required
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2011-001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://osvdb.org/70518
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/42935
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/43119
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/43373
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2171
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/515781/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/45839
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2011/0159
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2011/0281
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2011/0449
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

1340Records found
CVE-2022-2000
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.33% / 56.09%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in vim/vim

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectApple Inc.VimDebian GNU/Linux
Product-fedoradebian_linuxvimmacosvim/vim
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1160
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.59% / 69.22%
||
7 Day CHG+0.45%
Published-30 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
heap buffer overflow in get_one_sourceline in vim/vim

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2887
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.66% / 82.14%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.

Action-Not Available
Vendor-libsdlDebian GNU/LinuxTalos (Cisco Systems, Inc.)
Product-debian_linuxsdl_imageSimple Direct Media
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1270
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.73%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 00:00
Updated-21 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-graphicsmagickdebian_linuxGraphicsMagick
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2620
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-2.41% / 85.17%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Action-Not Available
Vendor-Debian GNU/LinuxXen ProjectRed Hat, Inc.QEMUCitrix (Cloud Software Group, Inc.)
Product-enterprise_linux_serverxenserverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationqemuopenstackenterprise_linux_desktopxenQemu:
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-0995
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-21.07% / 95.68%
||
7 Day CHG+6.63%
Published-25 Mar, 2022 | 18:03
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-h300eh500sh615c_firmwareh300s_firmwareh410c_firmwareh410sh610c_firmwareh610s_firmwareh300sh300e_firmwareh610slinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh410ch700e_firmwareh615ch700sh610ckernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0629
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.94% / 83.54%
||
7 Day CHG~0.00%
Published-17 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-vimdebian_linuxmacosfedoravim/vim
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1015
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.6||MEDIUM
EPSS-1.48% / 81.09%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 00:00
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-fedoralinux_kernelkernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0583
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 22.93%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxWireshark Foundation
Product-fedoradebian_linuxwiresharkWireshark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0213
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 34.89%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 00:00
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-VimDebian GNU/Linux
Product-debian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0500
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.54%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:03
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-h300eh500sh300s_firmwareh410c_firmwareh410sh300sh300e_firmwarelinux_kernelh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh410ch700e_firmwareh700skernel
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0367
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.90%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 14:03
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

Action-Not Available
Vendor-libmodbusn/aFedora ProjectDebian GNU/Linux
Product-libmodbusdebian_linuxextra_packages_for_enterprise_linuxfedoralibmodbus
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0361
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.12% / 30.15%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2835
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.68% / 71.66%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.

Action-Not Available
Vendor-FreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxFreeRDP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0104
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.68% / 71.63%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 23:35
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0714
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.31% / 54.48%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-vimdebian_linuxmacosfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0100
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.69% / 71.85%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 23:35
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0158
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.23% / 45.31%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 15:25
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimApple Inc.
Product-fedoramacosvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0261
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.69%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-mac_os_xdebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0194
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-10.61% / 93.33%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.

Action-Not Available
Vendor-netatalkNetatalkDebian GNU/Linux
Product-netatalkdebian_linuxNetatalk
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5493
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.84%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLCCanonical Ltd.
Product-chromeubuntu_linuxfedoraChromechrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0101
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.78% / 73.75%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 23:35
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0676
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.76%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 00:05
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in radareorg/radare2

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

Action-Not Available
Vendor-Fedora ProjectRadare2 (r2)
Product-fedoraradare2radareorg/radare2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0713
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 56.89%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 18:30
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in radareorg/radare2

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

Action-Not Available
Vendor-Fedora ProjectRadare2 (r2)
Product-fedoraradare2radareorg/radare2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0572
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.20% / 79.03%
||
7 Day CHG~0.00%
Published-13 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectApple Inc.VimDebian GNU/Linux
Product-fedoradebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0408
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.24% / 46.86%
||
7 Day CHG~0.00%
Published-30 Jan, 2022 | 00:00
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0318
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.6||MEDIUM
EPSS-0.20% / 41.99%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 00:00
Updated-15 Nov, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-debian_linuxmacosvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0392
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 28.34%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0417
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.36% / 57.94%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0359
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 30.67%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0943
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.21% / 43.75%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow occurs in vim in vim/vim

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-vimdebian_linuxmacosfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0135
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.39%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 00:00
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

Action-Not Available
Vendor-virglrenderer_projectn/aDebian GNU/LinuxRed Hat, Inc.
Product-virglrendererdebian_linuxenterprise_linuxvirglrenderer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18922
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.87% / 91.42%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 11:00
Updated-05 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

Action-Not Available
Vendor-libvncserver_projectn/aSiemens AGCanonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaresimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwarefedorasimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32292
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.94% / 83.53%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/Linux
Product-connmandebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3623
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 16.34%
||
7 Day CHG~0.00%
Published-02 Mar, 2022 | 22:02
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-libtpms_projectn/aRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoralibtpmslibtpms
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5499
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.88%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 23:02
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-47489
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.47%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 08:19
Updated-18 Nov, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm/amdgpu: Fix even more out of bound writes from debugfs

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix even more out of bound writes from debugfs CVE-2021-42327 was fixed by: commit f23750b5b3d98653b31d4469592935ef6364ad67 Author: Thelford Williams <tdwilliamsiv@gmail.com> Date: Wed Oct 13 16:04:13 2021 -0400 drm/amdgpu: fix out of bounds write but amdgpu_dm_debugfs.c contains more of the same issue so fix the remaining ones. v2: * Add missing fix in dp_max_bpc_write (Harry Wentland)

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18926
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-2.91% / 86.44%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 17:48
Updated-05 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

Action-Not Available
Vendor-librdfn/aDebian GNU/LinuxFedora Project
Product-debian_linuxraptor_rdf_syntax_libraryfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-17785
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.59%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GIMP
Product-gimpubuntu_linuxdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-17789
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.93% / 76.22%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.GIMP
Product-gimpubuntu_linuxdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45909
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.99%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 00:02
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.

Action-Not Available
Vendor-gif2apng_projectn/aDebian GNU/Linux
Product-gif2apngdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45911
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.99%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 00:01
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.

Action-Not Available
Vendor-gif2apng_projectn/aDebian GNU/Linux
Product-gif2apngdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45417
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.10%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Action-Not Available
Vendor-advanced_intrusion_detection_environment_projectn/aCanonical Ltd.Red Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoravirtualization_hostenterprise_linuxovirt-nodeadvanced_intrusion_detection_environmentn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-36518
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.64%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 00:00
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxNetApp, Inc.FasterXML, LLC.
Product-financial_services_analytical_applications_infrastructurecommunications_cloud_native_core_network_slice_selection_functionfinancial_services_enterprise_case_managementcommunications_cloud_native_core_service_communication_proxysnap_creator_frameworkspatial_studiofinancial_services_behavior_detection_platformdebian_linuxcommunications_cloud_native_core_unified_data_repositoryfinancial_services_crime_and_compliance_management_studioglobal_lifecycle_management_nextgen_oui_frameworkglobal_lifecycle_management_opatchcoherenceoncommand_insighthealth_sciences_empirica_signalretail_sales_auditbig_data_spatial_and_graphprimavera_gatewaysd-wan_edgeprimavera_p6_enterprise_project_portfolio_managementcommerce_platformcommunications_cloud_native_core_security_edge_protection_proxyprimavera_unifierpeoplesoft_enterprise_peopletoolsoncommand_workflow_automationfinancial_services_trade-based_anti_money_launderingutilities_frameworkweblogic_serveractive_iq_unified_managercommunications_billing_and_revenue_managementcommunications_cloud_native_core_consolecommunications_cloud_native_core_binding_support_functioncloud_insights_acquisition_unitgraph_server_and_clientcommunications_cloud_native_core_network_repository_functionjackson-databindn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45910
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.99%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 00:02
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.

Action-Not Available
Vendor-gif2apng_projectn/aDebian GNU/Linux
Product-gif2apngdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-17806
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.31%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Linux Kernel Organization, IncSUSEopenSUSE
Product-linux_enterprise_desktoplinux_kernellinux_enterprise_serverleapdebian_linuxlinux_enterprise_server_for_raspberry_piubuntu_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45958
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 52.05%
||
7 Day CHG~0.00%
Published-31 Dec, 2021 | 23:52
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Action-Not Available
Vendor-ultrajson_projectn/aDebian GNU/LinuxFedora Project
Product-debian_linuxultrajsonfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-17480
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.92% / 88.36%
||
7 Day CHG~0.00%
Published-08 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

Action-Not Available
Vendor-uclouvainn/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxopenjpegn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-53104
Matching Score-6
Assigner-kernel.org
ShareView Details
Matching Score-6
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-14.40% / 94.45%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 07:29
Updated-04 Nov, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-26||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinuxKernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45942
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.45%
||
7 Day CHG~0.00%
Published-31 Dec, 2021 | 00:00
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxFedora Project
Product-openexrdebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 26
  • 27
  • Next
Details not found