Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0984

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Feb, 2011 | 18:00
Updated At-06 Aug, 2024 | 22:14
Rejected At-
Credits

Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Feb, 2011 | 18:00
Updated At:06 Aug, 2024 | 22:14
Rejected At:
▼CVE Numbering Authority (CNA)

Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/43368
third-party-advisory
x_refsource_SECUNIA
http://code.google.com/p/chromium/issues/detail?id=69970
x_refsource_CONFIRM
http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html
x_refsource_CONFIRM
http://www.srware.net/forum/viewtopic.php?f=18&t=2190
x_refsource_CONFIRM
http://secunia.com/advisories/43342
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14719
vdb-entry
signature
x_refsource_OVAL
http://www.debian.org/security/2011/dsa-2166
vendor-advisory
x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2011/0408
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/46262
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/43368
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=69970
Resource:
x_refsource_CONFIRM
Hyperlink: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.srware.net/forum/viewtopic.php?f=18&t=2190
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/43342
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14719
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.debian.org/security/2011/dsa-2166
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.vupen.com/english/advisories/2011/0408
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/46262
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/43368
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://code.google.com/p/chromium/issues/detail?id=69970
x_refsource_CONFIRM
x_transferred
http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html
x_refsource_CONFIRM
x_transferred
http://www.srware.net/forum/viewtopic.php?f=18&t=2190
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/43342
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14719
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.debian.org/security/2011/dsa-2166
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.vupen.com/english/advisories/2011/0408
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/46262
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/43368
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=69970
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.srware.net/forum/viewtopic.php?f=18&t=2190
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/43342
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14719
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2166
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0408
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/46262
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Feb, 2011 | 19:00
Updated At:29 Apr, 2026 | 01:13

Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Google LLC
google
>>chrome>>Versions before 9.0.597.94(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://code.google.com/p/chromium/issues/detail?id=69970cve@mitre.org
Issue Tracking
Patch
Vendor Advisory
http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.htmlcve@mitre.org
Vendor Advisory
http://secunia.com/advisories/43342cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/43368cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2011/dsa-2166cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/46262cve@mitre.org
Third Party Advisory
VDB Entry
http://www.srware.net/forum/viewtopic.php?f=18&t=2190cve@mitre.org
Patch
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0408cve@mitre.org
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14719cve@mitre.org
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=69970af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Vendor Advisory
http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/43342af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/43368af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2011/dsa-2166af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/46262af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.srware.net/forum/viewtopic.php?f=18&t=2190af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0408af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14719af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=69970
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43342
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/43368
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2166
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/46262
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.srware.net/forum/viewtopic.php?f=18&t=2190
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0408
Source: cve@mitre.org
Resource:
Permissions Required
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14719
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=69970
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43342
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/43368
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2166
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/46262
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.srware.net/forum/viewtopic.php?f=18&t=2190
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0408
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14719
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3212Records found

CVE-2013-0888
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.56% / 72.17%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-5130
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.46% / 70.40%
||
7 Day CHG~0.00%
Published-28 Nov, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-4428
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.57% / 94.88%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 17:41
Updated-06 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

Action-Not Available
Vendor-openslpopenslp-dfsgCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxopenslpdebian_linuxfedoraopenslp-dfsg
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-3908
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.70% / 74.36%
||
7 Day CHG~0.00%
Published-13 Dec, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-3905
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.59% / 72.62%
||
7 Day CHG~0.00%
Published-13 Dec, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Google LLC
Product-debian_linuxenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopenterprise_linux_server_euschromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-2864
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.30% / 66.84%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-2850
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.26% / 66.12%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-2851
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.30% / 66.84%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-31001
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-2.02% / 78.61%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 00:00
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.

Action-Not Available
Vendor-signalwirefreeswitchDebian GNU/Linux
Product-sofia-sipdebian_linuxsofia-sip
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-1120
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.53% / 71.75%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71717.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-1122
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.53% / 71.75%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-31002
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.80% / 75.85%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 00:00
Updated-22 Apr, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in Sofia-SIP

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.

Action-Not Available
Vendor-signalwirefreeswitchDebian GNU/Linux
Product-sofia-sipdebian_linuxsofia-sip
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-17935
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.96% / 85.52%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 07:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14513
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.70% / 74.48%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 20:47
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

Action-Not Available
Vendor-thekelleysn/aDebian GNU/Linux
Product-debian_linuxdnsmasqn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-20387
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.34% / 81.53%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 22:54
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

Action-Not Available
Vendor-n/aDebian GNU/LinuxopenSUSE
Product-libsolvdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10895
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.80% / 92.22%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 03:50
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxCanonical Ltd.Fedora ProjectopenSUSE
Product-ubuntu_linuxdebian_linuxfedorawiresharkleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10903
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.59% / 91.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 03:53
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxCanonical Ltd.Fedora ProjectopenSUSE
Product-ubuntu_linuxdebian_linuxfedorawiresharkleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10899
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.59% / 91.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 03:52
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxCanonical Ltd.Fedora ProjectopenSUSE
Product-ubuntu_linuxdebian_linuxfedorawiresharkleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-13765
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.79% / 84.67%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 09:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20698
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.06% / 86.00%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 05:15
Updated-06 Nov, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Denial of Service Vulnerability

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Canonical Ltd.ClamAVCisco Systems, Inc.Debian GNU/Linux
Product-ubuntu_linuxclamavdebian_linuxClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9989
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.17% / 80.09%
||
7 Day CHG+0.09%
Published-10 Apr, 2018 | 19:00
Updated-05 Jun, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

Action-Not Available
Vendor-trustedfirmwaren/aArm LimitedDebian GNU/Linux
Product-debian_linuxmbed_tlsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9988
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.11% / 79.56%
||
7 Day CHG+0.03%
Published-10 Apr, 2018 | 19:00
Updated-05 Jun, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

Action-Not Available
Vendor-trustedfirmwaren/aArm LimitedDebian GNU/Linux
Product-debian_linuxmbed_tlsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-8799
Matching Score-10
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-10
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-4.07% / 89.45%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 20:00
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopDebian GNU/LinuxCheck Point Software Technologies Ltd.
Product-rdesktopdebian_linuxrdesktop
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-8789
Matching Score-10
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-10
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-5.24% / 91.52%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 18:00
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

Action-Not Available
Vendor-Canonical Ltd.Check Point Software Technologies Ltd.FreeRDPDebian GNU/Linux
Product-freerdpubuntu_linuxdebian_linuxFreeRDP
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-8796
Matching Score-10
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-10
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-4.07% / 89.45%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 20:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopDebian GNU/LinuxCheck Point Software Technologies Ltd.
Product-rdesktopdebian_linuxrdesktop
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-8792
Matching Score-10
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-10
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-4.07% / 89.45%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 20:00
Updated-17 Sep, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopDebian GNU/LinuxCheck Point Software Technologies Ltd.
Product-rdesktopdebian_linuxrdesktop
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-3910
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.08% / 60.96%
||
7 Day CHG~0.00%
Published-13 Dec, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-20178
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.34% / 90.03%
||
7 Day CHG~0.00%
Published-15 Mar, 2019 | 18:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopn/aDebian GNU/Linux
Product-rdesktopdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-20175
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.30% / 89.95%
||
7 Day CHG~0.00%
Published-15 Mar, 2019 | 18:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopn/aDebian GNU/Linux
Product-rdesktopdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-19627
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.70% / 96.79%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 04:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16890
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-5.35% / 91.65%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 20:00
Updated-15 Apr, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxF5, Inc.Canonical Ltd.NetApp, Inc.Red Hat, Inc.Siemens AGCURL
Product-libcurlclustered_data_ontapubuntu_linuxdebian_linuxcommunications_operations_monitorhttp_serversecure_global_desktopenterprise_linuxsinema_remote_connect_clientbig-ip_access_policy_managercurl
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-16451
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.13% / 89.60%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:57
Updated-03 Dec, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/Linuxtcpdump & libpcap
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16230
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.89% / 88.97%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:49
Updated-03 Dec, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/Linuxtcpdump & libpcap
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16227
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.82% / 93.23%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:44
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcapopenSUSERed Hat, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xleaptcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16228
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.74% / 88.52%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:46
Updated-03 Dec, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

Action-Not Available
Vendor-n/aApple Inc.Fedora Projecttcpdump & libpcapRed Hat, Inc.Debian GNU/LinuxopenSUSE
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16229
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.82% / 93.23%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:48
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.tcpdump & libpcapFedora ProjectRed Hat, Inc.openSUSEF5, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xtraffix_signaling_delivery_controllertcpdumpleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-15501
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.34% / 90.02%
||
7 Day CHG~0.00%
Published-18 Aug, 2018 | 02:00
Updated-05 Aug, 2024 | 09:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.

Action-Not Available
Vendor-libgit2n/aDebian GNU/Linux
Product-debian_linuxlibgit2n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14880
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.34% / 91.64%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:35
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.tcpdump & libpcapFedora ProjectRed Hat, Inc.openSUSEF5, Inc.
Product-big-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linuxbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systemiworkflowbig-ip_application_security_managertcpdumpbig-ip_edge_gatewaydebian_linuxbig-iq_centralized_managementbig-ip_link_controllerfedoramac_os_xenterprise_managerbig-ip_access_policy_managertraffix_signaling_delivery_controllerbig-ip_advanced_firewall_managerleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14340
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.45% / 87.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14468
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.98% / 89.24%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:27
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/LinuxF5, Inc.tcpdump & libpcap
Product-big-ip_analyticsbig-ip_application_security_managerleapbig-ip_link_controllertraffix_signaling_delivery_controllerbig-ip_local_traffic_managerbig-ip_domain_name_systembig-ip_access_policy_managermac_os_xtcpdumpdebian_linuxiworkflowbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linuxfedoraenterprise_managerbig-ip_global_traffic_managerbig-ip_application_acceleration_managerbig-ip_advanced_firewall_managerbig-ip_webacceleratorbig-iq_centralized_managementbig-ip_edge_gatewayn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14466
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.98% / 89.24%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:22
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcapopenSUSERed Hat, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xleaptcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14465
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.07% / 89.44%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:15
Updated-17 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectF5, Inc.openSUSERed Hat, Inc.Apple Inc.tcpdump & libpcap
Product-debian_linuxenterprise_linuxtraffix_signaling_delivery_controllerfedoraleapmac_os_xtcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14461
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.98% / 89.24%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:09
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

Action-Not Available
Vendor-n/aApple Inc.Fedora Projecttcpdump & libpcapRed Hat, Inc.Debian GNU/LinuxopenSUSE
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14469
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.34% / 91.64%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:29
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.tcpdump & libpcapFedora ProjectRed Hat, Inc.openSUSEF5, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xtraffix_signaling_delivery_controllertcpdumpleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14882
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.89% / 88.97%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:41
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/LinuxF5, Inc.tcpdump & libpcap
Product-tcpdumpenterprise_linuxtraffix_signaling_delivery_controllerleapfedoramac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14883
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.97% / 94.63%
||
7 Day CHG+0.24%
Published-03 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

Action-Not Available
Vendor-n/aNetApp, Inc.Canonical Ltd.Debian GNU/LinuxThe PHP Group
Product-ubuntu_linuxphpdebian_linuxstorage_automation_storen/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-14464
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.98% / 89.24%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:13
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Fedora Projecttcpdump & libpcapopenSUSERed Hat, Inc.
Product-debian_linuxfedoraenterprise_linuxmac_os_xleaptcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14470
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.98% / 89.24%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:31
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/Linuxtcpdump & libpcap
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14462
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.98% / 89.24%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:11
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

Action-Not Available
Vendor-n/aApple Inc.Fedora Projecttcpdump & libpcapRed Hat, Inc.Debian GNU/LinuxF5, Inc.openSUSE
Product-tcpdumpenterprise_linuxtraffix_signaling_delivery_controllerleapfedoramac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14881
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.76% / 90.81%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 15:36
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

Action-Not Available
Vendor-n/aApple Inc.openSUSEFedora ProjectRed Hat, Inc.Debian GNU/Linuxtcpdump & libpcap
Product-tcpdumpenterprise_linuxfedoraleapmac_os_xdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 64
  • 65
  • Next
Details not found