Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-6956

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Apr, 2017 | 14:00
Updated At-05 Aug, 2024 | 15:49
Rejected At-
Credits

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Apr, 2017 | 14:00
Updated At:05 Aug, 2024 | 15:49
Rejected At:
▼CVE Numbering Authority (CNA)

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugs.chromium.org/p/project-zero/issues/detail?id=1059
x_refsource_MISC
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
x_refsource_MISC
Hyperlink: https://bugs.chromium.org/p/project-zero/issues/detail?id=1059
Resource:
x_refsource_MISC
Hyperlink: https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugs.chromium.org/p/project-zero/issues/detail?id=1059
x_refsource_MISC
x_transferred
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
x_refsource_MISC
x_transferred
Hyperlink: https://bugs.chromium.org/p/project-zero/issues/detail?id=1059
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Apr, 2017 | 14:59
Updated At:20 Apr, 2025 | 01:37

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.08.3HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 8.3
Base severity: HIGH
Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Broadcom Inc.
broadcom
>>hardmac_wi-fi_soc_firmware>>6.37.34.40
cpe:2.3:o:broadcom:hardmac_wi-fi_soc_firmware:6.37.34.40:*:*:*:*:*:*:*
Broadcom Inc.
broadcom
>>hardmac_wi-fi_soc>>-
cpe:2.3:h:broadcom:hardmac_wi-fi_soc:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugs.chromium.org/p/project-zero/issues/detail?id=1059cve@mitre.org
Third Party Advisory
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.htmlcve@mitre.org
Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1059af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://bugs.chromium.org/p/project-zero/issues/detail?id=1059
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://bugs.chromium.org/p/project-zero/issues/detail?id=1059
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

79Records found
CVE-2006-5882
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-21.67% / 95.52%
||
7 Day CHG~0.00%
Published-14 Nov, 2006 | 19:00
Updated-07 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.

Action-Not Available
Vendor-n/aBroadcom Inc.Linksys Holdings, Inc.
Product-bcmwl5.sys_wireless_device_driverwpc300n_wireless-n_notebook_adapter_drivern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-19860
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.96%
||
7 Day CHG~0.00%
Published-07 Jun, 2019 | 16:23
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

Action-Not Available
Vendor-cypressn/aBroadcom Inc.
Product-cyw20706ua1kffb4gcyw20702a1kwfbg_firmwarecyw20707va2pkwbgtcyw20704ua1kffb1g_firmwarecyw20733a3kml1gt_firmwarecyw20733a3kml1gtcyw89072brfb5g_firmwarecyw20734ua1kffb3gcyw20730a1kml2gt_firmwarecyw4354kkwbgt_firmwarecyw20707a2kubgt_firmwarecyw20730a1kfbg_firmwarecyw4354kkwbgtcyw43438kubgt_firmwarecyw20704ua2kffb1gt_firmwarecyw89072brfb5gt_firmwarecyw20733a3kfb1gcyw20706ua2kffb4g_firmwarecyw20704ua1kffb1gcyw20704ua1kffb1gt_firmwarecyw20734ua2kffb3gtcyw4343wkwbgt_firmwarecyw20730a1kmlgcyw20733a2kml1gtcyw20730a1kmlgtcyw4354xkubgt_firmwarecyw20733a3kfb1gtcyw20702a1kwfbgt_firmwarecyw20730a1kml2gcyw20704ua1kffb1gtcyw89071a1cubxgtcyw20706ua2kffb4gtcyw20706ua1kffb1g_firmwarecyw20707ua1kffb4g_firmwarecyw4354xkubgtcyw20733a2kfb1g_firmwarecyw4343wkwbgtcyw20733a1kfb1gtcyw20705a1kwfbgt_firmwarecyw20733a2kml1gt_firmwarecyw20707ua1kffb1gcyw20702b0kwfbgt_firmwarecyw89335l2cubgtcyw20707ua1kffb1g_firmwarecyw20706ua1kffb1gcyw20733a1kfb1gt_firmwarecyw20733a2kfb1gtcyw20703ua1kffb1g_firmwarecyw20734ua2kffb3gt_firmwarecyw20705b0kwfbgcyw20734ua2kffb3g_firmwarecyw4343w1kubgtcyw20706ua1kffb1gtcyw20730a2kfbg_firmwarecyw4343wkubgt_firmwarecyw20730a1kfbgcyw20706ua1kffb4g_firmwarecyw20707ua2kffb4gtcyw20706ua2kffb4gt_firmwarecyw20707va1pkwbgt_firmwarebcm4335c0_firmwarecyw20707va1pkwbgtcyw20730a2kml2gtcyw20733a3kml1g_firmwarecyw89071a1cubxgt_firmwarecyw20734ua1kffb3gt_firmwarecyw20707ua2kffb4gt_firmwarecyw20707ua1kffb4gtcyw20730a2kfbgtcyw20734ua1kffb3gtcyw20734ua1kffb3g_firmwarebcm43438a1cyw20730a1kml2g_firmwarecyw20703ua1kffb1gcyw89335l2cubgt_firmwarecyw20705a1kwfbgtcyw20702a1kwfbgtcyw20706ua1kffb1gt_firmwarecyw20730a2kfbgcyw20733a3kfb1gt_firmwarecyw89335lcubgtcyw20733a2kml1gbcm43438a1_firmwarecyw20730a1kfbgtcyw4343w1kubgt_firmwarecyw20733a3kfb2gtcyw20730a2kml2g_firmwarecyw20704ua2kffb1gcyw20707ua1kffb4gcyw20707va2pkwbgt_firmwarecyw20730a2kfbgt_firmwarecyw20705b0kwfbgtcyw89335lcubgt_firmwarecyw20707ua1kffb4gt_firmwarecyw20707ua2kffb4gcyw4343wkubgtcyw20702b0kwfbgtcyw20730a2kml2gt_firmwarecyw20733a2kml1g_firmwarecyw20730a1kmlg_firmwarecyw20730a1kmlgt_firmwarecyw89072brfb5gtcyw20703ua1kffb1gtcyw20705b0kwfbg_firmwarecyw20704ua2kffb1g_firmwarecyw20733a2kfb1gt_firmwarecyw20705b0kwfbgt_firmwarecyw20702a1kwfbgcyw20703ua1kffb1gt_firmwarecyw20733a3kfb2gt_firmwarecyw43438kubgtcyw20702b0kwfbgcyw20707ua2kffb4g_firmwarebcm4335c0cyw20733a2kfb1gcyw20734ua2kffb3gcyw20733a3kml1gcyw20706ua2kffb4gcyw20702b0kwfbg_firmwarecyw20704ua2kffb1gtcyw20730a1kfbgt_firmwarecyw89072brfb5gcyw20733a3kfb1g_firmwarecyw20730a2kml2gcyw20707a2kubgtcyw20730a1kml2gtn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-9502
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.9||HIGH
EPSS-1.91% / 82.52%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 21:00
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom wl driver is vulnerable to heap buffer overflow

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Action-Not Available
Vendor-Broadcom Inc.Synology, Inc.
Product-bcm4339router_managerbcm4339_firmwareWiFi drivers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9501
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.9||HIGH
EPSS-3.06% / 86.17%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 21:00
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom wl driver is vulnerable to heap buffer overflow

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Action-Not Available
Vendor-Broadcom Inc.Synology, Inc.
Product-bcm4339router_managerbcm4339_firmwareWiFi drivers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-2667
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.24% / 95.98%
||
7 Day CHG~0.00%
Published-28 Jul, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

Action-Not Available
Vendor-n/aBroadcom Inc.CA Technologies (Broadcom Inc.)
Product-gateway_securitytotal_defensen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23616
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-6.30% / 90.57%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-23 Aug, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Server Management Suite Buffer Overflow

A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-symantec_server_management_suiteServer Management Suiteserver_management_suite
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23614
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-2.13% / 83.47%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-05 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Messaging Gateway Buffer Overflow

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-symantec_messaging_gatewayMessaging Gateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23613
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-7.65% / 91.51%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-29 May, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Deployment Solution Remote Code Execution

A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

Action-Not Available
Vendor-Symantec CorporationBroadcom Inc.
Product-symantec_deployment_solutionsDeployment Solution
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23617
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-9.6||CRITICAL
EPSS-2.38% / 84.34%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-18 Oct, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Data Loss Prevention Buffer Overflow

A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-symantec_data_center_security_serverData Loss Prevention
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23615
Matching Score-6
Assigner-Exodus Intelligence
ShareView Details
Matching Score-6
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-6.30% / 90.57%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-29 May, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Messaging Gateway Buffer Overflow

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

Action-Not Available
Vendor-Symantec CorporationBroadcom Inc.
Product-symantec_messaging_gatewayMessaging Gateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2008-1328
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-16.74% / 94.67%
||
7 Day CHG~0.00%
Published-07 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."

Action-Not Available
Vendor-computer_associatesn/aBroadcom Inc.
Product-arcserve_backup_laptops_and_desktopsdesktop_management_suiten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6429
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.61% / 68.79%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6957
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-14.93% / 94.28%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-bcm4339_soc_firmwarebcm4339_socn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2242
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.10% / 93.53%
||
7 Day CHG~0.00%
Published-21 May, 2008 | 10:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5326
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-28.65% / 96.36%
||
7 Day CHG~0.00%
Published-13 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupserver_protection_suitebusiness_protection_suitebrightstor_enterprise_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5083
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-38.07% / 97.11%
||
7 Day CHG~0.00%
Published-01 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands that trigger a heap-based buffer overflow.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_hierarchical_storage_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5003
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-82.08% / 99.16%
||
7 Day CHG~0.00%
Published-01 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backup_laptops_desktopsdesktop_management_suiteprotection_suitesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5325
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-19.34% / 95.14%
||
7 Day CHG~0.00%
Published-13 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupbrightstor_enterprise_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5330
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.02% / 95.95%
||
7 Day CHG~0.00%
Published-13 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupbrightstor_enterprise_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-399
Not Available
CVE-2007-5327
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-32.12% / 96.67%
||
7 Day CHG~0.00%
Published-13 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupbrightstor_enterprise_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5082
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-70.51% / 98.63%
||
7 Day CHG~0.00%
Published-01 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_hierarchical_storage_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4620
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-75.81% / 98.86%
||
7 Day CHG~0.00%
Published-07 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupthreat_manager_for_the_enterpriseanti-virus_for_the_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-3216
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-60.17% / 98.20%
||
7 Day CHG~0.00%
Published-14 Jun, 2007 | 22:00
Updated-07 Aug, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backup_laptops_desktopsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-2522
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-44.39% / 97.47%
||
7 Day CHG~0.00%
Published-11 May, 2007 | 03:55
Updated-07 Aug, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-etrust_pestpatroletrust_integrated_threat_managementantispyware_for_the_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0449
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-81.66% / 99.14%
||
7 Day CHG~0.00%
Published-23 Jan, 2007 | 21:00
Updated-07 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-desktop_protection_suitedesktop_management_suitebusiness_protection_suitebrightstor_arcserve_backup_laptops_desktopsbrightstor_mobile_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0673
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.31% / 78.93%
||
7 Day CHG~0.00%
Published-03 Feb, 2007 | 01:00
Updated-07 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-desktop_protection_suitebrightstor_arcserve_backup_laptops_desktopsbusiness_protection_suitedesktop_management_suiten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0169
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-75.59% / 98.85%
||
7 Day CHG~0.00%
Published-11 Jan, 2007 | 22:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupbrightstor_enterprise_backupbusiness_protection_suiten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-5143
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-84.44% / 99.28%
||
7 Day CHG~0.00%
Published-06 Oct, 2006 | 20:00
Updated-07 Aug, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupserver_protection_suitebusiness_protection_suitebrightstor_enterprise_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-5142
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.50% / 92.52%
||
7 Day CHG~0.00%
Published-06 Oct, 2006 | 20:00
Updated-07 Aug, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backupn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-3653
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-30.44% / 96.54%
||
7 Day CHG~0.00%
Published-23 Jan, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

Action-Not Available
Vendor-n/aBroadcom Inc.CA Technologies (Broadcom Inc.)
Product-brightstor_enterprise_backupunicenter_service_fulfillmentetrust_secure_content_manageretrust_integrated_threat_managementunicenter_web_services_distributed_managementunicenter_managementbrightstor_portalunicenter_service_catalog_fulfillment_accountingetrust_identity_minderbrightstor_arcserve_backup_laptops_desktopsunicenter_ca_web_services_distributed_managementetrust_audit_irecorderbrightstor_arcserve_backupunicenter_exchange_management_consoleetrust_audit_ariesunicenter_service_metric_analysisbrightstor_process_automation_managerunicenter_service_deliverybrightstor_storage_resource_manageretrust_directoryunicenter_service_deskunicenter_service_desk_knowledge_toolsunicenter_application_server_managmentbrightstor_san_manageretrust_adminunicenter_service_level_managementunicenter_autosys_jmitechnology_igatewayunicenter_asset_portfolio_managementunicenter_web_server_managementunicenter_application_performance_monitorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-15373
Matching Score-6
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-6
Assigner-Brocade Communications Systems, LLC
CVSS Score-9.8||CRITICAL
EPSS-0.93% / 75.09%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 13:10
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8381
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.70%
||
7 Day CHG~0.00%
Published-17 Feb, 2019 | 02:00
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aFedora ProjectBroadcom Inc.
Product-tcpreplayfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1719
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-16.64% / 94.66%
||
7 Day CHG~0.00%
Published-27 Apr, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-output_management_web_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14266
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.78% / 81.92%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11121
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.08% / 83.29%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.

Action-Not Available
Vendor-n/aBroadcom Inc.Apple Inc.
Product-iphone_ostvosbcm4355c0bcm4355c0_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11120
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.37% / 95.89%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.

Action-Not Available
Vendor-n/aBroadcom Inc.Apple Inc.
Product-iphone_ostvosbcm4355c0bcm4355c0_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2287
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-3.04% / 86.14%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0454
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.3||HIGH
EPSS-3.86% / 87.75%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware 1.00 through 1.61, SEIL/B1 with firmware 1.00 through 3.11, SEIL/X1 with firmware 1.00 through 3.11, SEIL/X2 with firmware 1.00 through 3.11, SEIL/Turbo with firmware 1.80 through 2.10, and SEIL/neu 2FE Plus with firmware 1.80 through 2.10 might allow remote attackers to execute arbitrary code via a PPPoE packet.

Action-Not Available
Vendor-iijn/a
Product-seil\/b1_firmwareseil\/turbo_firmwareseil\/neu_2fe_plus_firmwareseil\/x2_firmwareseil\/x86_firmwareseil\/x1seil\/turboseil\/x86seil\/x1_firmwareseil\/x2seil\/neu_2fe_plusseil\/b1n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2439
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-09 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via a long PIN value, aka internal bug 27411268.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5872
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8||HIGH
EPSS-0.08% / 23.50%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 19:00
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-3.04% / 86.14%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5881
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.87%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_636sdm630sd_625sd_210mdm9607sd_636_firmwaresd_450_firmwaremdm9206sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sdm630_firmwaresda660_firmwaremdm9206_firmwaresd_427sd_430sd_435_firmwaresd_835_firmwaresd_835sd_205sda660sd_210_firmwaresd_205_firmwaresdm660_firmwaresd_212Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10377
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.34%
||
7 Day CHG~0.00%
Published-29 May, 2017 | 03:52
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.

Action-Not Available
Vendor-openvswitchn/a
Product-openvswitchn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-3628
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-1.21% / 78.11%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.

Action-Not Available
Vendor-Intel Corporation
Product-xeon_e3_1275_v5xeon_e3_1268l_v5xeon_silvercore_2_duoxeonxeon_goldxeon_platinumcore_duocore_i7core_2_extremecore_solocore_i3core_2_quadcore_2_solocore_i5core_i9active_management_technology_firmwareIntel Active Management Technology
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-5228
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.28% / 51.17%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 03:00
Updated-15 Jul, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-di-8100di-8100_firmwareDI-8100
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-14793
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.25% / 47.78%
||
7 Day CHG~0.00%
Published-21 Aug, 2018 | 14:00
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.

Action-Not Available
Vendor-emersonICS-CERT
Product-deltavDeltaV
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-3538
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.53% / 66.37%
||
7 Day CHG~0.00%
Published-13 Apr, 2025 | 18:31
Updated-16 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-di-8100di-8100_firmwareDI-8100
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14745
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.85%
||
7 Day CHG~0.00%
Published-15 Mar, 2019 | 22:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s6galaxy_s6_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-17614
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.70% / 81.52%
||
7 Day CHG~0.00%
Published-13 Nov, 2018 | 21:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6436.

Action-Not Available
Vendor-losantLosant
Product-arduino_mqtt_clientLosant Arduino MQTT Client
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-11279
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.45%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9635m_firmwaremdm9640_firmwaresd_820amsm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996aumdm9645sd_650sd_820sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwaresd_450mdm9635mmdm9615sd_845mdm9206_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaresxr1130msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_412sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sd_710_firmwaresdm630sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaremdm9645_firmwaremdm9625_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sdm439_firmwaresd_412_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaremdm9625sd_430sd_427sd_670sd_810sd_435_firmwaremdm9615_firmwaresdx20_firmwaresd_710sd_410_firmwaresd_205sd_810_firmwaresdm660_firmwaremdm9640Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • Next
Details not found