Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-17157

Summary
Assigner-freebsd
Assigner Org ID-63664ac6-956c-4cba-a5d0-f46076e16109
Published At-04 Dec, 2018 | 15:00
Updated At-05 Aug, 2024 | 10:39
Rejected At-
Credits

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:freebsd
Assigner Org ID:63664ac6-956c-4cba-a5d0-f46076e16109
Published At:04 Dec, 2018 | 15:00
Updated At:05 Aug, 2024 | 10:39
Rejected At:
▼CVE Numbering Authority (CNA)

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.

Affected Products
Vendor
FreeBSD FoundationFreeBSD
Product
FreeBSD
Versions
Affected
  • FreeBSD 11.2 before 11.2-RELEASE-p5
Problem Types
TypeCWE IDDescription
textN/AKernel integer overflow
Type: text
CWE ID: N/A
Description: Kernel integer overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/106192
vdb-entry
x_refsource_BID
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-25/
x_refsource_MISC
https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc
vendor-advisory
x_refsource_FREEBSD
http://www.securitytracker.com/id/1042164
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/106192
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-25/
Resource:
x_refsource_MISC
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
Hyperlink: http://www.securitytracker.com/id/1042164
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/106192
vdb-entry
x_refsource_BID
x_transferred
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-25/
x_refsource_MISC
x_transferred
https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc
vendor-advisory
x_refsource_FREEBSD
x_transferred
http://www.securitytracker.com/id/1042164
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/106192
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-25/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
x_transferred
Hyperlink: http://www.securitytracker.com/id/1042164
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secteam@freebsd.org
Published At:04 Dec, 2018 | 15:29
Updated At:24 Jan, 2019 | 19:36

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

FreeBSD Foundation
freebsd
>>freebsd>>Versions before 11.2(exclusive)
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>11.2
cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarynvd@nist.gov
CWE ID: CWE-190
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/106192secteam@freebsd.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042164secteam@freebsd.org
Patch
Third Party Advisory
VDB Entry
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-25/secteam@freebsd.org
Third Party Advisory
https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.ascsecteam@freebsd.org
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/106192
Source: secteam@freebsd.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1042164
Source: secteam@freebsd.org
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-25/
Source: secteam@freebsd.org
Resource:
Third Party Advisory
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc
Source: secteam@freebsd.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

199Records found

CVE-2002-0391
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-58.13% / 98.98%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Action-Not Available
Vendor-n/aOpenBSDMicrosoft CorporationFreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-sunoswindows_ntsolarisfreebsdwindows_2000windows_xpopenbsdn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-25577
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 71.07%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 19:53
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2001-0554
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-37.90% / 98.36%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Action-Not Available
Vendor-netkitn/aOpenBSDDebian GNU/LinuxIBM CorporationSilicon Graphics, Inc.NetBSDMIT (Massachusetts Institute of Technology)FreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-debian_linuxsunosirixsolarisnetbsdfreebsdkerberosaixkerberos_5linux_netkitopenbsdn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2011-4862
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-10||HIGH
EPSS-95.10% / 99.85%
||
7 Day CHG~0.00%
Published-25 Dec, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Action-Not Available
Vendor-heimdal_projectn/aFreeBSD FoundationopenSUSEGNUMIT (Massachusetts Institute of Technology)SUSEDebian GNU/LinuxFedora Project
Product-debian_linuxlinux_enterprise_desktopfreebsdinetutilslinux_enterprise_serverfedorakrb5-appllinux_enterprise_software_development_kitheimdalopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-5600
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-9.8||CRITICAL
EPSS-4.86% / 90.97%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 18:50
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-787
Out-of-bounds Write
CVE-2008-0122
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-10||HIGH
EPSS-12.30% / 95.69%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

Action-Not Available
Vendor-n/aFreeBSD FoundationInternet Systems Consortium, Inc.
Product-bindfreebsdn/a
CVE-2004-1053
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.06% / 86.00%
||
7 Day CHG~0.00%
Published-24 Nov, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-fetchn/a
CVE-2000-0584
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.91% / 92.34%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

Action-Not Available
Vendor-n/aFreeBSD FoundationDebian GNU/Linux
Product-debian_linuxfreebsdn/a
CVE-2018-7183
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.78% / 95.30%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 20:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

Action-Not Available
Vendor-ntpn/aFreeBSD FoundationNetApp, Inc.Canonical Ltd.
Product-freebsdntpelement_softwareubuntu_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-6916
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-9.8||CRITICAL
EPSS-2.20% / 80.39%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 15:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-416
Use After Free
CVE-2006-0226
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-10||HIGH
EPSS-5.69% / 92.06%
||
7 Day CHG~0.00%
Published-19 Jan, 2006 | 01:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdn/a
CVE-2006-4304
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-11.32% / 95.45%
||
7 Day CHG~0.00%
Published-24 Aug, 2006 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.

Action-Not Available
Vendor-n/aOpenBSDFreeBSD FoundationNetBSD
Product-freebsdnetbsdopenbsdn/a
CVE-2004-0002
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.11% / 79.54%
||
7 Day CHG~0.00%
Published-03 Feb, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdn/a
CVE-2003-0466
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-78.11% / 99.52%
||
7 Day CHG~0.00%
Published-01 Aug, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Action-Not Available
Vendor-wuftpdn/aOpenBSDApple Inc.NetBSDFreeBSD FoundationSun Microsystems (Oracle Corporation)Red Hat, Inc.
Product-mac_os_xsolariswu-ftpdfreebsdwu_ftpdnetbsdmac_os_x_serveropenbsdn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2001-0388
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.75% / 84.41%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

Action-Not Available
Vendor-n/aFreeBSD FoundationMandriva (Mandrakesoft)SUSE
Product-freebsdmandrake_linuxsuse_linuxn/a
CVE-2001-0247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-19.32% / 97.01%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

Action-Not Available
Vendor-n/aOpenBSDNetBSDSilicon Graphics, Inc.MIT (Massachusetts Institute of Technology)FreeBSD Foundation
Product-irixfreebsdnetbsdkerberos_5openbsdn/a
CVE-2003-0694
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-60.19% / 99.02%
||
7 Day CHG~0.00%
Published-18 Sep, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Action-Not Available
Vendor-turbolinuxcompaqsendmailn/aApple Inc.HP Inc.IBM CorporationSilicon Graphics, Inc.NetBSDGentoo Foundation, Inc.FreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-sunosirixlinuxturbolinux_advanced_serverturbolinux_workstationfreebsdsendmail_switchmac_os_xsolarissendmailsendmail_protru64advanced_message_serverhp-uxaixturbolinux_servernetbsdmac_os_x_servern/a
CVE-1999-0798
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.64% / 73.50%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

Action-Not Available
Vendor-scobsdin/aOpenBSDFreeBSD FoundationRed Hat, Inc.
Product-openserverlinuxbsd_osinternet_faststartfreebsdunixwareopenbsdn/a
CVE-1999-0323
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.36% / 68.38%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeBSD mmap function allows users to modify append-only or immutable files.

Action-Not Available
Vendor-bsdin/aOpenBSDFreeBSD FoundationNetBSD
Product-freebsdbsd_osnetbsdopenbsdn/a
CVE-1999-0046
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-52.81% / 98.84%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow of rlogin program using TERM environmental variable.

Action-Not Available
Vendor-bsdidigitalnextn/aOracle CorporationHP Inc.Debian GNU/LinuxIBM CorporationNetBSDFreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-debian_linuxsunossolarisbsd_osultrixfreebsdhp-uxaixnextstepnetbsdn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2001-0969
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.90% / 77.11%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdn/a
CVE-2016-6559
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-3.70% / 88.39%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 20:00
Updated-06 Aug, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow

Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.

Action-Not Available
Vendor-BSDFreeBSD Foundation
Product-freebsdlibc library
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-3954
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.94% / 89.13%
||
7 Day CHG~0.00%
Published-27 Oct, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-17161
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-9.8||CRITICAL
EPSS-3.52% / 87.80%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 10:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-17160
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-10||CRITICAL
EPSS-3.35% / 87.20%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 21:00
Updated-05 Aug, 2024 | 10:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-787
Out-of-bounds Write
CVE-2005-0708
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.27% / 80.91%
||
7 Day CHG~0.00%
Published-05 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.

Action-Not Available
Vendor-dragonflybsdn/aFreeBSD Foundation
Product-freebsddragonflybsdn/a
CVE-2020-25583
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-9.8||CRITICAL
EPSS-1.47% / 70.48%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 19:53
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-45287
Matching Score-6
Assigner-FreeBSD
ShareView Details
Matching Score-6
Assigner-FreeBSD
CVSS Score-9.1||CRITICAL
EPSS-0.51% / 39.80%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 03:18
Updated-26 Sep, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in libnv

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSDfreebsd
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-6917
Matching Score-6
Assigner-FreeBSD
ShareView Details
Matching Score-6
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-2.03% / 78.72%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-49416
Matching Score-6
Assigner-FreeBSD
ShareView Details
Matching Score-6
Assigner-FreeBSD
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.36%
||
7 Day CHG~0.00%
Published-27 Jun, 2026 | 09:25
Updated-01 Jul, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in vt(4) CONS_HISTORY ioctl

The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An unprivileged local user with access to a vt(4) device can trigger an out-of-bounds write in the kernel, potentially escalating privileges.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-45258
Matching Score-6
Assigner-FreeBSD
ShareView Details
Matching Score-6
Assigner-FreeBSD
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.50%
||
7 Day CHG~0.00%
Published-27 Jun, 2026 | 08:50
Updated-01 Jul, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in the sound(4) mmap path

dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to a buffer address, yielding a mapping that extended past the audio buffer into unrelated kernel memory. The /dev/dsp device nodes are world-accessible by default. On a system with an audio device, either issue allows an unprivileged local user to read and write kernel memory, which can be used to escalate privileges, potentially gaining full control of the affected system. At a minimum, an attacker can crash the kernel, resulting in a Denial of Service (DoS).

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-3107
Matching Score-6
Assigner-FreeBSD
ShareView Details
Matching Score-6
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-0.54% / 41.42%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 22:01
Updated-09 Jul, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote denial of service in IPv6 fragment reassembly

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.

Action-Not Available
Vendor-NetApp, Inc.FreeBSD Foundation
Product-freebsdclustered_data_ontapFreeBSD
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-17158
Matching Score-6
Assigner-FreeBSD
ShareView Details
Matching Score-6
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-4.41% / 90.16%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 10:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-0309
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 30.86%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.

Action-Not Available
Vendor-FreeBSD FoundationOracle CorporationLinux Kernel Organization, IncNVIDIA CorporationMicrosoft Corporation
Product-freebsdsolariswindowsgpu_driverlinux_kernelGPU Display Driver
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-5766
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.50% / 93.74%
||
7 Day CHG-0.06%
Published-07 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

Action-Not Available
Vendor-libgdn/aFreeBSD FoundationRed Hat, Inc.The PHP GroupDebian GNU/LinuxFedora Project
Product-debian_linuxfreebsdphpopenshiftlibgdfedoraenterprise_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-1889
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.45%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-13434
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.01% / 58.96%
||
7 Day CHG~0.00%
Published-24 May, 2020 | 21:55
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxFreeBSD FoundationOracle CorporationFedora ProjectApple Inc.Canonical Ltd.
Product-ubuntu_linuxfreebsditunesdebian_linuxiphone_osipadostvoswatchossqlitefedoracommunications_network_charging_and_controloutside_in_technologymacoscommunications_cloud_native_core_policyicloudn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-2729
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-66.55% / 99.19%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-22 Apr, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.

Action-Not Available
Vendor-n/aRed Hat, Inc.Adobe Inc.SUSE
Product-acrobatacrobat_readerlinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_eusn/aReader and Acrobat
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-2555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.46% / 94.35%
||
7 Day CHG~0.00%
Published-11 Mar, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncSUSERed Hat, Inc.Microsoft CorporationAdobe Inc.
Product-linux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationairenterprise_linux_desktopwindowsflash_playermacosenterprise_linux_server_ausenterprise_linux_eusandroidlinux_kernelopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-5835
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.53% / 94.39%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-2892
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-2.40% / 81.96%
||
7 Day CHG~0.00%
Published-07 Nov, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

Action-Not Available
Vendor-cesantaCesanta
Product-mongooseMongoose
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-5143
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-10||HIGH
EPSS-1.65% / 73.72%
||
7 Day CHG~0.00%
Published-12 Dec, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-chromeopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-11167
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.22% / 65.01%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfs2580qfe2550pmi8996qdm2307qfs2530qpa8802qln1030pm6125qat3519pm8150aqtc800hqdm5670sa6155qca6335msm8917pm7150lqpa8821qln1020wtr3905qdm5671qat3518sd632wcn3998wcn3950qpa5460wcn3660bqfe4320qdm5652sd6905gqpm8870qpm5679qbt2000msm8909wpm855pqca6420wcd9360pm6150apm8150bqsm7250pm8996qfe2101qca6430qat3522qfe4455fcpmr735awcd9340sd765gqfe3440fcqca6436sdr660sa6155pqpa6560msm8937sdr865smb1358wcd9341pmi8952qca6431qln5020sd750gwtr3950pm6350qdm5621qtc800sqdm5650sd712wcn3988wtr3925qfe2080fcsdr052smb1390pm6150lsd450qet4100wcn3610qpm6585qtc410swcn3991smb1355qln4650qpa8801sdm429wwgr7640qet5100qca6564ausdxr25gpm6150pm7250bqca6574qpa8842pmm8996auwcd9380qualcomm215smb1381sdr735pm7250smb1395pm660lwtr4905qpa8803smr526wtr5975wcn3980pmk8003qdm2301qsw8573qcs605wsa8815qbt1000qca6320wcn3680qfe4309sd835pm8009sdx55mpm670aqfe4373fcpm8008msm8953qsw8574pmi8998pm855lqcs603sd8655gqfe4302qpm5621qpm6582apq8009wqfe4303pm670pm8150lqdm5677pm8005pm215qdm2302sdxr1apq8096auwtr2965sdx55apq8053sa8155psd675sd439qet4101pmi8994qat3516pm670lqpm5658wcn3660qca9379pm855bqln1031pm8909qfe4465fcsdr051pm660wsa8830qln5030qbt1500pmi632qpa5581pmk8001qet6100sdr660gpmm855auqpa8686smb1396pm7150awcd9370qca6426whs9410qat5516wtr2955qdm5620qln1021aqsmb1380qfe4308apq8037pm3003asa8155qat5533qca6595auwcn3615qtc800tpm8940qdm2305qca6310qpm8820pm8937qfe2081fcpm855sd429pm8250sd821pmx55sd205qca6421qdm3301pm8953qat5515qpm5677wcd9326wcd9335qet4200aqwcd9385pm439qca6390wcd9375apq8064auaqt1000qpa8673qdm2310qln4642sd210sd820pmi8937pm8998wcn3620apq8017qca6564aqet6110qln5040qpm8895sdr845qpm5670wcn3990qca6595qpm8830qat5522wsa8835msm8996aupm8150cpmr735brgr7640auqln1035bdqpa4360pm855aqca6574aqpa4361qca6174asmr525pmr525qpm4650qtm525sd855sd8cxsd665qfe4305qca6175asd765pm640pqat3555smb1351qca6391qfe2082fcmsm8920sdx50mpm640asdr8150qln1036aqqtc801sqca6574ausd710qsw6310wsa8810qdm2308pmw3100pmx50qat3550qdm5679wcn3680bsdr8250sd768gqca6696qfe4301sdw2500pm8004pm640lmsm8940pmk8002qpa2625sd845sm7250psdm830qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-9185
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.93% / 77.50%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7.

Action-Not Available
Vendor-autotrace_projectn/a
Product-autotracen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-15788
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.85% / 76.46%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 12:04
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp.

Action-Not Available
Vendor-n/aNVIDIA Corporation
Product-clara_genomics_analysisn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-4203
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.57% / 90.46%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

Action-Not Available
Vendor-webmprojectn/aGoogle LLCRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationlibvpxenterprise_linux_desktopchromen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-3254
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.85% / 76.54%
||
7 Day CHG~0.00%
Published-07 Sep, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-25651
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 52.18%
||
7 Day CHG+0.01%
Published-14 Jun, 2022 | 09:41
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9150_firmwaremdm9640_firmwareqca6595qca6564aucsrb31024mdm9628_firmwarewcd9360_firmwaremdm9650csra6620qca6574mdm9250qca6595au_firmwaresa6155apq8009_firmwarecsra6620_firmwareqca6574acsra6640_firmwareqca9379_firmwareqca6174awcd9335_firmwareqca9377sa415mwcn3998wcn3980wcd9326_firmwaremdm9628wcn3615_firmwaresa515mqca6574_firmwarewcn3660bwsa8815qca6584_firmwaremdm9650_firmwareqca4020wcn3660b_firmwaresa8155qca6574a_firmwareqca6584qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595ausa6155_firmwarewcn3615wcn3998_firmwarewcn3999_firmwarewcn3980_firmwarewcn3610_firmwarewcd9360apq8053_firmwareapq8009qca6564au_firmwaresa6155p_firmwareqca9367_firmwaremdm9626wcn3999sa515m_firmwarear8031_firmwarecsrb31024_firmwareqca9367sdx20sa8155_firmwaremdm9607_firmwaresa415m_firmwareqcs405mdm9626_firmwareqca6574ausa8155p_firmwaremdm9607qca6564a_firmwaresa8195papq8017_firmwarewsa8810_firmwarewsa8810qca4020_firmwarewcd9326wcd9335sa6155pmdm9150wcn3680bqca6174a_firmwaremdm9250_firmwareapq8096auqca6696_firmwarear8031qca6595_firmwareqcs405_firmwareqca6696sd820_firmwaresdx55apq8053apq8096au_firmwarecsra6640sa8155psd820sdx20_firmwarewsa8815_firmwaresa8195p_firmwareapq8017qca6564aqca9379wcn3610mdm9640Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-29644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.45% / 82.43%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 18:19
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS.

Action-Not Available
Vendor-n/aHitachi, Ltd.Microsoft Corporation
Product-job_management_partner_1\/it_desktop_management-managerjp1\/remote_control_agentjp1\/it_desktop_management-managerjp1\/it_desktop_management_2-managerjp1\/it_desktop_management_2-operations_directorjob_management_partner_1\/remote_control_agentwindowsjp1\/netdm\/dm_clientjob_management_partner_1\/software_distribution_clientjp1\/netdm\/dm_managerjp1\/netm\/remote_control_agentjob_management_partner_1\/software_distribution_managerjob_management_partner_1\/it_desktop_management_2-managerit_operations_directorjp1\/netdm\/dm_client-remote_control_featuren/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14086
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 55.48%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during the check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm636_firmwareapq8098_firmwaresdm845msm8998_firmwaresdm660sdm630mdm9607_firmwaresm7150_firmwaresdm710sm6150mdm9607sdm710_firmwaresm7150qcn7605_firmwaresdm670qcs605_firmwaresdm670_firmwaresm8150_firmwaresdm636sdm630_firmwareapq8098qcn7605sda660_firmwareqcs605sm6150_firmwareqca6584_firmwaremsm8998sm8150sdm850qca6584sda660sxr1130_firmwaresxr1130sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found