Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-20679

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Jan, 2019 | 16:00
Updated At-09 Jun, 2025 | 15:26
Rejected At-
Credits

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Jan, 2019 | 16:00
Updated At:09 Jun, 2025 | 15:26
Rejected At:
â–¼CVE Numbering Authority (CNA)

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
x_refsource_MISC
https://busybox.net/news.html
x_refsource_MISC
https://bugs.busybox.net/show_bug.cgi?id=11506
x_refsource_MISC
https://usn.ubuntu.com/3935-1/
vendor-advisory
x_refsource_UBUNTU
http://seclists.org/fulldisclosure/2019/Sep/7
mailing-list
x_refsource_FULLDISC
https://seclists.org/bugtraq/2019/Sep/7
mailing-list
x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
x_refsource_MISC
Hyperlink: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
Resource:
x_refsource_MISC
Hyperlink: https://busybox.net/news.html
Resource:
x_refsource_MISC
Hyperlink: https://bugs.busybox.net/show_bug.cgi?id=11506
Resource:
x_refsource_MISC
Hyperlink: https://usn.ubuntu.com/3935-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://seclists.org/fulldisclosure/2019/Sep/7
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://seclists.org/bugtraq/2019/Sep/7
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
x_refsource_MISC
x_transferred
https://busybox.net/news.html
x_refsource_MISC
x_transferred
https://bugs.busybox.net/show_bug.cgi?id=11506
x_refsource_MISC
x_transferred
https://usn.ubuntu.com/3935-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://seclists.org/fulldisclosure/2019/Sep/7
mailing-list
x_refsource_FULLDISC
x_transferred
https://seclists.org/bugtraq/2019/Sep/7
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
x_refsource_MISC
x_transferred
Hyperlink: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://busybox.net/news.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://bugs.busybox.net/show_bug.cgi?id=11506
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://usn.ubuntu.com/3935-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2019/Sep/7
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Sep/7
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Jan, 2019 | 16:29
Updated At:09 Jun, 2025 | 16:15

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
busybox
busybox
>>busybox>>Versions before 1.30.0(exclusive)
cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-125Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-125
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlcve@mitre.org
N/A
http://seclists.org/fulldisclosure/2019/Sep/7cve@mitre.org
N/A
https://bugs.busybox.net/show_bug.cgi?id=11506cve@mitre.org
Exploit
Issue Tracking
Third Party Advisory
https://busybox.net/news.htmlcve@mitre.org
Release Notes
Third Party Advisory
https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562ccve@mitre.org
Patch
Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/7cve@mitre.org
N/A
https://usn.ubuntu.com/3935-1/cve@mitre.org
Third Party Advisory
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2019/Sep/7af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.busybox.net/show_bug.cgi?id=11506af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Third Party Advisory
https://busybox.net/news.htmlaf854a3a-2127-422b-91ae-364da2661108
Release Notes
Third Party Advisory
https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562caf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/7af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/3935-1/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2019/Sep/7
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.busybox.net/show_bug.cgi?id=11506
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://busybox.net/news.html
Source: cve@mitre.org
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://seclists.org/bugtraq/2019/Sep/7
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/3935-1/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2019/Sep/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.busybox.net/show_bug.cgi?id=11506
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://busybox.net/news.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://seclists.org/bugtraq/2019/Sep/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/3935-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

973Records found
CVE-2021-0596
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.88% / 75.65%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 13:45
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181346550

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1002
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.38%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194533433

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9627
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 20:05
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-dng_software_development_kitmacoswindowsAdobe DNG Software Development Kit (SDK)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9601
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:23
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20605
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.35%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9623
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 20:02
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsdigital_negative_software_development_kitAdobe DNG Software Development Kit (SDK)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9837
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.76% / 73.62%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:16
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ostvosmac_os_xipadostvOSmacOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9828
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.49%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 17:53
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9600
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:22
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9719
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:11
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-0431
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-1.56% / 81.67%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:22
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9625
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 20:03
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-dng_software_development_kitmacoswindowsAdobe DNG Software Development Kit (SDK)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25747
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-11 Feb, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9628
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 20:04
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-dng_software_development_kitmacoswindowsAdobe DNG Software Development Kit (SDK)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-0254
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.06%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:31
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9721
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:13
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9599
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:22
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9720
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:12
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9705
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 13:20
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9717
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:08
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9718
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 14:09
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-32.46% / 96.91%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 15:58
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.

Action-Not Available
Vendor-pureftpdn/aFedora Project
Product-fedorapure-ftpdn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.90%
||
7 Day CHG-0.09%
Published-20 Feb, 2020 | 15:17
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.

Action-Not Available
Vendor-proftpdn/aSiemens AGopenSUSE
Product-simatic_net_cp_1543-1simatic_net_cp_1543-1_firmwaresimatic_net_cp_1545-1proftpdsimatic_net_cp_1545-1_firmwarebackports_sleleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8753
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 76.77%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:05
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwarestandard_manageabilityIntel(R) AMT, Intel(R) ISM versions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8674
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.25% / 79.52%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 14:00
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-service_manageractive_management_technology_firmwareIntel(R) AMT and Intel(R) ISM
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8754
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 76.77%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:08
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-cloud_backupactive_management_technology_firmwarestandard_manageabilityIntel(R) AMT, Intel(R) ISM
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-4424
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.55%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 13:50
Updated-14 May, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Action-Not Available
Vendor-libarchiveRed Hat, Inc.
Product-hardened_imagesopenshift_container_platformlibarchiveopenshift_container_platform_for_powerenterprise_linux_server_ausopenshift_container_platform_for_arm64enterprise_linuxRHEL-8 based Middleware ContainersRed Hat Insights proxy 1.5Red Hat Hardened ImagesRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Update Infrastructure 5Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AI Inference Server 3.3Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Discovery 2Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25730
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to improper check of IP type while processing DNS server query

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9306wcd9380_firmwarewsa8830snapdragon_wear_1300ssg2125psxr2230p_firmwaremdm8207snapdragon_wear_1200wcd9330snapdragon_x5_lte_modem_firmwarewsa8832_firmwarewcn785x-5wcn685x-5qca4004_firmwarewcn785x-1_firmwareqts110wcd9306_firmwaresxr1230p_firmwarewsa8835wcd9380wsa8832snapdragon_ar2_gen_1_platform_firmwaresnapdragon_wear_1100_firmwareqca4010snapdragon_wear_1200_firmwaressg2125p_firmwaressg2115psnapdragon_ar2_gen_1_platformmdm9206wcn685x-5_firmwarewcn685x-1_firmwaresxr1230pwcd9385wcn685x-1snapdragon_x5_lte_modemmdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwarewcd9385_firmwaremdm9205mdm9206_firmwaremdm9207_firmwareqca4004sxr2230pwsa8830_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_wear_1300_firmwarewcn785x-5_firmwarewcd9330_firmwareqca4010_firmwarewcn785x-1mdm9207qts110_firmwareSnapdragonfastconnect_7800wcd9306snapdragon_1100_wearable_platformwsa8830sxr1230pssg2125pwcd93859207_lte_modemmdm8207wcd93309206_lte_modemfastconnect_6900snapdragon_ar2_gen1_platform9205_lte_modemqca4004sxr2230pqts110wsa8835wcd9380wsa8832snapdragon_1200_wearable_platformsnapdragon_x5_lte_firmwareqca4010snapdragon_wear_1300_platformssg2115p
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25732
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to buffer over read in dns client due to missing length check

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcd9330wcn6856_firmwarecsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380csra6620_firmwaressg2125p_firmwaressg2115pmdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9335_firmwarewcn3980wcd9385_firmwaremdm9205mdm9206_firmwarewsa8815sxr2230pqca4020wcn7850wcn3999_firmwarewcn3980_firmwarewcd9330_firmwaremdm9207wcd9306mdm8207wcn3999wcn7851ar8031_firmwarewsa8832_firmwareqca4004_firmwaremdm9607_firmwareqcs405qts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810wsa8832qca4020_firmwarewcn6855wcd9335wcn7851_firmwarewcn6856wcd9385ar8031qcs405_firmwaremdm8207_firmwaremdm9205_firmwareqca4024mdm9207_firmwareqca4004csra6640wsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwareqts110_firmwareSnapdragonwcd9380_firmwaresxr2230p_firmwarear8031_firmwarewsa8832_firmwarewcn6856_firmwareqca4004_firmwaremdm9607_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwareqca4020_firmwaressg2125p_firmwarecsra6620_firmwarewcn7851_firmwarewcn6855_firmwarecsra6640_firmwareqcs405_firmwarewcd9335_firmwaremdm8207_firmwaremdm9205_firmwarewcd9385_firmwaremdm9206_firmwaremdm9207_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwarewcn3999_firmwarewcn3980_firmwarewcd9330_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25728
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem due to buffer over-read while processing response from DNS server

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcd9330wcn6856_firmwarecsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380csra6620_firmwaressg2125p_firmwaressg2115pmdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9335_firmwarewcn3980wcn3998wcd9385_firmwaremdm9205mdm9206_firmwarewsa8815sxr2230pqca4020wcn7850wcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwaremdm9207wcd9306mdm8207wcn3999wcn7851ar8031_firmwarewsa8832_firmwareqca4004_firmwaremdm9607_firmwareqcs405qts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810wsa8832qca4020_firmwarewcn6855wcd9335wcn7851_firmwarewcn6856wcd9385ar8031qcs405_firmwaremdm8207_firmwaremdm9205_firmwareqca4024mdm9207_firmwareqca4004csra6640wsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwareqts110_firmwareSnapdragonwcd9380_firmwaresxr2230p_firmwarear8031_firmwarewsa8832_firmwarewcn6856_firmwareqca4004_firmwaremdm9607_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwareqca4020_firmwaressg2125p_firmwarecsra6620_firmwarewcn7851_firmwarewcn6855_firmwarecsra6640_firmwareqcs405_firmwarewcd9335_firmwaremdm8207_firmwaremdm9205_firmwarewcd9385_firmwaremdm9206_firmwaremdm9207_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwarewcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25872
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.99%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 20:05
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory.

Action-Not Available
Vendor-fast_string_search_projectn/a
Product-fast_string_searchfast-string-search
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-7067
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-7.5||HIGH
EPSS-9.98% / 93.13%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 20:38
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OOB Read in urldecode()

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxTenable, Inc.The PHP Group
Product-communications_diameter_signaling_routerphpdebian_linuxtenable.scPHP
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-196
Unsigned to Signed Conversion Error
CVE-2022-25731
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Calculation of Buffer Size in MODEM

Information disclosure in modem due to buffer over-read while processing packets from DNS server

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwareqca4010wcd9330_firmwaresnapdragon_wear_1200_firmwareqca4010_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25726
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in MODEM

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9306wcd9380_firmwarewsa8830snapdragon_wear_1300ssg2125psxr2230p_firmwaremdm8207snapdragon_wear_1200wcd9330snapdragon_x5_lte_modem_firmwarewsa8832_firmwarewcn785x-5wcn685x-5qca4004_firmwarewcn785x-1_firmwareqts110wcd9306_firmwaresxr1230p_firmwarewsa8835wcd9380wsa8832snapdragon_wear_1100_firmwaresnapdragon_ar2_gen_1_platform_firmwaresnapdragon_wear_1200_firmwaressg2125p_firmwaressg2115psnapdragon_ar2_gen_1_platformmdm9206wcn685x-5_firmwarewcn685x-1_firmwaresxr1230pwcd9385wcn685x-1snapdragon_x5_lte_modemmdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwarewcd9385_firmwaremdm9205mdm9206_firmwaremdm9207_firmwareqca4004sxr2230pwsa8830_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_wear_1300_firmwarewcn785x-5_firmwarewcd9330_firmwarewcn785x-1mdm9207qts110_firmwareSnapdragon9205_lte_modem_firmwarewcd9380_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwaresxr2230p_firmwaresnapdragon_x5_lte_modem_firmwaremdm8207_firmwarewsa8832_firmwarewcd9385_firmwarefastconnect_6900_firmwareqca4004_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmware9206_lte_modem_firmwarewsa8830_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8835_firmwarefastconnect_7800_firmwaressg2115p_firmwaresnapdragon_ar2_gen_1_platform_firmwarewcd9330_firmwaressg2125p_firmwareqts110_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3700
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.58%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCA9531, QCA9558, QCA9980, SC8180X, SDM439, SDX55, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9980_firmwaremsm8996au_firmwaresdm439mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqca9531qca9558_firmwareipq8074_firmwareqca6574auqca9558msm8909w_firmwaremdm9607msm8996auqca9980sxr2130sc8180xipq4019_firmwaresm8150_firmwaresxr2130_firmwareipq8074apq8096ausdm439_firmwareipq4019sdx55apq8053apq8096au_firmwaresm8250sm8150qca9531_firmwareipq8064qca6574au_firmwaresdx55_firmwaremsm8909wapq8053_firmwareipq8064_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3755
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.91% / 83.48%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 15:45
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16038
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 83.53%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16031
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.91% / 83.48%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16035
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.92% / 83.53%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-15978
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.06% / 84.11%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10enterprise_linux_desktopflash_playern/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-15980
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-7.84% / 92.06%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-photoshop_ccAdobe Photoshop CC
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-14798
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.01%
||
7 Day CHG~0.00%
Published-01 Oct, 2018 | 13:00
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure.

Action-Not Available
Vendor-Fuji Electric Co., Ltd.
Product-frenic-megafrenic-ecofrenic-multifrenic-mini\(c2\)frenic_loader_3.3_firmwarefrenic-acefrenic-mini\(c1\)FRENIC LOADER of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-42144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.10%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message().

Action-Not Available
Vendor-contiki-ngn/a
Product-contiki-ng_tinydtlsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3777
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.84% / 88.29%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:36
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-12801
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.09% / 84.21%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAcrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-12840
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.62% / 87.92%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-12775
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.09% / 84.21%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsacrobat_reader_dcmac_os_xAcrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8202
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.91% / 83.48%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:23
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-12767
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-3.59% / 87.89%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40400
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.21% / 43.61%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-gerbv_projectGerbv
Product-gerbvGerbv forkedGerbv
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • ...
  • 9
  • 10
  • 11
  • ...
  • 19
  • 20
  • Next
Details not found