Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-25857

Summary
Assigner-VDOO
Assigner Org ID-6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24
Published At-03 Feb, 2021 | 16:48
Updated At-04 Aug, 2024 | 15:49
Rejected At-
Credits

The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VDOO
Assigner Org ID:6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24
Published At:03 Feb, 2021 | 16:48
Updated At:04 Aug, 2024 | 15:49
Rejected At:
▼CVE Numbering Authority (CNA)

The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.

Affected Products
Vendor
n/a
Product
Realtek RTL8195A Wi-Fi Module
Versions
Affected
  • Versions before 2020-04-21 (up to and excluding 2.08)
Problem Types
TypeCWE IDDescription
CWECWE-121Stack buffer overflow (CWE-121)
Type: CWE
CWE ID: CWE-121
Description: Stack buffer overflow (CWE-121)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/
x_refsource_CONFIRM
Hyperlink: https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vuln@vdoo.com
Published At:03 Feb, 2021 | 17:15
Updated At:08 Feb, 2021 | 19:19

The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Realtek Semiconductor Corp.
realtek
>>rtl8195a_firmware>>Versions before 2.08(exclusive)
cpe:2.3:o:realtek:rtl8195a_firmware:*:*:*:*:*:*:*:*
Realtek Semiconductor Corp.
realtek
>>rtl8195a>>-
cpe:2.3:h:realtek:rtl8195a:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondaryvuln@vdoo.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: vuln@vdoo.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/vuln@vdoo.com
Exploit
Third Party Advisory
Hyperlink: https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered/
Source: vuln@vdoo.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1121Records found

CVE-2021-35392
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-83.15% / 99.64%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 11:07
Updated-13 Aug, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl819x_jungle_software_development_kitn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34326
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.43%
||
7 Day CHG~0.00%
Published-27 Sep, 2022 | 00:00
Updated-21 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195am_firmwarertl8195amn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-44531
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.51%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 00:00
Updated-09 Jul, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8762e_software_development_kitrtl8762ekf-evbn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-26652
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.93%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.

Action-Not Available
Vendor-n/aaircrack-ngRealtek Semiconductor Corp.
Product-rtl8812aurtl8812au_firmwaren/aaircrack-ng
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-25853
Matching Score-8
Assigner-JFrog
ShareView Details
Matching Score-8
Assigner-JFrog
CVSS Score-7.5||HIGH
EPSS-1.25% / 65.72%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 16:49
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195artl8195a_firmwareRealtek RTL8195A Wi-Fi Module
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-23539
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.79% / 75.64%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 16:45
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8723dertl8723de_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-25480
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.97%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-25 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtsuerrtspern/artsper_pcie_card_reader_driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-21778
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.94% / 56.68%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:25
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOneleveloneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr-6013
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50330
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-1.10% / 61.67%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOneleveloneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr-6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50240
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-1.41% / 69.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50244
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-1.41% / 69.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50239
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-1.41% / 69.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49867
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-1.10% / 61.67%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48270
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.89% / 55.06%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49073
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.89% / 55.06%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47856
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-1.41% / 69.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-45215
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-1.04% / 59.82%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41251
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-1.28% / 66.57%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49595
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.89% / 55.06%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50243
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-1.41% / 69.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:22
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39306
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.26% / 66.16%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 18:08
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195am_firmwarertl8195amn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-35393
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-70.33% / 99.31%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 11:07
Updated-13 Aug, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl819x_jungle_software_development_kitn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9395
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.78% / 51.36%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 21:09
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8711afrtl8711am_firmwarertl8710af_firmwarertl8195amrtl8195am_firmwarertl8711amrtl8711af_firmwarertl8710afn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27302
Matching Score-6
Assigner-JFrog
ShareView Details
Matching Score-6
Assigner-JFrog
CVSS Score-8||HIGH
EPSS-2.01% / 78.47%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 12:24
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195artl8710c_firmwarertl8710crtl8195a_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27301
Matching Score-6
Assigner-JFrog
ShareView Details
Matching Score-6
Assigner-JFrog
CVSS Score-8||HIGH
EPSS-1.99% / 78.24%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 12:24
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195artl8710c_firmwarertl8710crtl8195a_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-25855
Matching Score-6
Assigner-JFrog
ShareView Details
Matching Score-6
Assigner-JFrog
CVSS Score-8.1||HIGH
EPSS-2.64% / 83.70%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 16:49
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195artl8195a_firmwareRealtek RTL8195A Wi-Fi Module
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-25854
Matching Score-6
Assigner-JFrog
ShareView Details
Matching Score-6
Assigner-JFrog
CVSS Score-8.1||HIGH
EPSS-2.64% / 83.70%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 16:49
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195artl8195a_firmwareRealtek RTL8195A Wi-Fi Module
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-25856
Matching Score-6
Assigner-JFrog
ShareView Details
Matching Score-6
Assigner-JFrog
CVSS Score-8.1||HIGH
EPSS-2.16% / 79.97%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 16:49
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195artl8195a_firmwareRealtek RTL8195A Wi-Fi Module
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25454
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 37.80%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 00:00
Updated-22 Apr, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac10_firmwareac10n/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-3283
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.96% / 77.85%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:41
Updated-15 Nov, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5510_firmwarefirepower_1010firepower_1020asa_5585-x_firmwareasa_5520asa_5505_firmwareasa_5510asa_5540_firmwareasa_5580_firmwarefirepower_1040asa_5520_firmwareasa_5515-xfirepower_1030asa_5550asa_5545-x_firmwareasa_5545-xasa_5525-x_firmwareasa_5505asa_5540asa_5555-xasa_5580asa_5585-xasa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5512-x_firmwareasa_5550_firmwareasa_5512-xfirepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25372
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.53%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 00:00
Updated-30 Apr, 2026 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module.

Action-Not Available
Vendor-nasan/a
Product-core_flight_systemn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-69765
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.04%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax3_firmwareax3n/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-25898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.12%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 00:00
Updated-18 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841nd_firmwaretl-wr841ndn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25897
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.12%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 00:00
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841nd_firmwaretl-wr841ndn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-16226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.93%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 14:47
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

Action-Not Available
Vendor-py-lmdb_projectn/a
Product-py-lmdbn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 37.80%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 00:00
Updated-22 Apr, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac10_firmwareac10n/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-26785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.13%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 00:00
Updated-27 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.83%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 00:00
Updated-22 Apr, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac10_firmwareac10n/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-16159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.15% / 86.38%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 14:34
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.

Action-Not Available
Vendor-nicn/aDebian GNU/LinuxopenSUSEFedora Project
Product-birdbackports_sledebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24326
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.9||HIGH
EPSS-0.38% / 29.65%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 17:31
Updated-08 Aug, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Advanced WAF/ASM BADoS vulnerability

When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_security_managerBIG-IP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.58%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac21_firmwareac21n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-29573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.77% / 84.51%
||
7 Day CHG~0.00%
Published-05 Dec, 2020 | 23:18
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNU
Product-glibcenterprise_linuxsolidfire_baseboard_management_controllercloud_backupn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-9698
Matching Score-4
Assigner-CPAN Security Group
ShareView Details
Matching Score-4
Assigner-CPAN Security Group
CVSS Score-7.5||HIGH
EPSS-0.38% / 29.55%
||
7 Day CHG-0.03%
Published-09 Jun, 2026 | 07:22
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

Action-Not Available
Vendor-perlHMBRANDRed Hat, Inc.
Product-dbiDBIRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23329
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 24.74%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 22:00
Updated-25 Sep, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python backend. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationNVIDIA Corporation
Product-linux_kerneltriton_inference_serverwindowsTriton Inference Server
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23328
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 27.55%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 21:59
Updated-25 Sep, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationNVIDIA Corporation
Product-linux_kerneltriton_inference_serverwindowsTriton Inference Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.25%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-12 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac15_firmwareac15n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.12%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 00:00
Updated-07 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.58%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac15ac15_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.58%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac21_firmwareac21n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44010
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.52%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 00:00
Updated-03 Aug, 2024 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

Action-Not Available
Vendor-clickhousen/a
Product-clickhousen/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found