Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-35110

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Jun, 2023 | 00:00
Updated At-02 Jan, 2025 | 20:35
Rejected At-
Credits

An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Jun, 2023 | 00:00
Updated At:02 Jan, 2025 | 20:35
Rejected At:
â–¼CVE Numbering Authority (CNA)

An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/grobmeier/jjson/issues/2
N/A
Hyperlink: https://github.com/grobmeier/jjson/issues/2
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/grobmeier/jjson/issues/2
x_transferred
Hyperlink: https://github.com/grobmeier/jjson/issues/2
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Jun, 2023 | 14:15
Updated At:02 Jan, 2025 | 21:15

An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

jjson_project
jjson_project
>>jjson>>Versions up to 0.1.7(inclusive)
cpe:2.3:a:jjson_project:jjson:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/grobmeier/jjson/issues/2cve@mitre.org
Exploit
Issue Tracking
Vendor Advisory
https://github.com/grobmeier/jjson/issues/2af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/grobmeier/jjson/issues/2
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/grobmeier/jjson/issues/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

803Records found

CVE-2016-10196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.21% / 91.47%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

Action-Not Available
Vendor-libevent_projectn/aMozilla CorporationDebian GNU/Linux
Product-libeventdebian_linuxthunderbirdfirefoxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20079
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-10.31% / 95.14%
||
7 Day CHG~0.00%
Published-03 Mar, 2023 | 00:00
Updated-28 Oct, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_ip_phone_7945g_firmwareunified_ip_phone_7945gip_phone_8841ip_phone_8832ip_phone_8861ip_phone_8831_firmwareip_phone_6851ip_phone_8845_firmwareip_phone_8831ip_phone_7841ip_phone_7811_firmwareip_phone_8811ip_phone_7832unified_ip_phone_7965gip_phone_8811_firmwareip_phone_7861_firmwareip_phone_8845ip_phone_8851_firmwareip_phone_6841ip_phone_7821_firmwareip_phone_8841_firmwareunified_ip_phone_7965g_firmwareip_phone_8865_firmwareip_phone_8865ip_phone_6851_firmwareip_phone_6871ip_phone_6871_firmwareunified_ip_phone_7975gip_phone_7841_firmwareip_phone_6825_firmwareip_phone_8832_firmwareip_phone_6825ip_phone_6861ip_phone_6861_firmwareip_phone_7832_firmwareip_phone_7861ip_phone_7811ip_phone_6841_firmwareip_phone_8861_firmwareip_phone_8851ip_phone_7821unified_ip_phone_7975g_firmwareCisco IP Phones with Multiplatform Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0656
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-41.32% / 98.50%
||
7 Day CHG~0.00%
Published-02 Mar, 2023 | 00:00
Updated-07 Mar, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670sonicosnsa_3700nsa_2700nssp_15700nsa_6700nsv_25nsv_100nssp_13700nssp_11700tz470tz570nsa_5700nsv_270nsv_200nsv_50nsv_470nsa_4700nsv_400tz270wnsv_1600tz570wtz570pnsv_800tz370nsv_300tz470wnsv_10tz370wnsv_870nssp_10700tz270SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-9542
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.45% / 87.55%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 14:14
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.

Action-Not Available
Vendor-n/aFreeRADIUSDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxpam_radiusn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-64344
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 22.37%
||
7 Day CHG~0.00%
Published-26 Nov, 2025 | 23:05
Updated-03 Dec, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata is vulnerable to a stack overflow from unbounded stack allocation in LuaPushStringBuffer

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Action-Not Available
Vendor-oisfOISF
Product-suricatasuricata
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-64330
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 23.83%
||
7 Day CHG~0.00%
Published-26 Nov, 2025 | 23:03
Updated-05 Dec, 2025 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata is vulnerable to a heap buffer overflow on verdict

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to crashes. This requires the per packet alert queue to be filled with alerts and then followed by a pass rule. This issue has been patched in versions 7.0.13 and 8.0.2. To reduce the likelihood of this issue occurring, the alert queue size a should be increased (packet-alert-max in suricata.yaml) if verdict is enabled.

Action-Not Available
Vendor-oisfOISF
Product-suricatasuricata
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0618
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.37%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 16:49
Updated-02 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption

A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219958 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-TRENDnet, Inc.
Product-tew-652brp_firmwaretew-652brpTEW-652BRP
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0210
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-71.74% / 99.35%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelLinux Kernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32040
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.97% / 78.00%
||
7 Day CHG+0.11%
Published-12 Apr, 2022 | 14:15
Updated-16 Sep, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Large aggregation pipelines with a specific stage can crash mongod under default configuration

It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16. Workaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.

Action-Not Available
Vendor-MongoDB, Inc.
Product-mongodbMongoDB Servermongodb
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.35% / 81.66%
||
7 Day CHG+0.07%
Published-09 Sep, 2021 | 15:10
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456.

Action-Not Available
Vendor-n/aMediaTek Inc.
Product-mt6771modemmt6785tmt6783mt6762mt6769tmt6765mt6762mmt6739mt6769zmt6769mt6761mt6762dmt6768mt6779mt6765tmt6785mt6767mt6763n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8619
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.90% / 88.98%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).

Action-Not Available
Vendor-n/aDebian GNU/LinuxQEMU
Product-debian_linuxqemun/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32485
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.35% / 81.66%
||
7 Day CHG+0.07%
Published-09 Sep, 2021 | 15:10
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926.

Action-Not Available
Vendor-n/aMediaTek Inc.
Product-mt6771modemmt6785tmt6783mt6762mt6769tmt6765mt6762mmt6739mt6769zmt6769mt6761mt6762dmt6768mt6779mt6765tmt6785mt6767mt6763n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32420
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 47.35%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-04 Oct, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.

Action-Not Available
Vendor-dpic_projectn/a
Product-dpicn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-62602
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-1.7||LOW
EPSS-0.49% / 38.49%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 19:20
Updated-18 Feb, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FastDDS has heap buffer overflow in readData via Manipulated DATA Submessage when DDS Security is enabled

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage are tampered with — specially `readOctetVector` reads an unchecked `vecsize` that is propagated unchanged into `readData` as the `length` parameter — the attacker-contro lled `vecsize` can trigger a 32-bit integer overflow during the `length` calculation. That overflow can cause large alloca tion attempt that quickly leads to OOM, enabling a remotely-triggerable denial-of-service and remote process termination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.

Action-Not Available
Vendor-eprosimaeProsimaDebian GNU/Linux
Product-fast_ddsdebian_linuxFast-DDS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-63456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.30%
||
7 Day CHG-0.02%
Published-10 Nov, 2025 | 00:00
Updated-18 Nov, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803ax1803_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-31383
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.73%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 18:17
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: In Point to MultiPoint (P2MP) scenarios receipt of various crafted packets causes RPD to core.

In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. Juniper Networks Junos OS Evolved 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-31227
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.68% / 74.04%
||
7 Day CHG~0.00%
Published-19 Aug, 2021 | 10:50
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.

Action-Not Available
Vendor-hcc-embeddedn/a
Product-nichestackn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25897
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.12%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 00:00
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841nd_firmwaretl-wr841ndn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29930
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 62.58%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 04:25
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default().

Action-Not Available
Vendor-arenavec_projectn/a
Product-arenavecn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.36% / 93.65%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:33
Updated-15 Aug, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmwareruntime_toolkit750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204plcwinnt750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.12%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 00:00
Updated-20 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841nd_firmwaretl-wr841ndn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27633
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.31%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_abapSAP NetWeaver AS for ABAP (RFC Gateway)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-45689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.76% / 50.84%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hutool-json v5.8.10 was discovered to contain an out of memory error.

Action-Not Available
Vendor-hutooln/a
Product-hutooln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27799
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.37% / 81.74%
||
7 Day CHG~0.00%
Published-26 Feb, 2021 | 21:31
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.

Action-Not Available
Vendor-zintn/a
Product-barcode_generatorn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-37.99% / 98.37%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 15:44
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aIrfanView
Product-wpgirfanviewn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43864
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 52.95%
||
7 Day CHG~0.00%
Published-28 Sep, 2023 | 00:00
Updated-23 Sep, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-619ldir-619l_firmwaren/adir-619l
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27477
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.33%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 12:01
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.

Action-Not Available
Vendor-jtektn/a
Product-plus_bus-expc10p_firmwarenano_2etpc10p-dpnano_cpufl\/et-t-v2h2port-efr_firmwarepc10bnano_10gx_firmwareplus_efrplus_efr2_firmwarepc10p-dp_firmwareplus_cpupc10pe-16\/16p_firmwarenano_2et_firmwarepc10p-dp-iopc10eplus_2p-efrplus_ex2plus_efr2plus_2p-efr_firmwarepc10ge_firmwarepc10g-cpuplus_ex_firmwarepc10gepc10b_firmwarenano_10gxpc10e_firmwareplus_cpu_firmwareplus_expc10b-p_firmwarepc10p2port-efrpc10pe_firmwarepc10g-cpu_firmwarepc10pefl\/et-t-v2h_firmwarepc10p-dp-io_firmwareplus_ex2_firmwarepc10pe-16\/16pplus_bus-ex_firmwarenano_cpu_firmwareplus_efr_firmwarepc10b-pJTEKT Corporation TOYOPUC PLC
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40068
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 53.97%
||
7 Day CHG+0.01%
Published-19 Sep, 2022 | 14:39
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac21_firmwareac21n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25372
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.53%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 00:00
Updated-30 Apr, 2026 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module.

Action-Not Available
Vendor-nasan/a
Product-core_flight_systemn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18290
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.13%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 00:00
Updated-27 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-60662
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.54%
||
7 Day CHG+0.01%
Published-02 Oct, 2025 | 00:00
Updated-07 Oct, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18ac18_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.12%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 00:00
Updated-18 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841nd_firmwaretl-wr841ndn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25290
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.37% / 81.79%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 03:29
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

Action-Not Available
Vendor-n/aDebian GNU/LinuxPython Software Foundation
Product-pillowdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-26620
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.95% / 56.90%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 15:52
Updated-11 May, 2026 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
s390/vfio-ap: always filter entire AP matrix

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filtering the matrix of adapters and domains assigned to the mdev. When an adapter or domain is assigned, only the APQNs associated with the APID of the new adapter or APQI of the new domain are inspected. If an APQN does not reference a queue device bound to the vfio_ap device driver, then it's APID will be filtered from the mdev's matrix when updating the guest's AP configuration. Inspecting only the APID of the new adapter or APQI of the new domain will result in passing AP queues through to a guest that are not bound to the vfio_ap device driver under certain circumstances. Consider the following: guest's AP configuration (all also assigned to the mdev's matrix): 14.0004 14.0005 14.0006 16.0004 16.0005 16.0006 unassign domain 4 unbind queue 16.0005 assign domain 4 When domain 4 is re-assigned, since only domain 4 will be inspected, the APQNs that will be examined will be: 14.0004 16.0004 Since both of those APQNs reference queue devices that are bound to the vfio_ap device driver, nothing will get filtered from the mdev's matrix when updating the guest's AP configuration. Consequently, queue 16.0005 will get passed through despite not being bound to the driver. This violates the linux device model requirement that a guest shall only be given access to devices bound to the device driver facilitating their pass-through. To resolve this problem, every adapter and domain assigned to the mdev will be inspected when filtering the mdev's matrix.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-60339
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 29.15%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 00:00
Updated-27 Oct, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the schedStartTime and schedEndTime parameters.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24326
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.9||HIGH
EPSS-0.38% / 29.65%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 17:31
Updated-08 Aug, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Advanced WAF/ASM BADoS vulnerability

When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_security_managerBIG-IP
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22788
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.45%
||
7 Day CHG+0.02%
Published-11 Feb, 2022 | 17:40
Updated-29 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-tsxp576634_firmwarebmxnoc0401_firmwarebmxnoe0110140cpu65150140noc77101bmxnoe0110_firmware140noc77101_firmwaretsxety4103bmxnor0200h_rtu140noe771x1_firmwarebmxnoe0100tsxp575634140noc78x00_firmwaremodicon_m340_bmxp342020tsxp574634_firmwaretsxety5103tsxety4103_firmwaretsxp576634140noc78x00bmxnoe0100_firmwaremodicon_m340_bmxp342020_firmware140noe771x1bmxnor0200h_rtu_firmwaretsxety5103_firmwaretsxp575634_firmwarebmxnoc0401tsxp574634140cpu65150_firmwareModicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22414
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.68% / 47.76%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:47
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-6021
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.67%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 12:49
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Action-Not Available
Vendor-Red Hat, Inc.libxml2 (XMLSoft)Siemens AG
Product-enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_ibm_z_systemslibxml2enterprise_linux_for_power_little_endian_eusenterprise_linux_for_arm_64_eusopenshift_container_platform_for_arm64openshift_container_platform_for_powerjboss_core_servicesenterprise_linux_serverenterprise_linux_for_arm_64in-vehicle_operating_systementerprise_linuxenterprise_linux_for_power_little_endianopenshift_container_platform_for_linuxoneenterprise_linux_eusenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_for_ibm_z_systems_eusopenshift_container_platformopenshift_container_platform_for_ibm_zRed Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Hardened ImagesRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.14Red Hat JBoss Core Services 2.4.62.SP2Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19SIMATIC CN 4100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21257
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-1.09% / 61.26%
||
7 Day CHG~0.00%
Published-18 Jun, 2021 | 20:55
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds write in RPL-Classic and RPL-Lite

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attacker to cause out-of-bounds writes with packets injected into the network stack. Specifically, the problem lies in the rpl_ext_header_srh_update function in the two rpl-ext-header.c modules for RPL-Classic and RPL-Lite respectively. The addr_ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered on line 151 in os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in os/net/routing/rpl-classic/rpl-ext-header.c, which contain the following memcpy call with addr_ptr as destination. The problem has been patched in Contiki-NG 4.6. Users can apply a patch out-of-band as a workaround.

Action-Not Available
Vendor-contiki-ngcontiki-ng
Product-contiki-ngcontiki-ng
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20587
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-3.66% / 88.28%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 19:55
Updated-13 Jun, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) versions 1.003D and prior, iQ Monozukuri Process Remote Monitoring (Data Transfer) versions 1.002C and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior, and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition on the software products, and possibly to execute a malicious code on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_remoteservice-ifr_configurator_sw3gt_softgot1000data_transfermelsoft_navigatormelsoft_em_software_development_kitiq_monozukuri_andonm_commdtm-io-linkgx_logviewergx_developermt_works2network_interface_board_mneth_utilitycw_configuratorezsocketiq_monozukuri_process_remote_monitoringgx_configurator-qpgx_iec_developergx_configurator-dpgt_softgot2000mh11_settingtool_version2fr_configuratorgt_designer3rt_toolbox3mi_configuratorslmp_data_collectorpx_developerrt_toolbox2setting\/monitoring_tools_for_the_c_controller_modulenetwork_interface_board_cc_ie_field_utilitynetwork_interface_board_cc_ie_control_utilitynetwork_interface_board_cc-linkgx_works2gx_explorerm_commdtm-hartcpu_module_logging_configuration_toolc_controller_module_setting_and_monitoring_toolfr_configurator2melfa-worksmelsec_wincpu_setting_utilitygx_works3mx_componentGX Configurator-QPCW ConfiguratorGT SoftGOT2000 Version1FR ConfiguratorM_CommDTM-HARTMELSOFT EM Software Development Kit (EM Configurator)GX ExplorerMELSEC WinCPU Setting UtilityRT ToolBox3M_CommDTM-IO-LinkGX Works3iQ Monozukuri Process Remote Monitoring (Data Transfer)Network Interface Board CC IE Control utilityNetwork Interface Board MNETH utilityGT SoftGOT1000 Version3FR Configurator2EZSocketMT Works2PX DeveloperNetwork Interface Board CC-Link Ver.2 UtilityMELSOFT NavigatorGX Configurator-DPMELFA-WorksSetting/monitoring tools for the C Controller module (SW4PVC-CCPU)Network Interface Board CC IE Field UtilityGT Designer3 Version1(GOT1000)GT Designer3 Version1(GOT2000)CPU Module Logging Configuration TooliQ Monozukuri ANDON (Data Transfer)GX IEC DeveloperGX DeveloperFR Configurator SW3SLMP Data CollectorGX Works2GX RemoteService-IData TransferRT ToolBox2MH11 SettingTool Version2MX ComponentMI ConfiguratorGX LogViewer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20986
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.63%
||
7 Day CHG~0.00%
Published-16 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hilscher: Denial of Service vulnerability in PROFINET IO Device

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.

Action-Not Available
Vendor-pepperl-fuchshilscherHilscherPepper+Fuchs
Product-profinet_io_device_firmwarewcs3b-ls610dhpxv100aq-f200-b28-v1d-6011_firmwarepha300-f200-b17-v1dpha800-f200-b17-v1dpcv100-f200-b17-v1d-6011_firmwarepha200-f200a-b17-v1dpcv80-f200-b17-v1dpxv100-f200-b17-v1d-3636_firmwarepxv100aq-f200-b28-v1d-6011oit500-f113b17-cb_firmwarepha400-f200a-b17-t-v1dwcs3b-ls610dwcs3b-ls610d-omohv-f230-b17pxv100-f200-b17-v1dpgv100aq-f200a-b28-v1dohv-f230-b17_firmwarepgv100a-f200a-b28-v1d_firmwarepxv100-f200-b17-v1d-3636pgv100a-f200-b28-v1d_firmwarepha200-f200a-b17-t-v1dpgv100a-f200-b28-v1dpha600-f200a-b17-v1doit500-f113b17-cbpcv100-f200-b17-v1d-6011-8203_firmwarepgv100a-f200a-b28-v1dpha300-f200-b17-t-v1dwcs3b-ls610dh-ompxv100aq-f200-b28-v1dpha400-f200a-b17-v1dpha500-f200a-b17-t-v1dpha400-f200-b17-v1dpcv50-f200-b17-v1dpgv100-f200-b17-v1d-7477pha500-f200-b17-v1dwcs_firmwarepcv100-f200-b17-v1d_firmwarepxv100a-f200-b28-v1d_firmwarepha500-f200a-b17-v1dpcv100-f200-b17-v1dpha700-f200-b17-v1dpgv150i-f200a-b17-v1d_firmwarepcv100-f200-b17-v1d-6011-8203pha_firmwarepha300-f200a-b17-v1dpgv100-f200a-b17-v1dpha600-f200-b17-v1dpxv100a-f200-b28-v1d-6011_firmwarewcs3b-ls610h-ompha300-f200a-b17-t-v1dpgv100aq-f200-b28-v1dpgv100aq-f200a-b28-v1d_firmwarepgv100-f200a-b17-v1d_firmwarepcv80-f200-b17-v1d_firmwarepha150-f200a-b17-v1dpxv100a-f200-b28-v1d-6011wcs3b-ls610-ompgv100-f200-b17-v1d-7477_firmwarepxv100aq-f200-b28-v1d_firmwarepcv50-f200-b17-v1d_firmwareprofinet_io_devicepcv100-f200-b17-v1d-6011-6997_firmwarewcs3b-ls610pha200-f200-b17-v1dpcv100-f200-b17-v1d-6011pcv100-f200-b17-v1d-6011-6997pgv150i-f200a-b17-v1dpxv100a-f200-b28-v1dpgv100aq-f200-b28-v1d_firmwarepxv100-f200-b17-v1d_firmwarewcs3b-ls610hpha150-f200-b17-v1dOHVPROFINET IO DeviceWCSPHAPXV/PGV B28 ProfisafePCV/PXV/PGVOIT
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20298
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.22% / 65.13%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-openexrn/aDebian GNU/Linux
Product-openexrdebian_linuxOpenEXR
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1573
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.31% / 67.09%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:55
Updated-06 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliancefirepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1504
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.66% / 73.74%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:31
Updated-08 Nov, 2024 | 23:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1445
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.66% / 73.74%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:30
Updated-08 Nov, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-24851
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.42% / 69.65%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 15:30
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.

Action-Not Available
Vendor-AutomationDirect
Product-p1-540_firmwarep3-550e_firmwarep3-550_firmwarep3-530p1-550_firmwarep2-550p3-550ep3-550p2-550_firmwarep1-540p3-530_firmwarep1-550P3-550Ep3-550e_firmware
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23329
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 24.74%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 22:00
Updated-25 Sep, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python backend. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationNVIDIA Corporation
Product-linux_kerneltriton_inference_serverwindowsTriton Inference Server
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-25200
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 48.97%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 00:00
Updated-20 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.

Action-Not Available
Vendor-espruinon/a
Product-espruinon/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found