Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-36838

Summary
Assigner-juniper
Assigner Org ID-8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At-14 Jul, 2023 | 16:26
Updated At-22 Oct, 2024 | 14:31
Rejected At-
Credits

Junos OS: SRX Series: A flowd core occurs when running a low privileged CLI command

An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS). If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:juniper
Assigner Org ID:8cbe9d5a-a066-4c94-8978-4b15efeae968
Published At:14 Jul, 2023 | 16:26
Updated At:22 Oct, 2024 | 14:31
Rejected At:
▼CVE Numbering Authority (CNA)
Junos OS: SRX Series: A flowd core occurs when running a low privileged CLI command

An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS). If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.

Affected Products
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Junos OS
Platforms
  • SRX Series
Default Status
unaffected
Versions
Affected
  • From unspecified before 20.2R3-S7 (custom)
  • From 20.3 before 20.3* (custom)
    • -> affectedfrom20.3R1
  • From 20.4 before 20.4R3-S6 (custom)
  • From 21.1 before 21.1R3-S5 (custom)
  • From 21.2 before 21.2R3-S4 (custom)
  • From 21.3 before 21.3R3-S4 (custom)
  • From 21.4 before 21.4R3-S3 (custom)
  • From 22.1 before 22.1R3-S1 (custom)
  • From 22.2 before 22.2R3 (custom)
  • From 22.3 before 22.3R2 (custom)
  • From 22.4 before 22.4R1-S1, 22.4R2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
N/AN/ADenial of Service (DoS)
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Type: N/A
CWE ID: N/A
Description: Denial of Service (DoS)
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The following software releases have been updated to resolve this specific issue: Junos OS 20.2R3-S7, 20.4R3-S6, 21.1R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 22.1R3-S1, 22.2R3, 22.3R2, 22.4R1-S1, 22.4R2, 23.1R1, and all subsequent releases.

Configurations
Workarounds

There are no available workarounds for this issue.

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://supportportal.juniper.net/JSA71645
N/A
Hyperlink: https://supportportal.juniper.net/JSA71645
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://supportportal.juniper.net/JSA71645
x_transferred
Hyperlink: https://supportportal.juniper.net/JSA71645
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:sirt@juniper.net
Published At:14 Jul, 2023 | 17:15
Updated At:27 Jul, 2023 | 13:28

An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS). If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Juniper Networks, Inc.
juniper
>>junos>>Versions before 20.2(exclusive)
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.2
cpe:2.3:o:juniper:junos:20.2:r3-s6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3-s5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.3
cpe:2.3:o:juniper:junos:20.3:r3-s6:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>20.4
cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>21.1
cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarysirt@juniper.net
CWE ID: CWE-125
Type: Primary
Source: sirt@juniper.net
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://supportportal.juniper.net/JSA71645sirt@juniper.net
Vendor Advisory
Hyperlink: https://supportportal.juniper.net/JSA71645
Source: sirt@juniper.net
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

180Records found
CVE-2023-33060
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.06%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:47
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Core

Transient DOS in Core when DDR memory check is called while DDR is not initialized.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_8_gen_1_mobile_platformwsa8830qca8337_firmwarewcd9380_firmwareqca8337qfw7124sg8275p_firmwareqcm8550ar8035_firmwareqcn6224_firmwarewsa8840wsa8835wcn3950_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwareqcn6274wcd9380fastconnect_6700snapdragon_x70_modem-rf_systemwcd9370snapdragon_4_gen_2_mobile_platform_firmwareqca6584au_firmwaresg8275psnapdragon_8_gen_2_mobile_platformqfw7114_firmwarewcd9385_firmwarewsa8845wcn3950qcn6024_firmwarewcd9340_firmwarewsa8815wsa8845_firmwaresnapdragon_4_gen_2_mobile_platformqcn9024wsa8845h_firmwareqca8081_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114fastconnect_7800qca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwaresnapdragon_x70_modem-rf_system_firmwaresnapdragon_x65_5g_modem-rf_systemwsa8840_firmwareqca6698aqwsa8832_firmwarefastconnect_6900snapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwareqcs8550_firmwarewcn3988_firmwaresnapdragon_8\+_gen_1_mobile_platformfastconnect_6700_firmwarewcd9340qcn9024_firmwarewsa8810_firmwareqcn6224fastconnect_7800_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8810wsa8845hwsa8832wcd9395_firmwaresnapdragon_x75_5g_modem-rf_systemqca8081sm8550psnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwareqcm4490snapdragon_auto_5g_modem-rf_gen_2snapdragon_auto_5g_modem-rf_gen_2_firmwarewcd9385qcc710qcs4490wcd9395qcs8550ar8035wcd9370_firmwaresm8550p_firmwarewcd9390qcc710_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwareqcn6024wcn3988wsa8815_firmwarewsa8835_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwareqfw7124_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14574
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.71%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 19:04
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-graphics_drivercloud_backupsteelstore_cloud_integrated_storagesolidfire_baseboard_management_controller_firmwaresolidfire_baseboard_management_controllerdata_availability_services2019.2 IPU – Intel(R) Graphics Driver for Windows* and Linux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21008
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-10 Jul, 2025 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidlibsavsvc.so
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21009
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-10 Jul, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidlibsavsvc.so
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20687
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.97%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 02:00
Updated-14 Jul, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418045; Issue ID: MSV-3481.

Action-Not Available
Vendor-MediaTek Inc.
Product-nbiot_sdkmt7925mt7927mt7920mt7922mt7921mt7902MT7902, MT7920, MT7921, MT7922, MT7925, MT7927
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28786
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.31%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28787
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.31%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-9843
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-5||MEDIUM
EPSS-0.03% / 6.77%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 16:13
Updated-17 Jan, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

Action-Not Available
Vendor-Ivanti SoftwareApple Inc.
Product-macossecure_access_clientSecure Access Clientsecure_access_client
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28785
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.31%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-47402
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.25%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Out-of-bounds Read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-8754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.17%
||
7 Day CHG~0.00%
Published-18 Mar, 2018 | 03:00
Updated-05 Aug, 2024 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub

Action-Not Available
Vendor-libevt_projectn/aDebian GNU/Linux
Product-debian_linuxlibevtn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-45559
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.41%
||
7 Day CHG~0.00%
Published-06 Jan, 2025 | 10:33
Updated-28 Feb, 2025 | 06:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Automotive OS Platform

Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-srv1l_firmwaresa8770p_firmwareqamsrv1hsa7775psa8255pqam8620pqam8255p_firmwaresa8540pqamsrv1m_firmwareqam8255pqam8775p_firmwaresa7255pqam8295p_firmwareqca6595srv1hsa8620p_firmwaresrv1h_firmwaresa8650pqca6595au_firmwareqam8650psa8770pqam8650p_firmwaresa8620psrv1lsa8255p_firmwaresa8650p_firmwaresa8540p_firmwareqca6696_firmwaresa8775psa9000p_firmwareqca6595ausa7255p_firmwareqamsrv1h_firmwaresrv1mqam8775psa7775p_firmwareqam8295pqam8620p_firmwaresa8295p_firmwaresa9000pqca6696sa8295psa8775p_firmwaresrv1m_firmwareqamsrv1mqca6595_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-7858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.99%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

Action-Not Available
Vendor-n/aopenSUSEQEMUCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationqemuenterprise_linux_server_tusenterprise_linux_desktopleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-40816
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:16
Updated-25 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system shutdown.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-21133
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.17%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trace_analyzer_and_collectorIntel(R) Trace Analyzer and Collector
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-47586
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.78%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 14:53
Updated-04 May, 2025 | 07:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array member is empty, so the memory after the ops structure is being read here. It seems that mostly this happens to contain zero anyway, so we get lucky and everything still works. To avoid adding redundant data to nearly all the ops structures, add a new flag to indicate whether the regs field is valid and avoid this loop when it is not.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7718
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.80%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemun/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-26660
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.11%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:22
Updated-04 May, 2025 | 08:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm/amd/display: Implement bounds check for stream encoder creation in DCN301

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in dcn301_stream_encoder_create reported by Smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-29547
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.5||LOW
EPSS-0.01% / 1.87%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 19:10
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat<T>()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-50612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.93%
||
7 Day CHG~0.00%
Published-27 Oct, 2024 | 00:00
Updated-05 Nov, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.

Action-Not Available
Vendor-libsndfile_projectn/alibsndfile_project
Product-libsndfilen/alibsndfile
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-50259
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.98%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 10:15
Updated-04 May, 2025 | 09:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()

In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() This was found by a static analyzer. We should not forget the trailing zero after copy_from_user() if we will further do some string operations, sscanf() in this case. Adding a trailing zero will ensure that the function performs properly.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-50208
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.43%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 06:07
Updated-04 May, 2025 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (contiguous pages in the case of > PAGE_SIZE), but, current logic assumes multiple pages, leading to invalid memory access after 256K PBL entries in the PDE.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-24347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.17%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 18:52
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-45182
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 00:00
Updated-29 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.

Action-Not Available
Vendor-wibun/awibuMicrosoft Corporation
Product-windowswibukeyn/awibukey
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-43056
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.56%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Hypervisor

Transient DOS during hypervisor virtual I/O operation in a virtual machine.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresdm429w_firmwarerobotics_rb3qcm8550_firmwaresd865_5gwcn6650qca6595snapdragon_8\+_gen_1vision_intelligence_400_qca8081_firmwarewcd9370snapdragon_429_firmwareqca6696qam8620p_firmwarewcd9340_firmwarewcd9341_firmwaresxr2330p_firmwarewcd9395_firmwarewcn7881_firmwarewcn6450qcc710_firmwareqca6426fastconnect_6700snapdragon_888_5gwsa8832_firmwarevision_intelligence_300__firmwareqca8337qdu1110qca6426_firmwarewcd9395snapdragon_4_gen_2_firmwaresc8180xp-aaabqca6574au_firmwareqam8295pwcd9341qca6574auwcd9390sa8620p_firmwarewsa8810_firmwarewsa8845h_firmwaresnapdragon_429sa9000p_firmwaresc8180xp-acafsnapdragon_865\+_5gsrv1hsm8650q_firmwarewcn3660b_firmwaresnapdragon_765_5gqcs9100sdx80msnapdragon_8\+_gen_2fastconnect_6800_firmwareqcs5430snapdragon_ar1_gen_1_snapdragon_x24_ltesnapdragon_865\+_5g_firmwaresnapdragon_x65_5gqcm5430qcm5430_firmwaresnapdragon_888\+_5g_firmwaresa8770pssg2115pqcc710snapdragon_x50_5gsnapdragon_wear_4100\+_sa8540pqsm8350_firmwaresnapdragon_765g_5g_firmwaresnapdragon_4_gen_2fastconnect_6900snapdragon_8_gen_2_firmwaresnapdragon_x72_5gqru1032_firmwareqep8111sa7255psm8635qfw7114wcd9385_firmwareqca6421qca6310qam8255p_firmwaresnapdragon_670snapdragon_678_firmwaresa8155_firmwareqca6335qcs4490snapdragon_x50_5g_firmwarewsa8845snapdragon_850_firmwaresa6155pqca6421_firmwaresnapdragon_850sc8180x-adqca6564au_firmwarewsa8810qam8650pqdu1000_firmwaresa9000psnapdragon_855_firmwaresnapdragon_670_firmwaresnapdragon_wear_4100\+__firmwaresrv1h_firmwaresnapdragon_678qca6595ausxr2250p_firmwaresnapdragon_865_5g_firmwareqdu1010wcd9326_firmwaresa6155p_firmwarewsa8840srv1m_firmwareqcs8550_firmwareqdu1210_firmwareqfw7124_firmwareqca6436_firmwaresnapdragon_x35_5g_firmwareqcs4490_firmwaresnapdragon_675_firmwaresm8635pqca6420wcd9370_firmwaresnapdragon_8_gen_2snapdragon_765_5g_firmwareqdu1110_firmwareqdu1000wcn3660bqca6574asa7255p_firmwarewcn3620_firmwareqca6174awcd9340qdu1210talynplussnapdragon_auto_5g_modem-rf_gen_2qca6335_firmwaresa8540p_firmwareqcm6490sm8550p_firmwaresnapdragon_x55_5g_firmwareqcm8550wcn3988sxr2250pqcn9274sa8775pqca6574sxr2230p_firmwaresd675_firmwareqca6430_firmwaresa8775p_firmwaresnapdragon_ar2_gen_1__firmwareqamsrv1hsdx57mwsa8845hwcd9326sm8650qsa8155p_firmwareqca6564asnapdragon_855\+sa8155pwsa8830snapdragon_870_5g_firmwaresm8550psa6145psnapdragon_x65_5g_firmwaresm7675_firmwaresa8255p_firmwaresnapdragon_888\+_5gsnapdragon_xr2_5g_snapdragon_x75_5gar8035sm7635_firmwareqamsrv1m_firmwaresa6155sa8650p_firmwarewcn3620wcn6450_firmwaresnapdragon_860snapdragon_x72_5g_firmwaresrv1l_firmwareqcs9100_firmwareqcn6224sa7775p_firmwarewcn3950_firmwareqca6698aqsm7635ssg2125p_firmwarefastconnect_6200sd670wcn3680bwcd9378sc8180x-acaf_firmwaresm8635p_firmwareqdx1011sa8150p_firmwaresnapdragon_768g_5gfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990robotics_rb3_firmwaresd670_firmwareqcs6490sc8180xp-acaf_firmwarefastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwarewsa8845_firmwarewsa8832wcd9378_firmwaresdx57m_firmwaresrv1lsxr2130_firmwaresm7675psrv1mvision_intelligence_300_qca6678aqar8035_firmwaresc8180xp-aaab_firmwaresc8380xpsnapdragon_845_firmwarevision_intelligence_400__firmwareqca6564ausm4635sc8180xp-adsc8280xp-abbbwsa8815_firmwaresnapdragon_865_5gqca8337_firmwaresg8275p_firmwareqca9377_firmwaresnapdragon_x62_5gsnapdragon_ar2_gen_1_qcm6490_firmwaresm7250p_firmwaresm4635_firmwaresnapdragon_ar1_gen_1__firmwareqcm4490_firmwareqru1032wcn3950qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaretalynplus_firmwaresa8295p_firmwaresd_675_firmwaresnapdragon_855\+_firmwaresm7250psc8180x-acafsa8155sd_8cx_firmwaresnapdragon_768g_5g_firmwaresc8180x-ad_firmwareqcn6274_firmwareqca6584auwcn6755_firmwareqru1062_firmwarewcn6650_firmwaresc8380xp_firmwareqru1062qca6310_firmwarefastconnect_6800qfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwaresm8635_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwaresa6155_firmwareqam8255psxr2230psa8150pwcn6755sxr2330psnapdragon_888_5g_firmwaresnapdragon_765g_5gsnapdragon_8\+_gen_2_firmwaresc8180x-aaabsxr1230psc8180x-aaab_firmwarewcn7881sm6650video_collaboration_vc3_platformaqt1000qam8295p_firmwaresd855qca6431_firmwaresnapdragon_8_gen_1_firmwarewcn3990_firmwareqca6698aq_firmwareqca6564a_firmwarewcd9385qsm8350snapdragon_8_gen_1sa8255psxr1230p_firmwarewcd9390_firmwaresnapdragon_x62_5g_firmwaresnapdragon_8_gen_3qep8111_firmwareqca6430sg8275psnapdragon_855sdx55_firmwareqdx1011_firmwaresnapdragon_x55_5gsc8180xp-ad_firmwaressg2125pqru1052sxr2130qcm4490snapdragon_870_5gqamsrv1mqca6174a_firmwarewcn7861_firmwarewcn7861snapdragon_845qam8650p_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresm6650_firmwaresdm429wqam8620pwcn3980_firmwaresd855_firmwareqca6436qca6584au_firmwareqcn6274wsa8835wsa8840_firmwareqca6391_firmwareqfw7124qca6595au_firmwareqdu1010_firmwareqca6696_firmwarewcd9380_firmwaresnapdragon_xr2_5g__firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqam8775pqca9377qca6797aqsnapdragon_860_firmwaresnapdragon_x35_5gsa8620pqca6574a_firmwaresdx55snapdragon_8\+_gen_1_firmwaresd675wcd9375_firmwaresd_8_gen1_5g_firmwaresa7775pqca6391snapdragon_8_gen_3_firmwaresnapdragon_x75_5g_firmwareqcn9274_firmwareqcs5430_firmwareqru1052_firmwaresa8770p_firmwaresa8295pqcs8550snapdragon_675sc8280xp-abbb_firmwaresnapdragon_x24_lte_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwarewcd9375wcn3988_firmwareqamsrv1h_firmwaresm7675sd_675wsa8835_firmwaresdx80m_firmwaresd_8cxssg2115p_firmwarewcn3980sm7675p_firmwareqdx1010wcn3680b_firmwareSnapdragon
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2022-23523
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4||MEDIUM
EPSS-0.02% / 4.12%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 07:41
Updated-18 Apr, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rust-vmm linux-loader vulnerable to Out-of-bounds Read

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.

Action-Not Available
Vendor-linux-loader_projectrust-vmm
Product-linux-loaderlinux-loader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9096
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.61%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 13:20
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p30_prop30_pro_firmwareHUAWEI P30 Pro
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-42761
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.20%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-26896
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.98%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 10:27
Updated-04 May, 2025 | 08:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wifi: wfx: fix memory leak when starting AP

In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ backtrace: [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac [<127bdd74>] __alloc_skb+0x144/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 [<69954f45>] __sys_sendmsg+0x64/0xa8 unreferenced object 0xce087000 (size 1024): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.246s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [<9a993714>] __kmalloc_track_caller+0x230/0x600 [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74 [<a2c61343>] __alloc_skb+0xa0/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 However, since the kernel is build optimized, it seems the stack is not accurate. It appears the issue is related to wfx_set_mfp_ap(). The issue is obvious in this function: memory allocated by ieee80211_beacon_get() is never released. Fixing this leak makes kmemleak happy.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxlinux_kernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48839
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.36%
||
7 Day CHG-0.04%
Published-16 Jul, 2024 | 12:25
Updated-04 May, 2025 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net/packet: fix slab-out-of-bounds access in packet_recvmsg()

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[], triggering a too big copy [1] Presumably, users of af_packet using mmap() already gets correct metadata from the mapped buffer, we can simply make sure to clear 12 bytes that might be copied to user space later. BUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline] BUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489 Write of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631 CPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189 memcpy+0x39/0x60 mm/kasan/shadow.c:66 memcpy include/linux/fortify-string.h:225 [inline] packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] sock_recvmsg net/socket.c:962 [inline] ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632 ___sys_recvmsg+0x127/0x200 net/socket.c:2674 __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fdfd5954c29 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29 RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005 RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60 R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54 </TASK> addr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame: ____sys_recvmsg+0x0/0x600 include/linux/uio.h:246 this frame has 1 object: [32, 160) 'addr' Memory state around the buggy address: ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 >ffffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 ^ ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 ==================================================================

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found