Memory corruption in HLOS while running playready use-case.
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
Memory Corruption in Audio while invoking callback function in driver from ADSP.
Memory corruption in Core while processing RX intent request.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
Memory corruption while sending SMS from AP firmware.
Memory corruption in Core while processing control functions.
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.
Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.
memory corruption while processing an image encoding completion event.
Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.
In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer.
A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.
Memory corruption while processing audio effects.
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
Memory Corruption in SPS Application while exporting public key in sorter TA.
Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
Memory corruption in SPS Application while requesting for public key in sorter TA.
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.
Memory Corruption in Core Platform while printing the response buffer in log.
A vulnerability classified as critical was found in SourceCodester Simple Hotel Booking System 1.0. This vulnerability affects the function Login. The manipulation of the argument uname leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Memory corruption in Linux when the file upload API is called with parameters having large buffer.
Memory corruption in WLAN while running doDriverCmd for an unspecific command.
In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix a buffer overflow in mgmt_mesh_add() Smatch Warning: net/bluetooth/mgmt_util.c:375 mgmt_mesh_add() error: __memcpy() 'mesh_tx->param' too small (48 vs 50) Analysis: 'mesh_tx->param' is array of size 48. This is the destination. u8 param[sizeof(struct mgmt_cp_mesh_send) + 29]; // 19 + 29 = 48. But in the caller 'mesh_send' we reject only when len > 50. len > (MGMT_MESH_SEND_SIZE + 31) // 19 + 31 = 50.
In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes.
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to check the length.
A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The manipulation of the argument Str1 leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556.
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsmtp_func function.
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setmediaconfig_func function.
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice startflash_func function.
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.
Memory corruption while processing manipulated payload in video firmware.
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.