Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-3204

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-02 Apr, 2024 | 22:00
Updated At-01 Aug, 2024 | 20:05
Rejected At-
Credits

c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:02 Apr, 2024 | 22:00
Updated At:01 Aug, 2024 | 20:05
Rejected At:
▼CVE Numbering Authority (CNA)
c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051.

Affected Products
Vendor
n/a
Product
c-blosc2
Versions
Affected
  • 2.13.0
  • 2.13.1
  • 2.13.2
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.07.3HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2.07.5N/A
AV:N/AC:L/Au:N/C:P/I:P/A:P
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 7.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
AlkaidLx (VulDB User)
Timeline
EventDate
Advisory disclosed2024-04-02 00:00:00
VulDB entry created2024-04-02 02:00:00
VulDB entry last update2024-04-06 18:06:45
Event: Advisory disclosed
Date: 2024-04-02 00:00:00
Event: VulDB entry created
Date: 2024-04-02 02:00:00
Event: VulDB entry last update
Date: 2024-04-06 18:06:45
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.259051
vdb-entry
technical-description
https://vuldb.com/?ctiid.259051
signature
permissions-required
https://vuldb.com/?submit.304557
third-party-advisory
https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing
exploit
https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3
patch
Hyperlink: https://vuldb.com/?id.259051
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.259051
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.304557
Resource:
third-party-advisory
Hyperlink: https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing
Resource:
exploit
Hyperlink: https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
c-blosc2_project
Product
c-blosc2
CPEs
  • cpe:2.3:a:c-blosc2_project:c-blosc2:2.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:c-blosc2_project:c-blosc2:2.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:c-blosc2_project:c-blosc2:2.13.2:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.13.0
  • 2.13.1
  • 2.13.2
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.259051
vdb-entry
technical-description
x_transferred
https://vuldb.com/?ctiid.259051
signature
permissions-required
x_transferred
https://vuldb.com/?submit.304557
third-party-advisory
x_transferred
https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing
exploit
x_transferred
https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3
patch
x_transferred
Hyperlink: https://vuldb.com/?id.259051
Resource:
vdb-entry
technical-description
x_transferred
Hyperlink: https://vuldb.com/?ctiid.259051
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://vuldb.com/?submit.304557
Resource:
third-party-advisory
x_transferred
Hyperlink: https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing
Resource:
exploit
x_transferred
Hyperlink: https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3
Resource:
patch
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:02 Apr, 2024 | 22:15
Updated At:25 Apr, 2025 | 14:45

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-259051.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
blosc
blosc
>>c-blosc2>>Versions up to 2.13.2(inclusive)
cpe:2.3:a:blosc:c-blosc2:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Secondarycna@vuldb.com
CWE ID: CWE-122
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharingcna@vuldb.com
Product
https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3cna@vuldb.com
Release Notes
https://vuldb.com/?ctiid.259051cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.259051cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.304557cna@vuldb.com
Exploit
Third Party Advisory
VDB Entry
https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharingaf854a3a-2127-422b-91ae-364da2661108
Product
https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3af854a3a-2127-422b-91ae-364da2661108
Release Notes
https://vuldb.com/?ctiid.259051af854a3a-2127-422b-91ae-364da2661108
Permissions Required
VDB Entry
https://vuldb.com/?id.259051af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.304557af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3
Source: cna@vuldb.com
Resource:
Release Notes
Hyperlink: https://vuldb.com/?ctiid.259051
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.259051
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.304557
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://drive.google.com/drive/folders/1T1k3UeS09m65LjVXExUuZfedNQPWQWCo?usp=sharing
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://github.com/Blosc/c-blosc2/releases/tag/v2.14.3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Hyperlink: https://vuldb.com/?ctiid.259051
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.259051
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.304557
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

218Records found
CVE-2022-4584
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 29.20%
||
7 Day CHG~0.00%
Published-17 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axiomatic Bento4 mp42aac heap-based overflow

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Axiomatic Systems, LLC
Product-bento4Bento4
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2014-9187
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-2.23% / 83.86%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 19:19
Updated-06 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

Action-Not Available
Vendor-Honeywell International Inc.
Product-experion_process_knowledge_systemExperion PKS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-24996
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-35.11% / 96.90%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-22211
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.7||LOW
EPSS-0.50% / 64.98%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 19:54
Updated-30 May, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeRDP integer Overflow leading to Heap Overflow

FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.

Action-Not Available
Vendor-FreeRDP
Product-freerdpFreeRDP
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-21795
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.86% / 74.10%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 15:29
Updated-10 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Projectthe_biosig_projectFedora Project
Product-fedoralibbiosiglibbiosigfedoralibbiosig
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-21416
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-5.05% / 89.35%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Remote Code Execution Vulnerability

Windows TCP/IP Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H3Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-21802
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.63% / 69.34%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 16:07
Updated-12 Feb, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-ggerganovllama.cppllama.cpp
Product-llama.cppllama.cppllama.cpp
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38742
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.1||HIGH
EPSS-4.76% / 89.03%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 15:24
Updated-22 May, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-thinmanagerThinManager ThinServer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-2011
Matching Score-4
Assigner-Hitachi Energy
ShareView Details
Matching Score-4
Assigner-Hitachi Energy
CVSS Score-8.6||HIGH
EPSS-0.44% / 62.13%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 13:24
Updated-15 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-foxman-ununemFOXMAN-UNUNEMfoxman-ununem
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36934
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.8||CRITICAL
EPSS-8.26% / 91.90%
||
7 Day CHG~0.00%
Published-22 Sep, 2022 | 21:30
Updated-27 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in WhatsApp could result in remote code execution in an established video call.

Action-Not Available
Vendor-WhatsApp LLCMeta Platforms, Inc.
Product-whatsappWhatsApp for AndroidWhatsApp Business for AndroidWhatsApp for iOSWhatsApp Business for iOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-35711
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-28.36% / 96.34%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 19:42
Updated-23 Apr, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-34249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 70.79%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-16 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c.

Action-Not Available
Vendor-wasm3_projectn/awasm3_project
Product-wasm3n/awasm3
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-3520
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.50%
||
7 Day CHG~0.00%
Published-02 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.

Action-Not Available
Vendor-Vim
Product-vimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49775
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.48% / 64.31%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 15:06
Updated-12 Mar, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Action-Not Available
Vendor-Siemens AG
Product-Opcenter RDLTotally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V17Opcenter Execution FoundationTotally Integrated Automation Portal (TIA Portal) V18Totally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V5.0SINEC NMSSIMATIC PCS neo V4.0Opcenter QualitySIMATIC PCS neo V4.1Opcenter Intelligence
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-24025
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.71%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 15:50
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

Action-Not Available
Vendor-Facebook
Product-hhvmHHVM
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-25360
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-9||CRITICAL
EPSS-0.29% / 51.82%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:35
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4323
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-79.06% / 99.03%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 12:06
Updated-05 May, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fluent Bit Memory Corruption Vulnerability

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

Action-Not Available
Vendor-treasuredataFluent Bittreasuredata
Product-fluent_bitFluent Bitfluent_bit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25668
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.47%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x212-2ldscalance_x201-3p_irtscalance_xf204_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x204_irtscalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x212-2scalance_x202-2_irtscalance_x204-2ts_firmwarescalance_x208proscalance_xf204_firmwarescalance_x216_firmwarescalance_xf204-2ba_irtscalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf202-2p_irt_firmwarescalance_xf208_firmwarescalance_x208_firmwarescalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204_irt_pro_firmwarescalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_x202-2_irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_xf204scalance_x206-1ldscalance_x208pro_firmwarescalance_x224_firmwarescalance_xf204_irt_firmwareSCALANCE XF208SCALANCE X206-1LDSCALANCE X202-2P IRT PROSCALANCE XF204-2BA IRTSCALANCE X201-3P IRTSCALANCE X204-2FMSCALANCE X212-2 (incl. SIPLUS NET variant)SCALANCE X204-2TSSCALANCE X204-2LD TSSCALANCE X206-1SCALANCE XF204SCALANCE XF204-2 (incl. SIPLUS NET variant)SCALANCE X204-2 (incl. SIPLUS NET variant)SCALANCE X204 IRT PROSCALANCE X224SCALANCE X204-2LD (incl. SIPLUS NET variant)SCALANCE X208PROSCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE X200-4P IRTSCALANCE XF206-1SCALANCE XF201-3P IRTSCALANCE XF204 IRTSCALANCE XF202-2P IRTSCALANCE X208 (incl. SIPLUS NET variant)SCALANCE X202-2P IRT (incl. SIPLUS NET variant)SCALANCE X202-2 IRTSCALANCE X204 IRT
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found