Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-47149

Summary
Assigner-Silabs
Assigner Org ID-030b2754-1501-44a4-bef8-48be86a33bf4
Published At-25 Jun, 2026 | 13:38
Updated At-25 Jun, 2026 | 14:06
Rejected At-
Credits

Door Lock GetUserType invalid table index in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Silabs
Assigner Org ID:030b2754-1501-44a4-bef8-48be86a33bf4
Published At:25 Jun, 2026 | 13:38
Updated At:25 Jun, 2026 | 14:06
Rejected At:
▼CVE Numbering Authority (CNA)
Door Lock GetUserType invalid table index in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted.

Affected Products
Vendor
Silicon Labs
Product
EmberZNet
Package Name
EmberZNet
Repo
https://github.com/SiliconLabs/simplicity_sdk
Default Status
unaffected
Versions
Affected
  • From 0 through 9.0.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-153CAPEC-153: Input Data Manipulation
CAPEC ID: CAPEC-153
Description: CAPEC-153: Input Data Manipulation
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Junming C. (@Chapoly1305) and Prof. Qiang Zeng of George Mason University
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1
vendor-advisory
permissions-required
https://github.com/SiliconLabsSoftware/sisdk-release/
patch
Hyperlink: https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1
Resource:
vendor-advisory
permissions-required
Hyperlink: https://github.com/SiliconLabsSoftware/sisdk-release/
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@silabs.com
Published At:25 Jun, 2026 | 14:16
Updated At:25 Jun, 2026 | 18:48

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

silabs
silabs
>>emberznet>>Versions up to 9.0.2(inclusive)
cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondaryproduct-security@silabs.com
CWE ID: CWE-125
Type: Secondary
Source: product-security@silabs.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/SiliconLabsSoftware/sisdk-release/product-security@silabs.com
Not Applicable
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1product-security@silabs.com
Permissions Required
Hyperlink: https://github.com/SiliconLabsSoftware/sisdk-release/
Source: product-security@silabs.com
Resource:
Not Applicable
Hyperlink: https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1
Source: product-security@silabs.com
Resource:
Permissions Required

Change History

0
Information is not available yet

Similar CVEs

56Records found

CVE-2026-47148
Matching Score-10
Assigner-Silicon Labs
ShareView Details
Matching Score-10
Assigner-Silicon Labs
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:37
Updated-25 Jun, 2026 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

Action-Not Available
Vendor-silabsSilicon Labs
Product-emberznetEmberZNet
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-4526
Matching Score-10
Assigner-Silicon Labs
ShareView Details
Matching Score-10
Assigner-Silicon Labs
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:32
Updated-25 Jun, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed.

Action-Not Available
Vendor-silabsSilicon Labs
Product-emberznetEmberZNet
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-47154
Matching Score-10
Assigner-Silicon Labs
ShareView Details
Matching Score-10
Assigner-Silicon Labs
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:43
Updated-25 Jun, 2026 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Metering GetProfileResponse interval-bounds bug in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted.

Action-Not Available
Vendor-silabsSilicon Labs
Product-emberznetEmberZNet
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-47153
Matching Score-8
Assigner-Silicon Labs
ShareView Details
Matching Score-8
Assigner-Silicon Labs
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:42
Updated-25 Jun, 2026 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Level Control Step With On/Off divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.

Action-Not Available
Vendor-silabsSilicon Labs
Product-emberznetEmberZNet
CWE ID-CWE-369
Divide By Zero
CVE-2026-47145
Matching Score-8
Assigner-Silicon Labs
ShareView Details
Matching Score-8
Assigner-Silicon Labs
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:34
Updated-25 Jun, 2026 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Color Control hue/saturation assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.

Action-Not Available
Vendor-silabsSilicon Labs
Product-emberznetEmberZNet
CWE ID-CWE-617
Reachable Assertion
CVE-2026-47152
Matching Score-8
Assigner-Silicon Labs
ShareView Details
Matching Score-8
Assigner-Silicon Labs
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:41
Updated-25 Jun, 2026 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Level Control Move divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.

Action-Not Available
Vendor-silabsSilicon Labs
Product-emberznetEmberZNet
CWE ID-CWE-369
Divide By Zero
CVE-2026-47146
Matching Score-8
Assigner-Silicon Labs
ShareView Details
Matching Score-8
Assigner-Silicon Labs
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:35
Updated-25 Jun, 2026 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Color Control color-temperature assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.

Action-Not Available
Vendor-silabsSilicon Labs
Product-emberznetEmberZNet
CWE ID-CWE-617
Reachable Assertion
CVE-2023-3110
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-9.6||CRITICAL
EPSS-0.42% / 33.79%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 19:44
Updated-09 Dec, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow in S0 Decryption on Unify Gateway

Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

Action-Not Available
Vendor-silabsSilicon Labs
Product-unify_software_development_kitUnify Gateway
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-0969
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-3.5||LOW
EPSS-0.25% / 16.68%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 19:40
Updated-06 Dec, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Global read overflow in Z/IP Gateway

A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.

Action-Not Available
Vendor-silabsSilicon Labs
Product-z\/ip_gateway_sdkZ/IP Gateway
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-0970
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.88%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 19:41
Updated-06 Dec, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Serial API Buffer Overflow in Z/IP Gateway

Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.

Action-Not Available
Vendor-silabsSilicon Labs
Product-z\/ip_gateway_sdkZ/IP Gateway
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-0972
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-9.6||CRITICAL
EPSS-0.39% / 30.97%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 19:43
Updated-06 Dec, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow in S0 Decryption on Z/IP Gatweay

Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

Action-Not Available
Vendor-silabsSilicon Labs
Product-z\/ip_gateway_sdkZ/IP Gateway
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-47147
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-7.1||HIGH
EPSS-0.23% / 13.85%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:36
Updated-25 Jun, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OTA server raw parser missing per-field bounds validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted.

Action-Not Available
Vendor-silabsSilicon Labs
Product-emberznetEmberZNet
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-3487
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-7.7||HIGH
EPSS-0.24% / 14.49%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 14:12
Updated-25 Sep, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.

Action-Not Available
Vendor-silabssilabs.comsilabs
Product-gecko_bootloaderGSDKgecko_bootloader
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-6387
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.39%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 15:18
Updated-15 May, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow

A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution

Action-Not Available
Vendor-silabssilabs.com
Product-gecko_software_development_kitGSDK
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2023-51391
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-7.5||HIGH
EPSS-0.79% / 52.30%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 19:19
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability

A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.

Action-Not Available
Vendor-silabs.comsilabs
Product-gecko_software_development_kit
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-51395
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-8.8||HIGH
EPSS-0.34% / 26.35%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 04:50
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Z-Wave S0 Decryption Vulnerability in End Devices

The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

Action-Not Available
Vendor-Silicon Labssilabs
Product-Z-Wave SDKz-wave_software_development_kit
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4280
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-9.3||CRITICAL
EPSS-0.40% / 32.66%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 16:52
Updated-13 Jun, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

Action-Not Available
Vendor-silabssilabs.com
Product-gecko_software_development_kitGSDK
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4020
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-9||CRITICAL
EPSS-0.57% / 43.33%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 20:37
Updated-26 Sep, 2024 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.

Action-Not Available
Vendor-silabssilabs.com
Product-gecko_software_development_kitGSDK
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39540
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-0.81% / 52.85%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 14:45
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv4 ICMP packet.

Action-Not Available
Vendor-weston-embeddedSilicon LabsWeston Embedded
Product-uc-tcp-ipGecko PlatformuC-TCP-IP
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2023-39541
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-0.81% / 52.85%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 14:45
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv6 ICMPv6 packet.

Action-Not Available
Vendor-weston-embeddedSilicon LabsWeston Embedded
Product-uc-tcp-ipGecko PlatformuC-TCP-IP
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2024-3017
Matching Score-6
Assigner-Silicon Labs
ShareView Details
Matching Score-6
Assigner-Silicon Labs
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 19.11%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:35
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in multi-protocol gateway - Zigbee + Thread

In a Silicon Labs  multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service.

Action-Not Available
Vendor-silabs.comsilabs
Product-SiSDKsisdk
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35319
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.63% / 73.56%
||
7 Day CHG+0.21%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Denial of Service Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35314
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.63% / 73.56%
||
7 Day CHG+0.21%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Denial of Service Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11018
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.90% / 77.31%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 00:00
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bound read in cliprdr_server_receive_capabilities in FreeRDP

In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.

Action-Not Available
Vendor-openSUSEFreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxleapFreeRDP
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11019
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.54% / 83.18%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 00:00
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bound read in update_recv in FreeRDP

In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.

Action-Not Available
Vendor-openSUSEFreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxleapFreeRDP
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32034
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.63% / 73.58%
||
7 Day CHG+0.20%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Denial of Service Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32035
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.63% / 73.58%
||
7 Day CHG+0.20%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Denial of Service Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5278
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 46.35%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 21:39
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-campusinsightCampusInsight
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21667
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 23.40%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:24
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Bluetooth HOST

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830wcd9380_firmwaresa6150p_firmwaresa8145p_firmwareqcs610sw5100psd865_5gqcc5100sdx55m_firmwarewcn6856_firmwarewsa8835wcn3950_firmwaresd_8_gen1_5gwcd9380sa8150p_firmwareqca6595au_firmwareqca6390_firmwareqcs410wcd9370wcn6855_firmwareqca6426wcn3980sdxr2_5g_firmwarewcn3950sd_8_gen1_5g_firmwarewcn3660bwsa8815wcn6850qca6426_firmwarewcn3660b_firmwarewcn7850qca6574au_firmwarewcn3680b_firmwareqca6595auwcn3980_firmwareqca6391sdx55mqca6436_firmwareqcc5100_firmwaresa6155p_firmwarewcn7851sdxr2_5gwcn6851_firmwarewcn3988_firmwareqca6574auqcn9074sa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810sd870qca6436wcn6851wcn6855sa6155psw5100p_firmwareqcs610_firmwarewcn7851_firmwarewcn6856sa6145pwcn3680bwcd9341qca6696_firmwaresa8145psd870_firmwareqca6696qca6391_firmwareqca6390wcd9370_firmwaresa8150psa6150psa8155pwsa8830_firmwaresd865_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewcn7850_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-47938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-58.46% / 99.00%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-46378
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-6.5||MEDIUM
EPSS-1.42% / 69.83%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 15:23
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.

Action-Not Available
Vendor-weston-embeddedWeston Embedded
Product-uc-ftpsuC-FTPs
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2025-32003
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6||MEDIUM
EPSS-0.24% / 15.05%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 16:25
Updated-17 Mar, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_network_adapter_e810-xxvda2ethernet_network_adapter_e810-xxvda4ethernet_network_adapter_e810-xxvda4_for_ocp_3.0ethernet_network_adapter_e810-xxvda4tethernet_network_adapter_e810-xxvda2_for_ocp_3.0ethernet_network_adapter_e810-2cqda2ethernet_controllerethernet_network_adapter_e810-cqda2ethernet_network_adapter_e810-cqda1ethernet_network_adapter_e810-cqda2tethernet_network_adapter_e810-cqda1_for_ocp_3.0ethernet_network_adapter_e810-cqda2_for_ocp_3.0100GbE Intel(R) Ethernet Network Adapter E810
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-46377
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-6.5||MEDIUM
EPSS-1.48% / 71.03%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 15:23
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command.

Action-Not Available
Vendor-weston-embeddedWeston Embedded
Product-uc-ftpsuC-FTPs
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2026-45696
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.26% / 17.89%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 20:31
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000) decoder, ht_undo_impl() in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The ht_undo_imp function copies decoded pixels out of a per-line OpenJPH buffer using the EXR channel's declared width as the iteration count. The codestream embedded in the EXR chunk can declare different (smaller) tile/line dimensions than the EXR header advertises, but ht_undo_impl() does not validate this — it pulls width 32-bit samples from cur_line->i32[] without checking the OpenJPH line buffer's actual length. A crafted EXR file produces a 4-byte heap-buffer-overflow READ immediately after a buffer allocated by ojph::local::codestream::finalize_alloc(). The bug is reachable through the standard scanline-decode entry point used by every consumer of exr_decoding_run/Imf::checkOpenEXRFile, including thumbnailers, asset pipelines, and the exrcheck utility — i.e. any application that opens untrusted EXR files. The result is a deterministic crash (DoS) and potential adjacent-heap leak. This issue has been fixed in version 3.4.12.

Action-Not Available
Vendor-openexrAcademySoftwareFoundationRed Hat, Inc.
Product-openexropenexrRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-43681
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.11% / 79.69%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 00:00
Updated-03 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.

Action-Not Available
Vendor-frroutingn/aDebian GNU/Linux
Product-debian_linuxfrroutingn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-35318
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.63% / 73.56%
||
7 Day CHG+0.21%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Denial of Service Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20759
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 33.67%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-03 Dec, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673760; Issue ID: MSV-4650.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6985tmt6875tmt6873mt6890mt6989mt6891mt8798mt6833mt8771mt6983mt6875nr16mt6895mt2737mt6877tmt6877ttmt6889mt8791mt6896mt8673mt6855tmt6883mt6990mt6983tmt6886mt6895ttmt2735mt6833pmt6885mt8795tnr15mt6893mt6855mt6877mt6980mt6853tmt6980dmt8675mt6853mt6989tmt8893mt8791tmt8797mt6880mt6985mt6879MT2735, MT2737, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8673, MT8675, MT8771, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8893
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-33164
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.63% / 73.56%
||
7 Day CHG+0.21%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Denial of Service Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-40318
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.98% / 78.33%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 00:00
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.

Action-Not Available
Vendor-frroutingn/aDebian GNU/Linux
Product-debian_linuxfrroutingn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-40302
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.98% / 78.33%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 00:00
Updated-30 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.

Action-Not Available
Vendor-frroutingn/aDebian GNU/Linux
Product-debian_linuxfrroutingn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-32141
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 58.09%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS runtime system prone to denial of service due to buffer over read

Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.

Action-Not Available
Vendor-CODESYS GmbH
Product-runtime_toolkitplcwinntPLCWinNTRuntime Toolkit
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-32139
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 58.09%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS runtime system prone to denial of service due to out of bounds read

In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.

Action-Not Available
Vendor-CODESYS GmbH
Product-runtime_toolkitplcwinntPLCWinNTRuntime Toolkit
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-5134
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.12% / 62.63%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 10:40
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38403
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 15.51%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:04
Updated-07 Nov, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Firmware

Transient DOS while parsing BTM ML IE when per STA profile is not included.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830qca6777aqsxr2230p_firmwareqca8337qam8650pqfw7124qam8775pqca6777aq_firmwareqcn6224_firmwarewsa8840wcn6755_firmwareqca6595au_firmwarewcd9370ssg2115pqca6584au_firmwaresnapdragon_8_gen_2_mobile_platformqca6554a_firmwarewcd9385_firmwarewcn7881_firmwarewcn3660bsa9000p_firmwaresnapdragon_429_mobile_platform_firmwarewcn3680b_firmwareqca6574au_firmwaresa7255pwsa8845h_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114qca8081_firmwareqca6595auwcn3610_firmwaresnapdragon_429_mobile_platformwcn7860qca6564au_firmwaresa8620p_firmwareqca6584auqcm8550_firmwarewcn7881snapdragon_x72_5g_modem-rf_systemsa8775p_firmwarewsa8840_firmwareqca6698aqsc8380xp_firmwaresm8635wcn7880_firmwaresa7775p_firmwarewcd9340qcn6224wsa8845hwcn6755wcd9395_firmwaresnapdragon_x75_5g_modem-rf_systemsm8750_firmwaresnapdragon_ar2_gen_1_platform_firmwaresm8750p_firmwaresa8255p_firmwareqca8081qca6698aq_firmwaresa7775psxr2250pwcd9385sa8255pqam8775p_firmwareqca6696_firmwareqca6797aqar8035wcd9375wcd9390qcc710_firmwarewsa8830_firmwarewcn3620_firmwarewsa8835_firmwarewcn3620sxr2250p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn3610wcn7880qca6787aq_firmwarewcd9380_firmwareqca8337_firmwaressg2125psdm429wqca6554aqca6595qcm8550qca6564auwsa8835qca6574sxr1230p_firmwaresdm429w_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380qcn6274snapdragon_wear_4100\+_platform_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresnapdragon_wear_4100\+_platformsm8635_firmwareqca6574asxr1230pwcn3980qfw7114_firmwareqcc2076_firmwarewsa8845qcc2073_firmwaresa8650psa9000pqca6574_firmwarewcd9340_firmwaresxr2230pwsa8845_firmwarewcn3660b_firmwaresm8750psc8380xpsa8775pqca6574a_firmwarewcn3980_firmwarefastconnect_7800qcn6274_firmwarewcn7861_firmwarewsa8832_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900fastconnect_6900_firmwareqca6797aq_firmwareqca6574ausa7255p_firmwaresnapdragon_8\+_gen_2_mobile_platformfastconnect_7800_firmwaresa8620pwsa8832sm8550psnapdragon_ar2_gen_1_platformwcn3680bsm8750qam8650p_firmwareqcc710wcn7860_firmwareqca6595_firmwarewcn7861wcd9395qca6696qca6787aqwcd9370_firmwaresm8550p_firmwarewcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareqcc2076ssg2115p_firmwareqfw7124_firmwareqam8255pqcc2073ar8035_firmwareSnapdragonqam8255p_firmwareqca8337_firmwarewcd9380_firmwaresxr2230p_firmwarear8035_firmwareqca6777aq_firmwareqcn6224_firmwaresxr1230p_firmwaresdm429w_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqca6584au_firmwareqfw7114_firmwareqcc2076_firmwareqca6554a_firmwarewcd9385_firmwarewcn7881_firmwareqcc2073_firmwareqca6574_firmwarewcd9340_firmwarewsa8845_firmwarewcn3660b_firmwaresa9000p_firmwareqca6574a_firmwaresnapdragon_429_mobile_platform_firmwareqca6574au_firmwarewcn3680b_firmwarewcd9375_firmwareqca8081_firmwarewcn3980_firmwarewsa8845h_firmwarewcn3610_firmwareqca6564au_firmwaresa8620p_firmwareqcm8550_firmwareqcn6274_firmwaresa8775p_firmwarewcn7861_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8840_firmwarefastconnect_6900_firmwaresc8380xp_firmwareqca6797aq_firmwarewcn7880_firmwaresa7775p_firmwaresa7255p_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresm8750_firmwaresm8750p_firmwarewcd9395_firmwareqca6698aq_firmwareqam8650p_firmwareqam8775p_firmwareqca6696_firmwareqca6595_firmwarewcn7860_firmwarewcd9370_firmwaresm8550p_firmwareqcc710_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwarewcn3620_firmwarewsa8835_firmwaressg2115p_firmwareqfw7124_firmwaresxr2250p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6787aq_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38405
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 15.51%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:04
Updated-07 Nov, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in WLAN Host

Transient DOS while processing the CU information from RNR IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830qca6777aqsxr2230p_firmwareqca8337qam8650pqfw7124qam8775pqamsrv1mqca6777aq_firmwareqcn6224_firmwarewsa8840srv1l_firmwarewcn6755_firmwareqca6595au_firmwarevideo_collaboration_vc3_platformwcd9370ssg2115pqcm5430_firmwareqca6584au_firmwaresnapdragon_8_gen_2_mobile_platformqamsrv1hsa8530pqca6554a_firmwarewcd9385_firmwareqam8295pwcn7881_firmwareqamsrv1h_firmwareqca6688aqqam8295p_firmwaresa9000p_firmwareqca6574au_firmwaresa7255pwsa8845h_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114qca8081_firmwareqca6595auwcn7860qca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca6584auqcm8550_firmwareqcn9274wcn7881snapdragon_x72_5g_modem-rf_systemqca6678aq_firmwaresa8775p_firmwareqcs6490wsa8840_firmwareqca6698aqvideo_collaboration_vc5_platformqcs8550_firmwaresm8635wcn7880_firmwaresrv1hsa7775p_firmwarewcd9340sa8195pfastconnect_6700_firmwareqcn6224wsa8845hwcn6755wcd9395_firmwaresnapdragon_x75_5g_modem-rf_systemsnapdragon_ar2_gen_1_platform_firmwaresm8750p_firmwaresm8750_firmwaresa8255p_firmwaresa6155pqcs7230qca8081snapdragon_auto_5g_modem-rf_gen_2qca6698aq_firmwaresa7775psxr2250pqcs5430qam8620pwcd9385snapdragon_auto_5g_modem-rf_gen_2_firmwaresa8770p_firmwaresa8255pqam8775p_firmwareqca6696_firmwareqcs6490_firmwareqca6797aqar8035wcd9375wcd9390qcc710_firmwarewsa8830_firmwareqcm6490wsa8835_firmwaresa8195p_firmwarevideo_collaboration_vc5_platform_firmwaresxr2250p_firmwaresa8295p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn7880sa8770pqca6787aq_firmwareqca6688aq_firmwarewcd9380_firmwareqca8337_firmwaressg2125pqca6554aqca6595qcm8550qca6564auqcs7230_firmwaresa8530p_firmwarewsa8835qca6574sxr1230p_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresa8540p_firmwarewcd9380qcn6274snapdragon_x72_5g_modem-rf_system_firmwarefastconnect_6700ssg2125p_firmwaresm8635_firmwareqca6574asxr1230pvideo_collaboration_vc3_platform_firmwareqfw7114_firmwareqcn9274_firmwareqcc2076_firmwarewsa8845qcc2073_firmwaresa8650psa9000pqca6574_firmwarewcd9340_firmwaresxr2230pwsa8845_firmwareqcs8250sm8750psa8775pqca6574a_firmwareqcs9100_firmwareqca6391sa8295pfastconnect_7800qcn6274_firmwareqca6678aqwcn7861_firmwareqcm6490_firmwarewsa8832_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900srv1h_firmwarefastconnect_6900_firmwareqca6797aq_firmwareqca6574ausa8155p_firmwaresrv1lsa7255p_firmwareqcs8250_firmwaresnapdragon_8\+_gen_2_mobile_platformfastconnect_7800_firmwaresa8620pwsa8832sa8540psm8550psrv1m_firmwaresnapdragon_ar2_gen_1_platformqcm5430qamsrv1m_firmwaresm8750qam8650p_firmwareqcc710wcn7860_firmwareqca6595_firmwarewcn7861wcd9395qcs5430_firmwareqca6787aqqca6696qca6391_firmwareqcs8550wcd9370_firmwaresm8550p_firmwarewcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8155pqcs9100qcc2076srv1mssg2115p_firmwareqam8620p_firmwareqfw7124_firmwareqam8255pqcc2073ar8035_firmwareSnapdragonqam8255p_firmwareqca8337_firmwarewcd9380_firmwaresxr2230p_firmwareqcs7230_firmwarear8035_firmwareqca6777aq_firmwaresa8530p_firmwareqcn6224_firmwaresxr1230p_firmwaresa8540p_firmwaresrv1l_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqcm5430_firmwareqca6584au_firmwareqcn9274_firmwareqcc2076_firmwareqfw7114_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcn7881_firmwareqcc2073_firmwareqamsrv1h_firmwareqca6574_firmwarewcd9340_firmwarewsa8845_firmwareqam8295p_firmwaresa9000p_firmwareqca6574a_firmwareqca6574au_firmwareqcs9100_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqcm8550_firmwareqca6678aq_firmwareqcn6274_firmwaresa8775p_firmwarewcn7861_firmwareqcm6490_firmwarewsa8840_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwareqca6797aq_firmwarewcn7880_firmwaresa8155p_firmwaresa7775p_firmwarefastconnect_6700_firmwaresa7255p_firmwareqcs8250_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresm8750_firmwaresm8750p_firmwarewcd9395_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqam8650p_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwareqca6696_firmwareqcs6490_firmwarewcn7860_firmwareqca6595_firmwareqcs5430_firmwareqca6391_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqcc710_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwaresxr2250p_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwareqam8620p_firmwareqfw7124_firmwaresa8295p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqca6787aq_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-36504
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.70% / 49.16%
||
7 Day CHG+0.01%
Published-14 Jan, 2025 | 14:09
Updated-22 Jul, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-32320
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 8.22%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 21:34
Updated-19 Mar, 2026 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Action-Not Available
Vendor-ellanetworksellanetworks
Product-ella_corecore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-25627
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 37.78%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 20:11
Updated-02 Apr, 2026 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path copies Remaining Length bytes without verifying that the current receive buffer contains that many bytes, resulting in an out-of-bounds read (ASAN reports OOB / crash). This is remotely triggerable over the WebSocket listener. This issue has been patched in version 0.24.8.

Action-Not Available
Vendor-emqxnanomq
Product-nanomqnanomq
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0116
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.47% / 37.42%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 04:46
Updated-29 Sep, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kerneltriton_inference_serverTriton Inference Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-0136
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:51
Updated-16 Jun, 2026 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • Next
Details not found