CWE-123
AllowedWrite-what-where Condition
Abstraction: Base · Status: Draft
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
82 vulnerabilities reference this CWE, most recent first.
GHSA-9PVM-29XC-5VJV
Vulnerability from github – Published: 2025-02-03 06:30 – Updated: 2025-02-03 18:30In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.
{
"affected": [],
"aliases": [
"CVE-2024-20141"
],
"database_specific": {
"cwe_ids": [
"CWE-123",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-03T04:15:07Z",
"severity": "MODERATE"
},
"details": "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.",
"id": "GHSA-9pvm-29xc-5vjv",
"modified": "2025-02-03T18:30:40Z",
"published": "2025-02-03T06:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20141"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/February-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9V3V-PQHW-3FHR
Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:03Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
{
"affected": [],
"aliases": [
"CVE-2021-38441"
],
"database_specific": {
"cwe_ids": [
"CWE-123"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-05T17:15:00Z",
"severity": "CRITICAL"
},
"details": "Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.",
"id": "GHSA-9v3v-pqhw-3fhr",
"modified": "2022-05-14T00:03:34Z",
"published": "2022-05-06T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38441"
},
{
"type": "WEB",
"url": "https://projects.eclipse.org/projects/iot.cyclonedds"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9XVP-GQGG-HH2X
Vulnerability from github – Published: 2024-03-19 12:30 – Updated: 2024-08-12 21:31Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
{
"affected": [],
"aliases": [
"CVE-2024-2607"
],
"database_specific": {
"cwe_ids": [
"CWE-123"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-19T12:15:08Z",
"severity": "HIGH"
},
"details": "Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
"id": "GHSA-9xvp-gqgg-hh2x",
"modified": "2024-08-12T21:31:31Z",
"published": "2024-03-19T12:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2607"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879939"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-12"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-13"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CC49-H52C-HM2R
Vulnerability from github – Published: 2024-11-04 03:30 – Updated: 2024-11-04 12:32In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09062301; Issue ID: MSV-1620.
{
"affected": [],
"aliases": [
"CVE-2024-20119"
],
"database_specific": {
"cwe_ids": [
"CWE-123",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-04T02:15:17Z",
"severity": "MODERATE"
},
"details": "In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09062301; Issue ID: MSV-1620.",
"id": "GHSA-cc49-h52c-hm2r",
"modified": "2024-11-04T12:32:56Z",
"published": "2024-11-04T03:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20119"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/November-2024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CP86-7JXJ-WQFV
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.
{
"affected": [],
"aliases": [
"CVE-2020-7560"
],
"database_specific": {
"cwe_ids": [
"CWE-123"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-11T01:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure\u2122 Control Expert (all versions) and Unity Pro (former name of EcoStruxure\u2122 Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure\u2122 Control Expert software.",
"id": "GHSA-cp86-7jxj-wqfv",
"modified": "2022-05-24T22:28:33Z",
"published": "2022-05-24T22:28:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7560"
},
{
"type": "WEB",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F3C7-CXHX-4H8J
Vulnerability from github – Published: 2024-10-09 15:32 – Updated: 2024-10-09 15:32Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-45142"
],
"database_specific": {
"cwe_ids": [
"CWE-123"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-09T14:15:06Z",
"severity": "HIGH"
},
"details": "Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-f3c7-cxhx-4h8j",
"modified": "2024-10-09T15:32:19Z",
"published": "2024-10-09T15:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45142"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G3F8-Q8CX-JM7W
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-4038"
],
"database_specific": {
"cwe_ids": [
"CWE-123",
"CWE-131"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-01T18:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.",
"id": "GHSA-g3f8-q8cx-jm7w",
"modified": "2022-05-13T01:01:44Z",
"published": "2022-05-13T01:01:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4038"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0711"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G6PC-6676-C23J
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-19 20:47remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "remotion"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.410"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-30121"
],
"database_specific": {
"cwe_ids": [
"CWE-123"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T20:47:59Z",
"nvd_published_at": "2026-06-15T20:16:25Z",
"severity": "CRITICAL"
},
"details": "remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.",
"id": "GHSA-g6pc-6676-c23j",
"modified": "2026-06-19T20:47:59Z",
"published": "2026-06-15T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30121"
},
{
"type": "WEB",
"url": "https://github.com/remotion-dev/remotion/pull/6378"
},
{
"type": "WEB",
"url": "https://github.com/EaEa0001/security-advisories/blob/main/CVE-2026-30121.md"
},
{
"type": "PACKAGE",
"url": "https://github.com/remotion-dev/remotion"
},
{
"type": "WEB",
"url": "https://github.com/remotion-dev/remotion/releases/tag/v4.0.410"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Remotion: arbitrary file write vulnerability"
}
GHSA-G76P-Q66J-MC8V
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.
{
"affected": [],
"aliases": [
"CVE-2018-16962"
],
"database_specific": {
"cwe_ids": [
"CWE-123"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-12T20:29:00Z",
"severity": "HIGH"
},
"details": "Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.",
"id": "GHSA-g76p-q66j-mc8v",
"modified": "2022-05-13T01:06:29Z",
"published": "2022-05-13T01:06:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16962"
},
{
"type": "WEB",
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2018-009/?fid=11720"
},
{
"type": "WEB",
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption"
},
{
"type": "WEB",
"url": "http://answers.webroot.com/Webroot/ukp.aspx?pid=10\u0026app=vw\u0026vw=1\u0026login=1\u0026json=1\u0026solutionid=2022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HF4R-HM8M-W52J
Vulnerability from github – Published: 2026-06-09 15:32 – Updated: 2026-07-07 12:31In the Linux kernel, the following vulnerability has been resolved:
net: gro: don't merge zcopy skbs
skb_gro_receive() can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFL_MANAGED_FRAG_REFS flag.
When SKBFL_MANAGED_FRAG_REFS is set, the skb doesn't hold a reference on the pages in shinfo->frags. Appending those frags to another skb's frags without fixing up the page refcount can lead to UAF.
When either the last skb in the GRO chain (the one we would append frags to) or the source skb is zerocopy, don't merge the skbs.
{
"affected": [],
"aliases": [
"CVE-2026-46323"
],
"database_specific": {
"cwe_ids": [
"CWE-123",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T13:16:37Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"id": "GHSA-hf4r-hm8m-w52j",
"modified": "2026-07-07T12:31:33Z",
"published": "2026-06-09T15:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46323"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27708"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27731"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27735"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36018"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-46323"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479832"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f9c828556416fbe3f49386708ce999fc4d4da06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c6cc9f2ca65b6dd61b1af75452dc0e1cd0aad8d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44bea2032af0425e4ce6d26a8af0ede79db49ec1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/479084ae0e1d9cb7929cb4298d35623de189f80a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4db79a322db8c97f7b73b8a347395ef4d685eb40"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e334cbf3388fd9334503a778a82d9e9f14dd2f71"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46323.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
Mitigation
Use OS-level preventative functionality integrated after the fact. Not a complete solution.
No CAPEC attack patterns related to this CWE.