CWE-787
Allowed-with-ReviewOut-of-bounds Write
Abstraction: Base · Status: Draft
The product writes data past the end, or before the beginning, of the intended buffer.
15109 vulnerabilities reference this CWE, most recent first.
GHSA-MPM5-87RW-3J2C
Vulnerability from github – Published: 2023-07-12 09:30 – Updated: 2024-04-04 06:03In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
{
"affected": [],
"aliases": [
"CVE-2023-33896"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-12T09:15:13Z",
"severity": "MODERATE"
},
"details": "In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.",
"id": "GHSA-mpm5-87rw-3j2c",
"modified": "2024-04-04T06:03:35Z",
"published": "2023-07-12T09:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33896"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPM7-5RH7-4RMV
Vulnerability from github – Published: 2022-12-02 18:30 – Updated: 2022-12-06 03:30Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.
{
"affected": [],
"aliases": [
"CVE-2022-44367"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-02T17:15:00Z",
"severity": "CRITICAL"
},
"details": "Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.",
"id": "GHSA-mpm7-5rh7-4rmv",
"modified": "2022-12-06T03:30:23Z",
"published": "2022-12-02T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44367"
},
{
"type": "WEB",
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/Tenda/i21/formSetUplinkInfo/readme.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPMV-49PR-6HCH
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2024-04-04 01:18Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port "cmdServicePort". A low privileged process can crash CmdVirth.exe to decrease the port's connection count followed by process hollowing a CmdVirth.exe instance with malicious code to obtain a handle to "cmdServicePort". Once this occurs, a specially crafted message can be sent to "cmdServicePort" using "FilterSendMessage" API. This can trigger an out-of-bounds write if lpOutBuffer parameter in FilterSendMessage API is near the end of specified buffer bounds. The crash occurs when the driver performs a memset operation which uses a size beyond the size of buffer specified, causing kernel crash.
{
"affected": [],
"aliases": [
"CVE-2019-3973"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-17T21:15:00Z",
"severity": "MODERATE"
},
"details": "Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port \"cmdServicePort\". A low privileged process can crash CmdVirth.exe to decrease the port\u0027s connection count followed by process hollowing a CmdVirth.exe instance with malicious code to obtain a handle to \"cmdServicePort\". Once this occurs, a specially crafted message can be sent to \"cmdServicePort\" using \"FilterSendMessage\" API. This can trigger an out-of-bounds write if lpOutBuffer parameter in FilterSendMessage API is near the end of specified buffer bounds. The crash occurs when the driver performs a memset operation which uses a size beyond the size of buffer specified, causing kernel crash.",
"id": "GHSA-mpmv-49pr-6hch",
"modified": "2024-04-04T01:18:13Z",
"published": "2022-05-24T16:50:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3973"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2019-34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPQ2-WH9F-54P2
Vulnerability from github – Published: 2024-07-11 09:30 – Updated: 2024-07-11 09:30CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
{
"affected": [],
"aliases": [
"CVE-2024-5679"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-11T09:15:03Z",
"severity": "HIGH"
},
"details": "CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or\nkernel memory leak when a malicious actor with local user access crafts a script/program using\nan IOCTL call in the Foxboro.sys driver.",
"id": "GHSA-mpq2-wh9f-54p2",
"modified": "2024-07-11T09:30:58Z",
"published": "2024-07-11T09:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5679"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-191-02.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPQ5-6X4W-R6XG
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-04-20 03:33Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
{
"affected": [],
"aliases": [
"CVE-2017-5975"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-01T15:59:00Z",
"severity": "MODERATE"
},
"details": "Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.",
"id": "GHSA-mpq5-6x4w-r6xg",
"modified": "2025-04-20T03:33:28Z",
"published": "2022-05-13T01:11:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5975"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3878"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/14/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96268"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPQ5-QRJQ-V2RF
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.
{
"affected": [],
"aliases": [
"CVE-2021-29990"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-17T20:15:00Z",
"severity": "HIGH"
},
"details": "Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 91.",
"id": "GHSA-mpq5-qrjq-v2rf",
"modified": "2022-05-24T19:11:20Z",
"published": "2022-05-24T19:11:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29990"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPQ7-8P6C-8W2F
Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
{
"affected": [],
"aliases": [
"CVE-2018-8100"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-14T03:29:00Z",
"severity": "HIGH"
},
"details": "The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.",
"id": "GHSA-mpq7-8p6c-8w2f",
"modified": "2022-05-13T01:20:38Z",
"published": "2022-05-13T01:20:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8100"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=652"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPQR-8JC9-M66M
Vulnerability from github – Published: 2025-10-28 15:30 – Updated: 2025-11-03 18:31An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-53855"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-28T14:15:59Z",
"severity": "HIGH"
},
"details": "An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-mpqr-8jc9-m66m",
"modified": "2025-11-03T18:31:49Z",
"published": "2025-10-28T15:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53855"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2250"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPQV-P8RQ-HM8V
Vulnerability from github – Published: 2022-10-15 12:01 – Updated: 2022-10-15 12:01Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-38450"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T20:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-mpqv-p8rq-hm8v",
"modified": "2022-10-15T12:01:01Z",
"published": "2022-10-15T12:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38450"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb22-46.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPR4-2MM3-RWM6
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-17 18:35In the Linux kernel, the following vulnerability has been resolved:
exit: prevent preemption of oopsing TASK_DEAD task
When an already-exiting task oopses, make_task_dead() currently calls do_task_dead() with preemption enabled. That is forbidden: do_task_dead() calls __schedule(), which has a comment saying "WARNING: must be called with preemption disabled!".
If an oopsing task is preempted in do_task_dead(), between becoming TASK_DEAD and entering the scheduler explicitly, bad things happen: finish_task_switch() assumes that once the scheduler has switched away from a TASK_DEAD task, the task can never run again and its stack is no longer needed; but that assumption apparently doesn't hold if the dead task was preempted (the SM_PREEMPT case).
This means that the scheduler ends up repeatedly dropping references on the dead task's stack, which can lead to use-after-free or double-free of the entire task stack; in other words, two tasks can end up running on the same stack, resulting in various kinds of memory corruption.
(This does not just affect "recursively oopsing" tasks; it is enough to oops once during task exit, for example in a file_operations::release handler)
{
"affected": [],
"aliases": [
"CVE-2026-46173"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:32Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nexit: prevent preemption of oopsing TASK_DEAD task\n\nWhen an already-exiting task oopses, make_task_dead() currently calls\ndo_task_dead() with preemption enabled. That is forbidden:\ndo_task_dead() calls __schedule(), which has a comment saying \"WARNING:\nmust be called with preemption disabled!\".\n\nIf an oopsing task is preempted in do_task_dead(), between becoming\nTASK_DEAD and entering the scheduler explicitly, bad things happen:\nfinish_task_switch() assumes that once the scheduler has switched away\nfrom a TASK_DEAD task, the task can never run again and its stack is no\nlonger needed; but that assumption apparently doesn\u0027t hold if the dead\ntask was preempted (the SM_PREEMPT case).\n\nThis means that the scheduler ends up repeatedly dropping references on\nthe dead task\u0027s stack, which can lead to use-after-free or double-free\nof the entire task stack; in other words, two tasks can end up running\non the same stack, resulting in various kinds of memory corruption.\n\n(This does not just affect \"recursively oopsing\" tasks; it is enough to\noops once during task exit, for example in a file_operations::release\nhandler)",
"id": "GHSA-mpr4-2mm3-rwm6",
"modified": "2026-06-17T18:35:14Z",
"published": "2026-05-28T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46173"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d6fb8a7690c23e3213c4b008f64d89a44b98737"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/640b4c00fb0e2920327435f6176cbefc3c546165"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6f49f94f3b11fe8bff1bf2a054143789e76aaf17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b2800ba5f5f77a8ee7f4cbadb19cf1264597a34"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9756b3db5db6c2f5eccb32dddbd88eb4c54f575e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1fa0bb633e4a6b11e83ffc57fa5abe8ebb87891"
},
{
"type": "WEB",
"url": "https://project-zero.issues.chromium.org/issues/510793286"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.
- Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
Mitigation MIT-4.1
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-9
- Consider adhering to the following rules when allocating and managing an application's memory:
- Double check that the buffer is as large as specified.
- When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
- Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
- If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation MIT-12
Strategy: Environment Hardening
- Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
- For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation MIT-13
Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
No CAPEC attack patterns related to this CWE.