CWE-788
DiscouragedAccess of Memory Location After End of Buffer
Abstraction: Base · Status: Incomplete
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
283 vulnerabilities reference this CWE, most recent first.
GHSA-2JCV-F397-C9M8
Vulnerability from github – Published: 2024-10-23 18:33 – Updated: 2024-10-23 18:33A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
{
"affected": [],
"aliases": [
"CVE-2024-20402"
],
"database_specific": {
"cwe_ids": [
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-23T18:15:07Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\n\n This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.",
"id": "GHSA-2jcv-f397-c9m8",
"modified": "2024-10-23T18:33:09Z",
"published": "2024-10-23T18:33:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20402"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-dos-hOnB9pH4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2JPJ-HQ7G-8GXV
Vulnerability from github – Published: 2023-04-22 03:30 – Updated: 2024-04-04 03:38NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.
{
"affected": [],
"aliases": [
"CVE-2023-0200"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-22T03:15:09Z",
"severity": "MODERATE"
},
"details": "NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.",
"id": "GHSA-2jpj-hq7g-8gxv",
"modified": "2024-04-04T03:38:24Z",
"published": "2023-04-22T03:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0200"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5449"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2Q3R-VRPV-MQJV
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-10-08 00:00Adobe Media Encoder version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-36015"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-20T19:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Media Encoder version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-2q3r-vrpv-mqjv",
"modified": "2022-10-08T00:00:20Z",
"published": "2022-05-24T19:11:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36015"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-35MJ-P5WM-C7VW
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-08-06 00:00Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-21063"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-11T21:15:00Z",
"severity": "HIGH"
},
"details": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-35mj-p5wm-c7vw",
"modified": "2022-08-06T00:00:38Z",
"published": "2022-05-24T17:41:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21063"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-36M2-6FFW-3PWX
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
{
"affected": [],
"aliases": [
"CVE-2021-43012"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-16T22:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.",
"id": "GHSA-36m2-6ffw-3pwx",
"modified": "2022-05-24T19:20:45Z",
"published": "2022-05-24T19:20:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43012"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-96.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-386Q-XJ43-6WFR
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-10-08 00:00Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-21082"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-12T19:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-386q-xj43-6wfr",
"modified": "2022-10-08T00:00:32Z",
"published": "2022-05-24T17:44:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21082"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb21-17.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-39W2-2458-GJVP
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-39830"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-29T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-39w2-2458-gjvp",
"modified": "2022-05-24T19:16:07Z",
"published": "2022-05-24T19:16:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39830"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-39XJ-Q4Q3-55MP
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-08-06 00:00Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-21046"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-11T20:15:00Z",
"severity": "LOW"
},
"details": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-39xj-q4q3-55mp",
"modified": "2022-08-06T00:00:38Z",
"published": "2022-05-24T17:41:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21046"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3GMV-CPPR-WXPG
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-39818"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-27T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-3gmv-cppr-wxpg",
"modified": "2022-05-24T19:15:47Z",
"published": "2022-05-24T19:15:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39818"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/incopy/apsb21-71.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3QJ4-CHQG-Q336
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-39817"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-3qj4-chqg-q336",
"modified": "2022-05-24T19:12:42Z",
"published": "2022-05-24T19:12:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39817"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-69.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.