Common Weakness Enumeration

CWE-823

Allowed

Use of Out-of-range Pointer Offset

Abstraction: Base · Status: Incomplete

The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

177 vulnerabilities reference this CWE, most recent first.

GHSA-Q6F6-GFQ8-34CX

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2022-03-17 00:05
VLAI
Details

Use of Out-of-range Pointer Offset in Conda vim prior to 8.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-10T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use of Out-of-range Pointer Offset in Conda vim prior to 8.2.",
  "id": "GHSA-q6f6-gfq8-34cx",
  "modified": "2022-03-17T00:05:45Z",
  "published": "2022-02-11T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0554"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7VH-44J8-J22P

Vulnerability from github – Published: 2025-11-13 00:30 – Updated: 2025-11-13 00:30
VLAI
Details

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-20211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-12T22:15:41Z",
    "severity": "HIGH"
  },
  "details": "UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).",
  "id": "GHSA-q7vh-44j8-j22p",
  "modified": "2025-11-13T00:30:17Z",
  "published": "2025-11-13T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20211"
    },
    {
      "type": "WEB",
      "url": "https://www.ucancode.net"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/ucancode-e-xd-visualization-enterprise-suite-untrusted-pointer-dereference-rce"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-17-422"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q9C7-F5PH-HCWX

Vulnerability from github – Published: 2024-12-02 12:38 – Updated: 2024-12-02 12:38
VLAI
Details

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-02T11:15:06Z",
    "severity": "MODERATE"
  },
  "details": "Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.",
  "id": "GHSA-q9c7-f5ph-hcwx",
  "modified": "2024-12-02T12:38:27Z",
  "published": "2024-12-02T12:38:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33036"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R36W-QC6C-G892

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-10-24 19:00
VLAI
Details

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-26T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.",
  "id": "GHSA-r36w-qc6c-g892",
  "modified": "2022-10-24T19:00:21Z",
  "published": "2022-05-24T19:18:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34595"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16878\u0026token=e5644ec405590e66aefa62304cb8632df9fc9e9c\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R633-28CW-P576

Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:03
VLAI
Details

Memory corruption in Modem while processing security related configuration before AS Security Exchange.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-03T06:15:23Z",
    "severity": "CRITICAL"
  },
  "details": "Memory corruption in Modem while processing security related configuration before AS Security Exchange.",
  "id": "GHSA-r633-28cw-p576",
  "modified": "2024-04-04T08:03:08Z",
  "published": "2023-10-03T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24855"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RGWM-PX7V-J678

Vulnerability from github – Published: 2025-01-13 12:31 – Updated: 2025-01-13 18:31
VLAI
Details

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-13T11:15:08Z",
    "severity": "HIGH"
  },
  "details": "Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest\u0027s virtualised GPU memory.",
  "id": "GHSA-rgwm-px7v-j678",
  "modified": "2025-01-13T18:31:55Z",
  "published": "2025-01-13T12:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47894"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJPG-QPWF-XP3R

Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30
VLAI
Details

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33041"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T11:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,",
  "id": "GHSA-rjpg-qpwf-xp3r",
  "modified": "2025-01-06T12:30:32Z",
  "published": "2025-01-06T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33041"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RR79-WXQV-V9VQ

Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2023-01-17 21:30
VLAI
Details

Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0614"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-16T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.",
  "id": "GHSA-rr79-wxqv-v9vq",
  "modified": "2023-01-17T21:30:22Z",
  "published": "2022-02-17T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0614"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RRMX-RW89-WHM4

Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-15 18:30
VLAI
Details

Memory corruption in modem due to use of out of range pointer offset while processing qmi msg

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25709"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in modem due to use of out of range pointer offset while processing qmi msg",
  "id": "GHSA-rrmx-rw89-whm4",
  "modified": "2023-03-15T18:30:25Z",
  "published": "2023-03-10T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25709"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RX6M-WJQW-383G

Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-15 18:30
VLAI
Details

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM",
  "id": "GHSA-rx6m-wjqw-383g",
  "modified": "2023-03-15T18:30:25Z",
  "published": "2023-03-10T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25694"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-129: Pointer Manipulation

This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.