Common Weakness Enumeration

CWE-123

Allowed

Write-what-where Condition

Abstraction: Base · Status: Draft

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

82 vulnerabilities reference this CWE, most recent first.

GHSA-9PVM-29XC-5VJV

Vulnerability from github – Published: 2025-02-03 06:30 – Updated: 2025-02-03 18:30
VLAI
Details

In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-03T04:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.",
  "id": "GHSA-9pvm-29xc-5vjv",
  "modified": "2025-02-03T18:30:40Z",
  "published": "2025-02-03T06:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20141"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/February-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9V3V-PQHW-3FHR

Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:03
VLAI
Details

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38441"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-05T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.",
  "id": "GHSA-9v3v-pqhw-3fhr",
  "modified": "2022-05-14T00:03:34Z",
  "published": "2022-05-06T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38441"
    },
    {
      "type": "WEB",
      "url": "https://projects.eclipse.org/projects/iot.cyclonedds"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9XVP-GQGG-HH2X

Vulnerability from github – Published: 2024-03-19 12:30 – Updated: 2024-08-12 21:31
VLAI
Details

Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2607"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-19T12:15:08Z",
    "severity": "HIGH"
  },
  "details": "Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
  "id": "GHSA-9xvp-gqgg-hh2x",
  "modified": "2024-08-12T21:31:31Z",
  "published": "2024-03-19T12:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2607"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879939"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-12"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-13"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CC49-H52C-HM2R

Vulnerability from github – Published: 2024-11-04 03:30 – Updated: 2024-11-04 12:32
VLAI
Details

In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09062301; Issue ID: MSV-1620.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-04T02:15:17Z",
    "severity": "MODERATE"
  },
  "details": "In mms, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09062301; Issue ID: MSV-1620.",
  "id": "GHSA-cc49-h52c-hm2r",
  "modified": "2024-11-04T12:32:56Z",
  "published": "2024-11-04T03:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20119"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/November-2024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP86-7JXJ-WQFV

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28
VLAI
Details

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7560"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-11T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure\u2122 Control Expert (all versions) and Unity Pro (former name of EcoStruxure\u2122 Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure\u2122 Control Expert software.",
  "id": "GHSA-cp86-7jxj-wqfv",
  "modified": "2022-05-24T22:28:33Z",
  "published": "2022-05-24T22:28:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7560"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-F3C7-CXHX-4H8J

Vulnerability from github – Published: 2024-10-09 15:32 – Updated: 2024-10-09 15:32
VLAI
Details

Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-09T14:15:06Z",
    "severity": "HIGH"
  },
  "details": "Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-f3c7-cxhx-4h8j",
  "modified": "2024-10-09T15:32:19Z",
  "published": "2024-10-09T15:32:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45142"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G3F8-Q8CX-JM7W

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01
VLAI
Details

An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123",
      "CWE-131"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-01T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.",
  "id": "GHSA-g3f8-q8cx-jm7w",
  "modified": "2022-05-13T01:01:44Z",
  "published": "2022-05-13T01:01:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4038"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0711"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G6PC-6676-C23J

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-19 20:47
VLAI
Summary
Remotion: arbitrary file write vulnerability
Details

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "remotion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.410"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-30121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T20:47:59Z",
    "nvd_published_at": "2026-06-15T20:16:25Z",
    "severity": "CRITICAL"
  },
  "details": "remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.",
  "id": "GHSA-g6pc-6676-c23j",
  "modified": "2026-06-19T20:47:59Z",
  "published": "2026-06-15T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30121"
    },
    {
      "type": "WEB",
      "url": "https://github.com/remotion-dev/remotion/pull/6378"
    },
    {
      "type": "WEB",
      "url": "https://github.com/EaEa0001/security-advisories/blob/main/CVE-2026-30121.md"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/remotion-dev/remotion"
    },
    {
      "type": "WEB",
      "url": "https://github.com/remotion-dev/remotion/releases/tag/v4.0.410"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Remotion: arbitrary file write vulnerability"
}

GHSA-G76P-Q66J-MC8V

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06
VLAI
Details

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16962"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-12T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.",
  "id": "GHSA-g76p-q66j-mc8v",
  "modified": "2022-05-13T01:06:29Z",
  "published": "2022-05-13T01:06:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16962"
    },
    {
      "type": "WEB",
      "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2018-009/?fid=11720"
    },
    {
      "type": "WEB",
      "url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption"
    },
    {
      "type": "WEB",
      "url": "http://answers.webroot.com/Webroot/ukp.aspx?pid=10\u0026app=vw\u0026vw=1\u0026login=1\u0026json=1\u0026solutionid=2022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HF4R-HM8M-W52J

Vulnerability from github – Published: 2026-06-09 15:32 – Updated: 2026-07-07 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: gro: don't merge zcopy skbs

skb_gro_receive() can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFL_MANAGED_FRAG_REFS flag.

When SKBFL_MANAGED_FRAG_REFS is set, the skb doesn't hold a reference on the pages in shinfo->frags. Appending those frags to another skb's frags without fixing up the page refcount can lead to UAF.

When either the last skb in the GRO chain (the one we would append frags to) or the source skb is zerocopy, don't merge the skbs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46323"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-123",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T13:16:37Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
  "id": "GHSA-hf4r-hm8m-w52j",
  "modified": "2026-07-07T12:31:33Z",
  "published": "2026-06-09T15:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46323"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27708"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27731"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27735"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36018"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-46323"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479832"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f9c828556416fbe3f49386708ce999fc4d4da06"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c6cc9f2ca65b6dd61b1af75452dc0e1cd0aad8d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44bea2032af0425e4ce6d26a8af0ede79db49ec1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/479084ae0e1d9cb7929cb4298d35623de189f80a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4db79a322db8c97f7b73b8a347395ef4d685eb40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e334cbf3388fd9334503a778a82d9e9f14dd2f71"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46323.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

Mitigation
Operation

Use OS-level preventative functionality integrated after the fact. Not a complete solution.

No CAPEC attack patterns related to this CWE.