CWE-124
AllowedBuffer Underwrite ('Buffer Underflow')
Abstraction: Base · Status: Incomplete
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
63 vulnerabilities reference this CWE, most recent first.
GHSA-5CCP-7J7J-GHRV
Vulnerability from github – Published: 2025-07-08 03:31 – Updated: 2025-07-08 15:32In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.
{
"affected": [],
"aliases": [
"CVE-2025-20694"
],
"database_specific": {
"cwe_ids": [
"CWE-124"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T03:15:29Z",
"severity": "HIGH"
},
"details": "In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.",
"id": "GHSA-5ccp-7j7j-ghrv",
"modified": "2025-07-08T15:32:02Z",
"published": "2025-07-08T03:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20694"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5JFW-35XP-5M42
Vulnerability from github – Published: 2022-04-05 17:53 – Updated: 2022-04-05 17:53Impact
LoginPacket uses BinaryStream->getLInt() to read the lengths of JSON payloads it wants to decode. Unfortunately, BinaryStream->getLInt() returns a signed integer, meaning that a malicious client can craft a packet with a large uint32 value for payload buffer size (which would be interpreted as a negative signed int32), causing BinaryStream->get() to throw an exception.
In the context of PocketMine-MP, this leads to a server crash when the vulnerability is exploited.
Patches
e3fce7632b94e83fd6a518a87dcaf6a11681c4ac
Workarounds
This can be worked around by registering a custom LoginPacket implementation into PacketPool which overrides this code to patch it.
For more information
- Email us at team@pmmp.io
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pocketmine/bedrock-protocol"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-124"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-05T17:53:22Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\n`LoginPacket` uses `BinaryStream-\u003egetLInt()` to read the lengths of JSON payloads it wants to decode. Unfortunately, `BinaryStream-\u003egetLInt()` returns a signed integer, meaning that a malicious client can craft a packet with a large uint32 value for payload buffer size (which would be interpreted as a negative signed int32), causing `BinaryStream-\u003eget()` to throw an exception.\n\nIn the context of PocketMine-MP, this leads to a server crash when the vulnerability is exploited.\n\n### Patches\ne3fce7632b94e83fd6a518a87dcaf6a11681c4ac\n\n### Workarounds\nThis can be worked around by registering a custom `LoginPacket` implementation into `PacketPool` which overrides [this code](https://github.com/pmmp/BedrockProtocol/blob/47532c95ea37d5f0365b23f734d70d943ff95295/src/LoginPacket.php#L54) to patch it.\n\n### For more information\n* Email us at [team@pmmp.io](mailto:team@pmmp.io)",
"id": "GHSA-5jfw-35xp-5m42",
"modified": "2022-04-05T17:53:22Z",
"published": "2022-04-05T17:53:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pmmp/BedrockProtocol/security/advisories/GHSA-5jfw-35xp-5m42"
},
{
"type": "WEB",
"url": "https://github.com/pmmp/BedrockProtocol/commit/e3fce7632b94e83fd6a518a87dcaf6a11681c4ac"
},
{
"type": "PACKAGE",
"url": "https://github.com/pmmp/BedrockProtocol"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown"
}
GHSA-5W34-Q6XM-8G89
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2025-11-03 21:30XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-36064"
],
"database_specific": {
"cwe_ids": [
"CWE-124"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "HIGH"
},
"details": "XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-5w34-q6xm-8g89",
"modified": "2025-11-03T21:30:33Z",
"published": "2022-05-24T19:12:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36064"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69GV-6PJJ-726F
Vulnerability from github – Published: 2025-07-08 03:31 – Updated: 2025-07-08 15:32In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.
{
"affected": [],
"aliases": [
"CVE-2025-20695"
],
"database_specific": {
"cwe_ids": [
"CWE-124",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T03:15:29Z",
"severity": "HIGH"
},
"details": "In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.",
"id": "GHSA-69gv-6pjj-726f",
"modified": "2025-07-08T15:32:02Z",
"published": "2025-07-08T03:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20695"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CJM-MV56-4MG4
Vulnerability from github – Published: 2021-12-02 00:00 – Updated: 2025-11-03 21:30NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
{
"affected": [],
"aliases": [
"CVE-2021-38575"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-124"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-01T18:15:00Z",
"severity": "CRITICAL"
},
"details": "NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.",
"id": "GHSA-7cjm-mv56-4mg4",
"modified": "2025-11-03T21:30:36Z",
"published": "2021-12-02T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38575"
},
{
"type": "WEB",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge/SA-2023025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7W6V-23GR-722W
Vulnerability from github – Published: 2022-05-14 01:02 – Updated: 2025-10-22 00:31Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2015-2426"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-124"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-07-20T18:59:00Z",
"severity": "HIGH"
},
"details": "Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka \"OpenType Font Driver Vulnerability.\"",
"id": "GHSA-7w6v-23gr-722w",
"modified": "2025-10-22T00:31:10Z",
"published": "2022-05-14T01:02:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2426"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-078"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2426"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/38222"
},
{
"type": "WEB",
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/103336"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/75951"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032991"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-85GR-F847-Q6CW
Vulnerability from github – Published: 2024-10-29 18:30 – Updated: 2024-10-29 18:30Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.
{
"affected": [],
"aliases": [
"CVE-2023-34351"
],
"database_specific": {
"cwe_ids": [
"CWE-124",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-14T14:15:57Z",
"severity": "HIGH"
},
"details": "Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.",
"id": "GHSA-85gr-f847-q6cw",
"modified": "2024-10-29T18:30:34Z",
"published": "2024-10-29T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34351"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00954.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8WWQ-PFWQ-MP35
Vulnerability from github – Published: 2025-10-02 06:31 – Updated: 2025-10-02 06:31KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
{
"affected": [],
"aliases": [
"CVE-2025-61690"
],
"database_specific": {
"cwe_ids": [
"CWE-124"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-02T06:15:37Z",
"severity": "HIGH"
},
"details": "KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.",
"id": "GHSA-8wwq-pfwq-mp35",
"modified": "2025-10-02T06:31:08Z",
"published": "2025-10-02T06:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61690"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97069449"
},
{
"type": "WEB",
"url": "https://www.keyence.com/kv_vulnerability2509302"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9JV8-9586-5R34
Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-06-09 00:33Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2026-44631"
],
"database_specific": {
"cwe_ids": [
"CWE-124"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T16:16:40Z",
"severity": "CRITICAL"
},
"details": "Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue.",
"id": "GHSA-9jv8-9586-5r34",
"modified": "2026-06-09T00:33:23Z",
"published": "2026-06-08T18:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44631"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/08/14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9W8P-GV6J-VJ3W
Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-11 19:00A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-33896"
],
"database_specific": {
"cwe_ids": [
"CWE-124"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-07T15:15:00Z",
"severity": "HIGH"
},
"details": "A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.",
"id": "GHSA-9w8p-gv6j-vj3w",
"modified": "2022-10-11T19:00:29Z",
"published": "2022-10-07T18:15:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33896"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1574"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language that is not susceptible to these issues.
Mitigation
All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.
No CAPEC attack patterns related to this CWE.