CWE-130
AllowedImproper Handling of Length Parameter Inconsistency
Abstraction: Base · Status: Incomplete
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
160 vulnerabilities reference this CWE, most recent first.
GHSA-3XM3-79JV-66P7
Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:03OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2021-38445"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-05T17:15:00Z",
"severity": "CRITICAL"
},
"details": "OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.",
"id": "GHSA-3xm3-79jv-66p7",
"modified": "2022-05-14T00:03:33Z",
"published": "2022-05-06T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38445"
},
{
"type": "WEB",
"url": "https://opendds.org"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45PX-VP4X-QWF2
Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-25572"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T18:18:37Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SICAM SIAPP SDK (All versions \u003c V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.",
"id": "GHSA-45px-vp4x-qwf2",
"modified": "2026-03-10T18:31:21Z",
"published": "2026-03-10T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25572"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-903736.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4742-MR57-2R9J
Vulnerability from github – Published: 2025-12-19 12:31 – Updated: 2025-12-30 00:32Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.
{
"affected": [],
"aliases": [
"CVE-2025-14847"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-19T11:15:49Z",
"severity": "HIGH"
},
"details": "Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.",
"id": "GHSA-4742-mr57-2r9j",
"modified": "2025-12-30T00:32:58Z",
"published": "2025-12-19T12:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14847"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-115508"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14847"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/12/29/21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4FHF-8PH3-PP6C
Vulnerability from github – Published: 2022-09-28 00:00 – Updated: 2025-11-04 21:30Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
{
"affected": [],
"aliases": [
"CVE-2021-27862"
],
"database_specific": {
"cwe_ids": [
"CWE-130",
"CWE-290"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).",
"id": "GHSA-4fhf-8ph3-pp6c",
"modified": "2025-11-04T21:30:27Z",
"published": "2022-09-28T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27862"
},
{
"type": "WEB",
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"type": "WEB",
"url": "https://standards.ieee.org/ieee/802.2/1048"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4FMG-XXCG-W9FH
Vulnerability from github – Published: 2026-02-13 06:30 – Updated: 2026-03-02 18:31A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
{
"affected": [],
"aliases": [
"CVE-2025-48022"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-13T06:16:11Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier",
"id": "GHSA-4fmg-xxcg-w9fh",
"modified": "2026-03-02T18:31:38Z",
"published": "2026-02-13T06:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48022"
},
{
"type": "WEB",
"url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4H2G-XXVJ-V3W5
Vulnerability from github – Published: 2026-05-26 18:31 – Updated: 2026-05-26 21:31FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access.
{
"affected": [],
"aliases": [
"CVE-2026-48685"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T16:16:26Z",
"severity": "MODERATE"
},
"details": "FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access.",
"id": "GHSA-4h2g-xxvj-v3w5",
"modified": "2026-05-26T21:31:54Z",
"published": "2026-05-26T18:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48685"
},
{
"type": "WEB",
"url": "https://github.com/pavel-odintsov/fastnetmon"
},
{
"type": "WEB",
"url": "https://github.com/pavel-odintsov/fastnetmon/blob/master/src/bgp_protocol.hpp"
},
{
"type": "WEB",
"url": "https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48685-bgp-extended-length"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4P49-PGHR-968W
Vulnerability from github – Published: 2026-03-24 21:31 – Updated: 2026-06-30 03:36A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
{
"affected": [],
"aliases": [
"CVE-2026-4371"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T21:16:29Z",
"severity": "HIGH"
},
"details": "A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird \u003c 149 and Thunderbird \u003c 140.9.",
"id": "GHSA-4p49-pghr-968w",
"modified": "2026-06-30T03:36:00Z",
"published": "2026-03-24T21:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4371"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4371.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451001"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-4371"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8850"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8315"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8290"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8289"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8288"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8286"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8285"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8284"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6917"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6342"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6188"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5659-7353-7W5P
Vulnerability from github – Published: 2025-04-17 12:30 – Updated: 2025-04-17 12:30A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.
{
"affected": [],
"aliases": [
"CVE-2025-29931"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-17T11:15:47Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in TeleControl Server Basic (All versions \u003c V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition.\nSuccessful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.",
"id": "GHSA-5659-7353-7w5p",
"modified": "2025-04-17T12:30:32Z",
"published": "2025-04-17T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29931"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-395348.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5J43-PP23-M43C
Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-25571"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T18:18:37Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SICAM SIAPP SDK (All versions \u003c V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.",
"id": "GHSA-5j43-pp23-m43c",
"modified": "2026-03-10T18:31:21Z",
"published": "2026-03-10T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25571"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-903736.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5MP8-RQ5M-PJ7M
Vulnerability from github – Published: 2026-04-13 18:30 – Updated: 2026-04-22 18:31An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6.
{
"affected": [],
"aliases": [
"CVE-2026-33555"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-13T17:16:28Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6.",
"id": "GHSA-5mp8-rq5m-pj7m",
"modified": "2026-04-22T18:31:38Z",
"published": "2026-04-13T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33555"
},
{
"type": "WEB",
"url": "https://github.com/haproxy/haproxy/commit/05a295441c621089ffa4318daf0dbca2dd756a84"
},
{
"type": "WEB",
"url": "https://r3verii.github.io/cve/2026/04/14/haproxy-h3-standalone-fin-smuggling.html"
},
{
"type": "WEB",
"url": "https://www.haproxy.com/documentation/haproxy-aloha/changelog"
},
{
"type": "WEB",
"url": "https://www.haproxy.org"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg46752.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data.
Mitigation
Do not let the user control the size of the buffer.
Mitigation
Validate that the length of the user-supplied data is consistent with the buffer size.
CAPEC-47: Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.