Common Weakness Enumeration

CWE-787

Allowed-with-Review

Out-of-bounds Write

Abstraction: Base · Status: Draft

The product writes data past the end, or before the beginning, of the intended buffer.

15093 vulnerabilities reference this CWE, most recent first.

GHSA-VRQ8-3X54-8JJ3

Vulnerability from github – Published: 2026-05-14 21:30 – Updated: 2026-05-15 00:30
VLAI
Details

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8526"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T20:17:13Z",
    "severity": "HIGH"
  },
  "details": "Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-vrq8-3x54-8jj3",
  "modified": "2026-05-15T00:30:29Z",
  "published": "2026-05-14T21:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8526"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/486536241"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRQW-478G-GV6H

Vulnerability from github – Published: 2025-05-14 21:31 – Updated: 2025-05-14 21:31
VLAI
Details

Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-14T19:15:53Z",
    "severity": "HIGH"
  },
  "details": "Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.",
  "id": "GHSA-vrqw-478g-gv6h",
  "modified": "2025-05-14T21:31:18Z",
  "published": "2025-05-14T21:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4640"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PointCloudLibrary/pcl/pull/6246"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VRRM-8R75-83RM

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T21:15:38Z",
    "severity": "HIGH"
  },
  "details": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.",
  "id": "GHSA-vrrm-8r75-83rm",
  "modified": "2025-06-17T21:32:31Z",
  "published": "2025-06-17T21:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41413"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VRRQ-3F8J-8672

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-03-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

afs: Increase buffer size in afs_update_volume_status()

The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:51Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume-\u003evid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it\u0027s 20 + NUL, so increase it to 24 and use snprintf()]",
  "id": "GHSA-vrrq-3f8j-8672",
  "modified": "2025-03-17T18:31:40Z",
  "published": "2024-04-03T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26736"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRV4-MMPJ-7PHV

Vulnerability from github – Published: 2024-09-30 21:31 – Updated: 2025-01-29 18:31
VLAI
Details

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7673"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-30T21:15:04Z",
    "severity": "HIGH"
  },
  "details": "A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.",
  "id": "GHSA-vrv4-mmpj-7phv",
  "modified": "2025-01-29T18:31:19Z",
  "published": "2024-09-30T21:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7673"
    },
    {
      "type": "WEB",
      "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRV5-VJ7Q-63H9

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address

On a Packard Bell Dot SC (Intel Atom N2600 model) there is a FPDT table which contains invalid physical addresses, with high bits set which fall outside the range of the CPU-s supported physical address range.

Calling acpi_os_map_memory() on such an invalid phys address leads to the below WARN_ON in ioremap triggering resulting in an oops/stacktrace.

Add code to verify the physical address before calling acpi_os_map_memory() to fix / avoid the oops.

[ 1.226900] ioremap: invalid physical address 3001000000000000 [ 1.226949] ------------[ cut here ]------------ [ 1.226962] WARNING: CPU: 1 PID: 1 at arch/x86/mm/ioremap.c:200 __ioremap_caller.cold+0x43/0x5f [ 1.226996] Modules linked in: [ 1.227016] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.0.0-rc3+ #490 [ 1.227029] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013 [ 1.227038] RIP: 0010:__ioremap_caller.cold+0x43/0x5f [ 1.227054] Code: 96 00 00 e9 f8 af 24 ff 89 c6 48 c7 c7 d8 0c 84 99 e8 6a 96 00 00 e9 76 af 24 ff 48 89 fe 48 c7 c7 a8 0c 84 99 e8 56 96 00 00 <0f> 0b e9 60 af 24 ff 48 8b 34 24 48 c7 c7 40 0d 84 99 e8 3f 96 00 [ 1.227067] RSP: 0000:ffffb18c40033d60 EFLAGS: 00010286 [ 1.227084] RAX: 0000000000000032 RBX: 3001000000000000 RCX: 0000000000000000 [ 1.227095] RDX: 0000000000000001 RSI: 00000000ffffdfff RDI: 00000000ffffffff [ 1.227105] RBP: 3001000000000000 R08: 0000000000000000 R09: ffffb18c40033c18 [ 1.227115] R10: 0000000000000003 R11: ffffffff99d62fe8 R12: 0000000000000008 [ 1.227124] R13: 0003001000000000 R14: 0000000000001000 R15: 3001000000000000 [ 1.227135] FS: 0000000000000000(0000) GS:ffff913a3c080000(0000) knlGS:0000000000000000 [ 1.227146] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.227156] CR2: 0000000000000000 CR3: 0000000018c26000 CR4: 00000000000006e0 [ 1.227167] Call Trace: [ 1.227176] [ 1.227185] ? acpi_os_map_iomem+0x1c9/0x1e0 [ 1.227215] ? kmem_cache_alloc_trace+0x187/0x370 [ 1.227254] acpi_os_map_iomem+0x1c9/0x1e0 [ 1.227288] acpi_init_fpdt+0xa8/0x253 [ 1.227308] ? acpi_debugfs_init+0x1f/0x1f [ 1.227339] do_one_initcall+0x5a/0x300 [ 1.227406] ? rcu_read_lock_sched_held+0x3f/0x80 [ 1.227442] kernel_init_freeable+0x28b/0x2cc [ 1.227512] ? rest_init+0x170/0x170 [ 1.227538] kernel_init+0x16/0x140 [ 1.227552] ret_from_fork+0x1f/0x30 [ 1.227639] [ 1.227647] irq event stamp: 186819 [ 1.227656] hardirqs last enabled at (186825): [] __up_console_sem+0x5e/0x70 [ 1.227672] hardirqs last disabled at (186830): [] __up_console_sem+0x43/0x70 [ 1.227686] softirqs last enabled at (186576): [] __irq_exit_rcu+0xed/0x160 [ 1.227701] softirqs last disabled at (186569): [] __irq_exit_rcu+0xed/0x160 [ 1.227715] ---[ end trace 0000000000000000 ]---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:43Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: tables: FPDT: Don\u0027t call acpi_os_map_memory() on invalid phys address\n\nOn a Packard Bell Dot SC (Intel Atom N2600 model) there is a FPDT table\nwhich contains invalid physical addresses, with high bits set which fall\noutside the range of the CPU-s supported physical address range.\n\nCalling acpi_os_map_memory() on such an invalid phys address leads to\nthe below WARN_ON in ioremap triggering resulting in an oops/stacktrace.\n\nAdd code to verify the physical address before calling acpi_os_map_memory()\nto fix / avoid the oops.\n\n[    1.226900] ioremap: invalid physical address 3001000000000000\n[    1.226949] ------------[ cut here ]------------\n[    1.226962] WARNING: CPU: 1 PID: 1 at arch/x86/mm/ioremap.c:200 __ioremap_caller.cold+0x43/0x5f\n[    1.226996] Modules linked in:\n[    1.227016] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.0.0-rc3+ #490\n[    1.227029] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[    1.227038] RIP: 0010:__ioremap_caller.cold+0x43/0x5f\n[    1.227054] Code: 96 00 00 e9 f8 af 24 ff 89 c6 48 c7 c7 d8 0c 84 99 e8 6a 96 00 00 e9 76 af 24 ff 48 89 fe 48 c7 c7 a8 0c 84 99 e8 56 96 00 00 \u003c0f\u003e 0b e9 60 af 24 ff 48 8b 34 24 48 c7 c7 40 0d 84 99 e8 3f 96 00\n[    1.227067] RSP: 0000:ffffb18c40033d60 EFLAGS: 00010286\n[    1.227084] RAX: 0000000000000032 RBX: 3001000000000000 RCX: 0000000000000000\n[    1.227095] RDX: 0000000000000001 RSI: 00000000ffffdfff RDI: 00000000ffffffff\n[    1.227105] RBP: 3001000000000000 R08: 0000000000000000 R09: ffffb18c40033c18\n[    1.227115] R10: 0000000000000003 R11: ffffffff99d62fe8 R12: 0000000000000008\n[    1.227124] R13: 0003001000000000 R14: 0000000000001000 R15: 3001000000000000\n[    1.227135] FS:  0000000000000000(0000) GS:ffff913a3c080000(0000) knlGS:0000000000000000\n[    1.227146] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    1.227156] CR2: 0000000000000000 CR3: 0000000018c26000 CR4: 00000000000006e0\n[    1.227167] Call Trace:\n[    1.227176]  \u003cTASK\u003e\n[    1.227185]  ? acpi_os_map_iomem+0x1c9/0x1e0\n[    1.227215]  ? kmem_cache_alloc_trace+0x187/0x370\n[    1.227254]  acpi_os_map_iomem+0x1c9/0x1e0\n[    1.227288]  acpi_init_fpdt+0xa8/0x253\n[    1.227308]  ? acpi_debugfs_init+0x1f/0x1f\n[    1.227339]  do_one_initcall+0x5a/0x300\n[    1.227406]  ? rcu_read_lock_sched_held+0x3f/0x80\n[    1.227442]  kernel_init_freeable+0x28b/0x2cc\n[    1.227512]  ? rest_init+0x170/0x170\n[    1.227538]  kernel_init+0x16/0x140\n[    1.227552]  ret_from_fork+0x1f/0x30\n[    1.227639]  \u003c/TASK\u003e\n[    1.227647] irq event stamp: 186819\n[    1.227656] hardirqs last  enabled at (186825): [\u003cffffffff98184a6e\u003e] __up_console_sem+0x5e/0x70\n[    1.227672] hardirqs last disabled at (186830): [\u003cffffffff98184a53\u003e] __up_console_sem+0x43/0x70\n[    1.227686] softirqs last  enabled at (186576): [\u003cffffffff980fbc9d\u003e] __irq_exit_rcu+0xed/0x160\n[    1.227701] softirqs last disabled at (186569): [\u003cffffffff980fbc9d\u003e] __irq_exit_rcu+0xed/0x160\n[    1.227715] ---[ end trace 0000000000000000 ]---",
  "id": "GHSA-vrv5-vj7q-63h9",
  "modified": "2025-12-04T15:30:30Z",
  "published": "2025-09-15T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50320"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16046a716c8e1f447909bec9b478d58e6e25e513"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/211391bf04b3c74e250c566eeff9cf808156c693"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/30eca146c89d216dda95868ce00a2d35cf73d5a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90bfc9ae875dfbed2e6089516520204cd431dba3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRW2-CVCM-CJPQ

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01
VLAI
Details

An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-24T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.",
  "id": "GHSA-vrw2-cvcm-cjpq",
  "modified": "2022-05-13T01:01:23Z",
  "published": "2022-05-13T01:01:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2835"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3923"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRW5-C37H-4JP2

Vulnerability from github – Published: 2025-04-28 18:30 – Updated: 2025-04-28 18:30
VLAI
Details

A vulnerability was found in code-projects Personal Diary Management System 1.0 and classified as critical. Affected by this issue is the function addrecord of the component New Record Handler. The manipulation of the argument filename leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-28T17:15:51Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in code-projects Personal Diary Management System 1.0 and classified as critical. Affected by this issue is the function addrecord of the component New Record Handler. The manipulation of the argument filename leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-vrw5-c37h-4jp2",
  "modified": "2025-04-28T18:30:57Z",
  "published": "2025-04-28T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4029"
    },
    {
      "type": "WEB",
      "url": "https://code-projects.org"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zzzxc643/cve/blob/main/Diary%20Management%20System%20Stack%20Buffer%20Overflow.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.306392"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.306392"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.559198"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VRWW-7RMP-3XRM

Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-01 18:31
VLAI
Details

A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more characters. The vulnerability is caused by a bounds check that fails to account for the 2x expansion that occurs when password bytes are converted to hexadecimal.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T14:16:22Z",
    "severity": "CRITICAL"
  },
  "details": "A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more characters. The vulnerability is caused by a bounds check that fails to account for the 2x expansion that occurs when password bytes are converted to hexadecimal.",
  "id": "GHSA-vrww-7rmp-3xrm",
  "modified": "2026-05-01T18:31:23Z",
  "published": "2026-05-01T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42482"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRX4-754W-FHFX

Vulnerability from github – Published: 2024-01-23 15:30 – Updated: 2024-01-30 00:30
VLAI
Details

TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-23T15:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg",
  "id": "GHSA-vrx4-754w-fhfx",
  "modified": "2024-01-30T00:30:29Z",
  "published": "2024-01-23T15:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22660"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Covteam/iot_vuln/tree/main/setLanguageCfg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.
  • Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
Mitigation MIT-4.1
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-9
Implementation
  • Consider adhering to the following rules when allocating and managing an application's memory:
  • Double check that the buffer is as large as specified.
  • When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
  • Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
  • If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation MIT-12
Operation

Strategy: Environment Hardening

  • Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
  • For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation MIT-13
Implementation

Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.

No CAPEC attack patterns related to this CWE.