CWE-787
Allowed-with-ReviewOut-of-bounds Write
Abstraction: Base · Status: Draft
The product writes data past the end, or before the beginning, of the intended buffer.
15092 vulnerabilities reference this CWE, most recent first.
GHSA-XW7V-WQ29-8RGQ
Vulnerability from github – Published: 2025-02-18 06:35 – Updated: 2025-02-18 06:35Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur.
{
"affected": [],
"aliases": [
"CVE-2024-45320"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-18T06:15:12Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur.",
"id": "GHSA-xw7v-wq29-8rgq",
"modified": "2025-02-18T06:35:39Z",
"published": "2025-02-18T06:35:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45320"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU96297631"
},
{
"type": "WEB",
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0217_announce.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW8V-4FQF-GPP5
Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2022-08-29 20:06H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams.
{
"affected": [],
"aliases": [
"CVE-2022-37095"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-25T15:15:00Z",
"severity": "CRITICAL"
},
"details": "H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams.",
"id": "GHSA-xw8v-4fqf-gpp5",
"modified": "2022-08-29T20:06:54Z",
"published": "2022-08-26T00:03:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37095"
},
{
"type": "WEB",
"url": "https://github.com/Darry-lang1/vuln/tree/main/H3C/H200/16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW96-5RQ6-6334
Vulnerability from github – Published: 2022-02-25 00:01 – Updated: 2022-06-28 00:01A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
{
"affected": [],
"aliases": [
"CVE-2022-25292"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-24T15:15:00Z",
"severity": "HIGH"
},
"details": "A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.",
"id": "GHSA-xw96-5rq6-6334",
"modified": "2022-06-28T00:01:02Z",
"published": "2022-02-25T00:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25292"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"type": "WEB",
"url": "https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW97-MFVW-WC3W
Vulnerability from github – Published: 2024-05-07 21:31 – Updated: 2024-07-03 18:39In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-23709"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-07T21:15:08Z",
"severity": "MODERATE"
},
"details": "In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.",
"id": "GHSA-xw97-mfvw-wc3w",
"modified": "2024-07-03T18:39:48Z",
"published": "2024-05-07T21:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23709"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/external/sonivox/+/3f798575d2d39cd190797427d13471d6e7ceae4c"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-05-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XWFR-C9RV-M6PP
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-47907"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T16:15:22Z",
"severity": "HIGH"
},
"details": "A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.",
"id": "GHSA-xwfr-c9rv-m6pp",
"modified": "2024-11-12T18:30:55Z",
"published": "2024-11-12T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47907"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWH4-P62H-WQ65
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.
{
"affected": [],
"aliases": [
"CVE-2018-17942"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-03T08:29:00Z",
"severity": "HIGH"
},
"details": "The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing \u0027\\0\u0027 character during %f processing.",
"id": "GHSA-xwh4-p62h-wq65",
"modified": "2022-05-13T01:19:30Z",
"published": "2022-05-13T01:19:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17942"
},
{
"type": "WEB",
"url": "https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5UQRNQE6XHMD5UYYHAU3VQWAYHIPMQS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGHTVYH3KAFN34QXNSGEQDSTV7MCOQW"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html"
},
{
"type": "WEB",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=54686"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWM9-C4JC-CRCP
Vulnerability from github – Published: 2022-05-24 19:21 – Updated: 2022-05-24 19:21A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-21899"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-19T19:15:00Z",
"severity": "HIGH"
},
"details": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-xwm9-c4jc-crcp",
"modified": "2022-05-24T19:21:07Z",
"published": "2022-05-24T19:21:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21899"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-26"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5077"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWP4-PHW7-5MFH
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2023-08-25 18:30Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
{
"affected": [],
"aliases": [
"CVE-2020-18831"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:15:56Z",
"severity": null
},
"details": "Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.",
"id": "GHSA-xwp4-phw7-5mfh",
"modified": "2023-08-25T18:30:59Z",
"published": "2023-08-22T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18831"
},
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/issues/828"
},
{
"type": "WEB",
"url": "https://www.exiv2.org/download.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWPJ-2694-4PHC
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178754781
{
"affected": [],
"aliases": [
"CVE-2021-0488"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-15T13:15:00Z",
"severity": "HIGH"
},
"details": "In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178754781",
"id": "GHSA-xwpj-2694-4phc",
"modified": "2022-05-24T17:47:40Z",
"published": "2022-05-24T17:47:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0488"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-04-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XWPX-34XJ-4QMQ
Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-07-08 15:31In the Linux kernel, the following vulnerability has been resolved:
vmalloc: fix buffer overflow in vrealloc_node_align()
Commit 4c5d3365882d ("mm/vmalloc: allow to set node and align in vrealloc") added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an alignment constraint is not met, even if the user is shrinking the allocation.
On this path (need_realloc), the code allocates a new object of 'size' bytes and then memcpy()s 'old_size' bytes into it. If the request is to shrink the object (size < old_size), this results in an out-of-bounds write on the new buffer.
Fix this by bounding the copy length by the new allocation size.
{
"affected": [],
"aliases": [
"CVE-2026-46281"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T17:16:45Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmalloc: fix buffer overflow in vrealloc_node_align()\n\nCommit 4c5d3365882d (\"mm/vmalloc: allow to set node and align in\nvrealloc\") added the ability to force a new allocation if the current\npointer is on the wrong NUMA node, or if an alignment constraint is not\nmet, even if the user is shrinking the allocation.\n\nOn this path (need_realloc), the code allocates a new object of \u0027size\u0027\nbytes and then memcpy()s \u0027old_size\u0027 bytes into it. If the request is to\nshrink the object (size \u003c old_size), this results in an out-of-bounds\nwrite on the new buffer.\n\nFix this by bounding the copy length by the new allocation size.",
"id": "GHSA-xwpx-34xj-4qmq",
"modified": "2026-07-08T15:31:35Z",
"published": "2026-06-08T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46281"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/82d1f01292d3f09bf063f829f8ab8de12b4280a1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b281adf71f786c325eb6d6d1582d4d05313438a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e9b057a44deff4c59c13f44672a5cc74dcd57522"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.
- Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
Mitigation MIT-4.1
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-9
- Consider adhering to the following rules when allocating and managing an application's memory:
- Double check that the buffer is as large as specified.
- When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
- Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
- If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation MIT-12
Strategy: Environment Hardening
- Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
- For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation MIT-13
Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
No CAPEC attack patterns related to this CWE.