Common Weakness Enumeration

CWE-823

Allowed

Use of Out-of-range Pointer Offset

Abstraction: Base · Status: Incomplete

The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

177 vulnerabilities reference this CWE, most recent first.

GHSA-8QJ2-XJ7R-H2M4

Vulnerability from github – Published: 2025-10-09 06:30 – Updated: 2025-10-09 06:30
VLAI
Details

Memory corruption while performing SCM call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-09T04:16:45Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while performing SCM call.",
  "id": "GHSA-8qj2-xj7r-h2m4",
  "modified": "2025-10-09T06:30:24Z",
  "published": "2025-10-09T06:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27059"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99CR-QJPC-34G3

Vulnerability from github – Published: 2026-03-04 21:32 – Updated: 2026-03-04 21:32
VLAI
Details

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon.

This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T19:16:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon.\n\n This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition.",
  "id": "GHSA-99cr-qjpc-34g3",
  "modified": "2026-03-04T21:32:45Z",
  "published": "2026-03-04T21:32:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20022"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9J5V-4C6X-8694

Vulnerability from github – Published: 2026-06-01 15:30 – Updated: 2026-06-01 15:30
VLAI
Details

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory.

A logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to firmware memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T13:16:31Z",
    "severity": "MODERATE"
  },
  "details": "Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory.\n\n\n\nA logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to firmware memory.",
  "id": "GHSA-9j5v-4c6x-8694",
  "modified": "2026-06-01T15:30:40Z",
  "published": "2026-06-01T15:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34193"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9PC8-3WWF-WG5J

Vulnerability from github – Published: 2025-06-02 15:31 – Updated: 2025-06-02 15:31
VLAI
Details

A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-02T13:15:21Z",
    "severity": "MODERATE"
  },
  "details": "A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.",
  "id": "GHSA-9pc8-3wwf-wg5j",
  "modified": "2025-06-02T15:31:23Z",
  "published": "2025-06-02T15:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46806"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46806"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yrutschle/sslh/releases/tag/v2.2.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-C2P9-QV8X-42CJ

Vulnerability from github – Published: 2025-02-22 15:30 – Updated: 2025-02-24 15:30
VLAI
Details

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-22T15:15:10Z",
    "severity": "HIGH"
  },
  "details": "Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest\u0027s virtualised GPU memory.",
  "id": "GHSA-c2p9-qv8x-42cj",
  "modified": "2025-02-24T15:30:48Z",
  "published": "2025-02-22T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52939"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2RF-M726-RRR8

Vulnerability from github – Published: 2025-04-18 03:31 – Updated: 2025-04-21 15:31
VLAI
Details

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-18T01:15:32Z",
    "severity": "HIGH"
  },
  "details": "Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory.",
  "id": "GHSA-c2rf-m726-rrr8",
  "modified": "2025-04-21T15:31:17Z",
  "published": "2025-04-18T03:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0467"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C4X2-4777-GMWQ

Vulnerability from github – Published: 2026-03-24 21:31 – Updated: 2026-03-24 21:31
VLAI
Details

NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-33215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-24T21:16:23Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.",
  "id": "GHSA-c4x2-4777-gmwq",
  "modified": "2026-03-24T21:31:24Z",
  "published": "2026-03-24T21:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33215"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5744"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C5QR-J92G-M289

Vulnerability from github – Published: 2026-06-26 18:33 – Updated: 2026-06-26 21:32
VLAI
Details

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.

An edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T16:16:30Z",
    "severity": "HIGH"
  },
  "details": "A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\n\n\nAn edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write.",
  "id": "GHSA-c5qr-j92g-m289",
  "modified": "2026-06-26T21:32:15Z",
  "published": "2026-06-26T18:33:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21734"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C87F-VCHX-F5HR

Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30
VLAI
Details

Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-12T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.",
  "id": "GHSA-c87f-vchx-f5hr",
  "modified": "2023-02-21T18:30:22Z",
  "published": "2023-02-12T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33246"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F75J-V6MR-8P6R

Vulnerability from github – Published: 2022-02-24 00:00 – Updated: 2022-03-17 00:05
VLAI
Details

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-823"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-23T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.",
  "id": "GHSA-f75j-v6mr-8p6r",
  "modified": "2022-03-17T00:05:20Z",
  "published": "2022-02-24T00:00:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0729"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-129: Pointer Manipulation

This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.