CWE-823
AllowedUse of Out-of-range Pointer Offset
Abstraction: Base · Status: Incomplete
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.
177 vulnerabilities reference this CWE, most recent first.
GHSA-8QJ2-XJ7R-H2M4
Vulnerability from github – Published: 2025-10-09 06:30 – Updated: 2025-10-09 06:30Memory corruption while performing SCM call.
{
"affected": [],
"aliases": [
"CVE-2025-27059"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-09T04:16:45Z",
"severity": "HIGH"
},
"details": "Memory corruption while performing SCM call.",
"id": "GHSA-8qj2-xj7r-h2m4",
"modified": "2025-10-09T06:30:24Z",
"published": "2025-10-09T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27059"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-99CR-QJPC-34G3
Vulnerability from github – Published: 2026-03-04 21:32 – Updated: 2026-03-04 21:32A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon.
This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition.
{
"affected": [],
"aliases": [
"CVE-2026-20022"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T19:16:12Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon.\n\n This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition.",
"id": "GHSA-99cr-qjpc-34g3",
"modified": "2026-03-04T21:32:45Z",
"published": "2026-03-04T21:32:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20022"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9J5V-4C6X-8694
Vulnerability from github – Published: 2026-06-01 15:30 – Updated: 2026-06-01 15:30Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory.
A logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to firmware memory.
{
"affected": [],
"aliases": [
"CVE-2026-34193"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T13:16:31Z",
"severity": "MODERATE"
},
"details": "Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory.\n\n\n\nA logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to firmware memory.",
"id": "GHSA-9j5v-4c6x-8694",
"modified": "2026-06-01T15:30:40Z",
"published": "2026-06-01T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34193"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9PC8-3WWF-WG5J
Vulnerability from github – Published: 2025-06-02 15:31 – Updated: 2025-06-02 15:31A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
{
"affected": [],
"aliases": [
"CVE-2025-46806"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-02T13:15:21Z",
"severity": "MODERATE"
},
"details": "A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.",
"id": "GHSA-9pc8-3wwf-wg5j",
"modified": "2025-06-02T15:31:23Z",
"published": "2025-06-02T15:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46806"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46806"
},
{
"type": "WEB",
"url": "https://github.com/yrutschle/sslh/releases/tag/v2.2.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C2P9-QV8X-42CJ
Vulnerability from github – Published: 2025-02-22 15:30 – Updated: 2025-02-24 15:30Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory.
{
"affected": [],
"aliases": [
"CVE-2024-52939"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-22T15:15:10Z",
"severity": "HIGH"
},
"details": "Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest\u0027s virtualised GPU memory.",
"id": "GHSA-c2p9-qv8x-42cj",
"modified": "2025-02-24T15:30:48Z",
"published": "2025-02-22T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52939"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2RF-M726-RRR8
Vulnerability from github – Published: 2025-04-18 03:31 – Updated: 2025-04-21 15:31Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
{
"affected": [],
"aliases": [
"CVE-2025-0467"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-18T01:15:32Z",
"severity": "HIGH"
},
"details": "Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory.",
"id": "GHSA-c2rf-m726-rrr8",
"modified": "2025-04-21T15:31:17Z",
"published": "2025-04-18T03:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0467"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C4X2-4777-GMWQ
Vulnerability from github – Published: 2026-03-24 21:31 – Updated: 2026-03-24 21:31NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.
{
"affected": [],
"aliases": [
"CVE-2025-33215"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T21:16:23Z",
"severity": "MODERATE"
},
"details": "NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs.",
"id": "GHSA-c4x2-4777-gmwq",
"modified": "2026-03-24T21:31:24Z",
"published": "2026-03-24T21:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33215"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5744"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33215"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5QR-J92G-M289
Vulnerability from github – Published: 2026-06-26 18:33 – Updated: 2026-06-26 21:32A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.
An edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write.
{
"affected": [],
"aliases": [
"CVE-2026-21734"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T16:16:30Z",
"severity": "HIGH"
},
"details": "A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\n\n\nAn edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write.",
"id": "GHSA-c5qr-j92g-m289",
"modified": "2026-06-26T21:32:15Z",
"published": "2026-06-26T18:33:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21734"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C87F-VCHX-F5HR
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.
{
"affected": [],
"aliases": [
"CVE-2022-33246"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-787",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.",
"id": "GHSA-c87f-vchx-f5hr",
"modified": "2023-02-21T18:30:22Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33246"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F75J-V6MR-8P6R
Vulnerability from github – Published: 2022-02-24 00:00 – Updated: 2022-03-17 00:05Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
{
"affected": [],
"aliases": [
"CVE-2022-0729"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-23T14:15:00Z",
"severity": "HIGH"
},
"details": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.",
"id": "GHSA-f75j-v6mr-8p6r",
"modified": "2022-03-17T00:05:20Z",
"published": "2022-02-24T00:00:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0729"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBUYQBZ6GWAWJRWP7AODJ4KHW5BCKDVP"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.