CWE-787
Allowed-with-ReviewOut-of-bounds Write
Abstraction: Base · Status: Draft
The product writes data past the end, or before the beginning, of the intended buffer.
15106 vulnerabilities reference this CWE, most recent first.
GHSA-XF2J-G23W-GP93
Vulnerability from github – Published: 2022-06-09 00:00 – Updated: 2022-06-15 00:00H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.
{
"affected": [],
"aliases": [
"CVE-2022-30924"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-08T14:15:00Z",
"severity": "CRITICAL"
},
"details": "H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.",
"id": "GHSA-xf2j-g23w-gp93",
"modified": "2022-06-15T00:00:21Z",
"published": "2022-06-09T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30924"
},
{
"type": "WEB",
"url": "https://github.com/EPhaha/IOT_vuln/tree/main/H3C/magicR100/15"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF2V-VM6Q-P68C
Vulnerability from github – Published: 2024-11-28 00:39 – Updated: 2024-11-28 00:39Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769.
{
"affected": [],
"aliases": [
"CVE-2024-11801"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-28T00:15:05Z",
"severity": "HIGH"
},
"details": "Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769.",
"id": "GHSA-xf2v-vm6q-p68c",
"modified": "2024-11-28T00:39:27Z",
"published": "2024-11-28T00:39:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11801"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1627"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF4V-3MCR-W96X
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-23 21:31In the Linux kernel, the following vulnerability has been resolved:
hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver
The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines.
Specifically: - The voltage sensor population loop used the wrong prefix ("volt-" instead of "voltage-") and incorrectly assigned sensors to the temperature sensor array (hwmon->temp.sensors) instead of the voltage sensor array (hwmon->volt.sensors). This would lead to out-of-bounds memory access or data corruption when both temperature and voltage sensors were present. - The float conversion in macsmc_hwmon_write_f32() had flawed exponent logic for values >= 2^24 and lacked masking for the mantissa, which could lead to incorrect values being written to the SMC.
Fix these issues to ensure correct sensor registration and reliable manual fan control.
Confirm that the reported overflow in FIELD_PREP is fixed by declaring macsmc_hwmon_write_f32() as __always_inline for a compile test.
{
"affected": [],
"aliases": [
"CVE-2026-23323"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:29Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver\n\nThe recently added macsmc-hwmon driver contained several critical\nbugs in its sensor population logic and float conversion routines.\n\nSpecifically:\n- The voltage sensor population loop used the wrong prefix (\"volt-\"\n instead of \"voltage-\") and incorrectly assigned sensors to the\n temperature sensor array (hwmon-\u003etemp.sensors) instead of the\n voltage sensor array (hwmon-\u003evolt.sensors). This would lead to\n out-of-bounds memory access or data corruption when both temperature\n and voltage sensors were present.\n- The float conversion in macsmc_hwmon_write_f32() had flawed exponent\n logic for values \u003e= 2^24 and lacked masking for the mantissa, which\n could lead to incorrect values being written to the SMC.\n\nFix these issues to ensure correct sensor registration and reliable\nmanual fan control.\n\nConfirm that the reported overflow in FIELD_PREP is fixed by declaring\nmacsmc_hwmon_write_f32() as __always_inline for a compile test.",
"id": "GHSA-xf4v-3mcr-w96x",
"modified": "2026-04-23T21:31:17Z",
"published": "2026-03-25T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23323"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5dd69b864911ae3847365e8bafe7854e79fbeecb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/625ef35b70d3883fb9a41cd5a988e64dd3e447d6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF5R-2W26-PX54
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-16 18:31Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
{
"affected": [],
"aliases": [
"CVE-2025-71026"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T16:16:05Z",
"severity": "HIGH"
},
"details": "Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.",
"id": "GHSA-xf5r-2w26-px54",
"modified": "2026-01-16T18:31:23Z",
"published": "2026-01-13T18:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71026"
},
{
"type": "WEB",
"url": "https://github.com/0-fool/VulnbyCola/blob/main/Tenda/AX-3/9/1.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF6C-P6V2-Q436
Vulnerability from github – Published: 2022-05-11 00:01 – Updated: 2022-05-17 00:00Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
{
"affected": [],
"aliases": [
"CVE-2022-1621"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-10T14:15:00Z",
"severity": "HIGH"
},
"details": "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"id": "GHSA-xf6c-p6v2-q436",
"modified": "2022-05-17T00:00:31Z",
"published": "2022-05-11T00:01:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1621"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF6J-84WR-6VQ4
Vulnerability from github – Published: 2023-10-16 06:32 – Updated: 2024-04-04 08:39TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
{
"affected": [],
"aliases": [
"CVE-2023-36947"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-16T05:15:49Z",
"severity": "CRITICAL"
},
"details": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.",
"id": "GHSA-xf6j-84wr-6vq4",
"modified": "2024-04-04T08:39:05Z",
"published": "2023-10-16T06:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36947"
},
{
"type": "WEB",
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF72-GH36-PGMJ
Vulnerability from github – Published: 2024-07-24 21:31 – Updated: 2024-07-26 15:31Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.
{
"affected": [],
"aliases": [
"CVE-2024-41459"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-24T21:15:12Z",
"severity": "CRITICAL"
},
"details": "Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.",
"id": "GHSA-xf72-gh36-pgmj",
"modified": "2024-07-26T15:31:50Z",
"published": "2024-07-24T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41459"
},
{
"type": "WEB",
"url": "https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/QuickIndex/QuickIndex.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF9Q-JGMW-H653
Vulnerability from github – Published: 2022-12-23 21:30 – Updated: 2025-04-15 06:30D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module.
{
"affected": [],
"aliases": [
"CVE-2022-46566"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-23T19:15:00Z",
"severity": "HIGH"
},
"details": "D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module.",
"id": "GHSA-xf9q-jgmw-h653",
"modified": "2025-04-15T06:30:33Z",
"published": "2022-12-23T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46566"
},
{
"type": "WEB",
"url": "https://hackmd.io/%400dayResearch/SetQuickVPNSettings_Password"
},
{
"type": "WEB",
"url": "https://hackmd.io/%400dayResearch/SyhDme7wo"
},
{
"type": "WEB",
"url": "https://hackmd.io/@0dayResearch/SetQuickVPNSettings_Password"
},
{
"type": "WEB",
"url": "https://hackmd.io/@0dayResearch/SyhDme7wo"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XFCH-762X-Q3V9
Vulnerability from github – Published: 2022-02-08 00:00 – Updated: 2026-01-13 18:31Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.
{
"affected": [],
"aliases": [
"CVE-2021-36193"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-02T12:15:00Z",
"severity": "HIGH"
},
"details": "Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.",
"id": "GHSA-xfch-762x-q3v9",
"modified": "2026-01-13T18:31:01Z",
"published": "2022-02-08T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36193"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-21-132"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XFCQ-73QM-28CR
Vulnerability from github – Published: 2026-03-26 15:30 – Updated: 2026-03-26 15:30Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes of data into the registration field to trigger a crash when the Register button is clicked.
{
"affected": [],
"aliases": [
"CVE-2018-25215"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-26T14:16:05Z",
"severity": "MODERATE"
},
"details": "Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the \u0027E-Mail and Registrations Code\u0027 field. Attackers can paste a crafted payload containing 5000 bytes of data into the registration field to trigger a crash when the Register button is clicked.",
"id": "GHSA-xfcq-73qm-28cr",
"modified": "2026-03-26T15:30:40Z",
"published": "2026-03-26T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25215"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46003"
},
{
"type": "WEB",
"url": "https://www.recoverlostpassword.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/excel-password-recovery-professional-local-buffer-overflow-dos"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.
- Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
Mitigation MIT-4.1
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-9
- Consider adhering to the following rules when allocating and managing an application's memory:
- Double check that the buffer is as large as specified.
- When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
- Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
- If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation MIT-12
Strategy: Environment Hardening
- Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
- For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation MIT-13
Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
No CAPEC attack patterns related to this CWE.