CWE-123— Write-what-where Condition
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.— MITRE CWE catalog
53 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-123page 2 of 2
- CVE-2026-45257HIGHCVSS 7.8EG 7.82026-06-26
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-back…
- CVE-2026-46300HIGHCVSS 7.8EG 7.82026-05-23
In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resultin…
- CVE-2026-46323HIGHCVSS 7.8EG 7.82026-06-09
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the S…
Map vulnerabilities like CWE-123 to your infrastructure
EchelonGraph correlates every CVE — across CWE-123 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →