CWE-1260— Improper Handling of Overlap Between Protected Memory Ranges
The product allows address regions to overlap, which can result in the bypassing of intended memory protection.— MITRE CWE catalog
13 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1260page 1 of 1
- CVE-2018-25238MEDIUMCVSS 6.2EG 6.22026-04-04
VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can paste a buffer of 5000 characters into th…
- CVE-2018-25240MEDIUMCVSS 6.2EG 6.22026-04-04
Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the s…
- CVE-2019-1164HIGHCVSS 7.8EG 7.82019-08-14
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then in…
- CVE-2019-25559MEDIUMCVSS 5.5EG 5.52026-03-21
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 character…
- CVE-2019-25572MEDIUMCVSS 6.2EG 6.22026-03-21
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the e…
- CVE-2019-25592MEDIUMCVSS 6.2EG 6.22026-03-22
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the N…
- CVE-2019-25602MEDIUMCVSS 5.5EG 5.52026-03-22
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search fiel…
- CVE-2022-27813HIGHCVSS 8.1EG 8.12023-10-19
Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the tw…
- CVE-2024-4778CRITICALCVSS 9.8EG 9.82024-05-14
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 1…
- CVE-2025-0012MEDIUMCVSS 6.8EG 6.82026-02-10
Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality.
- CVE-2025-1937HIGHCVSS 7.5EG 7.52025-03-04
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ha…
- CVE-2025-22889HIGHCVSS 7.9EG 7.92025-08-12
Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-29948MEDIUMCVSS 5.9EG 5.92026-02-10
Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.
Map vulnerabilities like CWE-1260 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1260 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →