CWE-1285— Improper Validation of Specified Index, Position, or Offset in Input
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.— MITRE CWE catalog
53 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1285page 1 of 2
- CVE-2018-25232MEDIUMCVSS 5.5EG 5.52026-03-30
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 …
- CVE-2019-25593MEDIUMCVSS 5.5EG 5.52026-03-22
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 chara…
- CVE-2020-25241HIGHCVSS 7.5EG 7.52021-03-15
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit…
- CVE-2022-21821HIGHCVSS 7.8EG 7.82022-03-29
NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump again…
- CVE-2022-22201HIGHCVSS 7.5EG 7.52022-10-18
An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). O…
- CVE-2022-22223MEDIUMCVSS 6.5EG 6.52022-10-18
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation of Specified Index, Position, or Offset …
- CVE-2022-36363MEDIUMCVSS 5.3EG 5.32022-10-11
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versi…
- CVE-2023-0859LOWCVSS 2.2EG 2.22023-05-11
Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier s…
- CVE-2023-36850MEDIUMCVSS 6.5EG 6.52023-07-14
An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on…
- CVE-2023-39388HIGHCVSS 7.5EG 7.52023-08-13
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
- CVE-2023-39389HIGHCVSS 7.5EG 7.52023-08-13
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
- CVE-2023-46724HIGHCVSS 7.5EG 8.62023-11-01
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Ce…
- CVE-2024-0123LOWCVSS 3.3EG 3.32024-10-03
NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A su…
- CVE-2024-10494HIGHCVSS 7.8EG 7.82024-12-10
An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially cra…
- CVE-2024-10495HIGHCVSS 7.8EG 7.82024-12-10
An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user…
- CVE-2024-10496HIGHCVSS 7.8EG 7.82024-12-10
An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a spec…
- CVE-2024-23609HIGHCVSS 7.8EG 7.82024-03-11
An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior ver…
- CVE-2024-23612HIGHCVSS 7.8EG 7.82024-03-11
An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior ver…
- CVE-2024-36342HIGHCVSS 8.8EG 8.82025-09-06
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
- CVE-2024-41928HIGHCVSS 8.4EG 8.42024-09-05
Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is c…
- CVE-2024-51564HIGHCVSS 7.5EG 7.52024-11-12
A guest can trigger an infinite loop in the hda audio driver.
- CVE-2024-51566MEDIUMCVSS 6.5EG 6.52024-11-12
The NVMe driver queue processing is vulernable to guest-induced infinite loops.
- CVE-2025-20796HIGHCVSS 7.8EG 7.82026-01-06
In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitati…
- CVE-2025-2633HIGHCVSS 7.8EG 7.82025-07-23
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open …
- CVE-2025-2634HIGHCVSS 7.8EG 7.82025-07-23
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially cra…
- CVE-2025-3357CRITICALCVSS 9.8EG 9.82025-05-28
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
- CVE-2025-3755CRITICALCVSS 9.1EG 9.12025-05-29
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a De…
- CVE-2025-48502MEDIUMCVSS 5.5EG 5.52025-11-21
Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.
- CVE-2025-48511MEDIUMCVSS 5.5EG 5.52025-11-24
Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
- CVE-2025-55086CRITICALCVSS 9.8EG 9.82025-10-20
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause…
- CVE-2025-55087HIGHCVSS 7.5EG 7.52025-10-17
In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.
- CVE-2025-57774HIGHCVSS 7.8EG 7.82025-09-02
There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation req…
- CVE-2025-57775HIGHCVSS 7.8EG 7.82025-09-02
There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to…
- CVE-2025-57776HIGHCVSS 7.8EG 7.82025-09-02
There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitati…
- CVE-2025-57777HIGHCVSS 7.8EG 7.82025-09-02
There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an att…
- CVE-2025-57778HIGHCVSS 7.8EG 7.82025-09-02
There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exp…
- CVE-2025-67268CRITICALCVSS 9.8EG 9.82026-01-02
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the u…
- CVE-2025-7848HIGHCVSS 7.8EG 7.82025-07-29
A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. …
- CVE-2025-7849HIGHCVSS 7.8EG 7.82025-07-29
A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially cra…
- CVE-2025-8291MEDIUMCVSS 4.3EG 4.32025-10-07
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous…
- CVE-2025-9189HIGHCVSS 7.8EG 7.82025-09-02
There is an out of bounds write vulnerability due to improper bounds checking resulting in a large destination address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful e…
- CVE-2026-12681HIGHCVSS 8.9EG 8.92026-06-24
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this al…
- CVE-2026-2006HIGHCVSS 8.8EG 8.82026-02-12
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running t…
- CVE-2026-20413MEDIUMCVSS 6.7EG 6.72026-02-02
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitat…
- CVE-2026-32285HIGHCVSS 7.5EG 7.52026-03-26
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
- CVE-2026-32286HIGHCVSS 7.5EG 7.52026-03-26
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
- CVE-2026-33557CRITICALCVSS 9.1EG 9.12026-04-20
A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JW…
- CVE-2026-40886HIGHCVSS 7.7EG 7.72026-04-23
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic whe…
- CVE-2026-43868MEDIUMCVSS 5.3EG 5.32026-05-05
Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
- CVE-2026-44004HIGHCVSS 7.5EG 7.52026-05-13
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout…
Map vulnerabilities like CWE-1285 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1285 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →