CWE-131— Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.— MITRE CWE catalog
195 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-131page 2 of 4
- CVE-2021-22415HIGHCVSS 7.5EG 7.52021-08-02
There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code.
- CVE-2021-27378CRITICALCVSS 9.8EG 9.82021-02-18
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.
- CVE-2021-28039MEDIUMCVSS 6.5EG 6.52021-03-05
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misu…
- CVE-2021-29521LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a segmentation fault being thrown out from the standard library as `std::vector` in…
- CVE-2021-29529LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float rounding results in off-by-one error i…
- CVE-2021-29535LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedMul` by passing in invalid thresholds for the quantization. This is because the implementation(https://github.…
- CVE-2021-29536LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedReshape` by passing in invalid thresholds for the quantization. This is because the implementation(https://git…
- CVE-2021-29537LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation(http…
- CVE-2021-29542LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to `tf.raw_ops.StringNGrams`. This is because the implementation(https://github.com/tensorflow/te…
- CVE-2021-29545LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in converting sparse tensors to CSR Sparse matrices. This is because the implementation(https://github.co…
- CVE-2021-29608MEDIUMCVSS 5.3EG 5.32021-05-14
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an undefined behavior if input arguments are empty. The implementation(https://g…
- CVE-2021-3491HIGHCVSS 7.8EG 7.82021-06-04
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap o…
- CVE-2021-35134HIGHCVSS 8.4EG 8.42022-09-02
Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
- CVE-2021-38423MEDIUMCVSS 6.6EG 9.82022-05-05
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.
- CVE-2021-38435MEDIUMCVSS 6.6EG 9.82022-05-05
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.
- CVE-2021-40048HIGHCVSS 7.5EG 7.52022-03-10
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.
- CVE-2021-40052HIGHCVSS 7.5EG 7.52022-03-10
There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability.
- CVE-2021-40526MEDIUMCVSS 4.8EG 4.82021-10-25
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network se…
- CVE-2021-4155MEDIUMCVSS 5.5EG 5.52022-08-24
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to t…
- CVE-2021-4206HIGHCVSS 8.2EG 8.22022-04-29
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a ma…
- CVE-2021-44510HIGHCVSS 7.5EG 7.52022-04-15
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large …
- CVE-2021-46943HIGHCVSS 7.8EG 7.82024-02-27
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix set_fmt error handling If there in an error during a set_fmt, do not overwrite the previous sizes with the invalid config. Without this p…
- CVE-2022-22137MEDIUMCVSS 6.5EG 6.52022-05-03
A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vul…
- CVE-2022-24907HIGHCVSS 7.8EG 7.82023-03-28
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24908HIGHCVSS 7.8EG 7.82023-03-28
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-2520MEDIUMCVSS 6.5EG 6.52022-08-31
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
- CVE-2022-25731HIGHCVSS 7.5EG 7.52023-04-13
Information disclosure in modem due to buffer over-read while processing packets from DNS server
- CVE-2022-26474MEDIUMCVSS 6.7EG 6.72022-10-07
In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation…
- CVE-2022-2873MEDIUMCVSS 5.5EG 5.52022-08-22
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a loca…
- CVE-2022-31630MEDIUMCVSS 6.5EG 7.12022-11-14
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside…
- CVE-2022-32617MEDIUMCVSS 6.8EG 6.82022-11-08
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privile…
- CVE-2022-32618MEDIUMCVSS 6.8EG 6.82022-11-08
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privile…
- CVE-2022-32624MEDIUMCVSS 6.7EG 6.72022-12-05
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitatio…
- CVE-2022-32630MEDIUMCVSS 6.7EG 6.72022-12-05
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitatio…
- CVE-2022-32649MEDIUMCVSS 6.7EG 6.72023-01-03
In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225840; Issue ID: …
- CVE-2022-32650MEDIUMCVSS 6.7EG 6.72023-01-03
In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225853; Issue I…
- CVE-2022-32651MEDIUMCVSS 6.7EG 6.72023-01-03
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225857; Issue I…
- CVE-2022-33211CRITICALCVSS 9.8EG 9.82023-04-13
memory corruption in modem due to improper check while calculating size of serialized CoAP message
- CVE-2022-39377HIGHCVSS 7.0EG 7.02022-11-08
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures functi…
- CVE-2022-41885MEDIUMCVSS 4.8EG 4.82022-11-18
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix…
- CVE-2022-41886MEDIUMCVSS 4.8EG 4.82022-11-18
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The …
- CVE-2022-41887MEDIUMCVSS 4.8EG 4.82022-11-18
TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will c…
- CVE-2022-41907MEDIUMCVSS 4.8EG 4.82022-11-18
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The f…
- CVE-2022-4378HIGHCVSS 7.8EG 7.82023-01-05
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2022-43945HIGHCVSS 7.5EG 7.52022-11-04
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC)…
- CVE-2022-48889MEDIUMCVSS 5.5EG 5.52024-08-21
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof-nau8825: fix module alias overflow The maximum name length for a platform_device_id entry is 20 characters including the trailing NUL byte. The sof_nau8…
- CVE-2023-0568HIGHCVSS 7.5EG 9.82023-02-16
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after…
- CVE-2023-1175MEDIUMCVSS 6.6EG 7.32023-03-04
Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.
- CVE-2023-20627MEDIUMCVSS 6.7EG 6.72023-03-07
In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2023-20798MEDIUMCVSS 4.4EG 4.42023-08-07
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch …
Map vulnerabilities like CWE-131 to your infrastructure
EchelonGraph correlates every CVE — across CWE-131 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →