CWE-131— Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.— MITRE CWE catalog
195 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-131page 3 of 4
- CVE-2023-24819CRITICALCVSS 9.8EG 9.82023-04-24
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of…
- CVE-2023-2687LOWCVSS 2.9EG 2.92023-06-02
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.
- CVE-2023-30575MEDIUMCVSS 6.5EG 6.52023-06-07
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through spe…
- CVE-2023-36824HIGHCVSS 7.4EG 9.02023-07-11
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corr…
- CVE-2023-4257CRITICALCVSS 9.8EG 7.62023-10-13
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
- CVE-2023-45871HIGHCVSS 7.5EG 9.82023-10-15
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.
- CVE-2023-50736CRITICALCVSS 9.0EG 9.02024-02-28
A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
- CVE-2023-52557HIGHCVSS 7.5EG 7.52024-03-01
In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.
- CVE-2023-52558HIGHCVSS 7.5EG 7.52024-03-01
In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences.
- CVE-2023-5941CRITICALCVSS 9.8EG 9.82023-11-08
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams whe…
- CVE-2023-6387HIGHCVSS 7.5EG 7.52024-02-02
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution
- CVE-2023-6780MEDIUMCVSS 5.3EG 5.32024-01-31
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an i…
- CVE-2024-11425HIGHCVSS 7.5EG 7.52025-01-17
CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.
- CVE-2024-23606CRITICALCVSS 9.8EG 9.82024-02-20
An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can pro…
- CVE-2024-23621CRITICALCVSS 10.0EG 10.02024-01-26
A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.
- CVE-2024-23622CRITICALCVSS 10.0EG 10.02024-01-26
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.
- CVE-2024-23805HIGHCVSS 7.5EG 7.52024-02-14
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is confi…
- CVE-2024-26721MEDIUMCVSS 5.5EG 5.52024-04-03
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro …
- CVE-2024-26752MEDIUMCVSS 5.5EG 5.52024-04-03
In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already pa…
- CVE-2024-27237MEDIUMCVSS 5.5EG 5.52024-03-11
In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not need…
- CVE-2024-28052MEDIUMCVSS 5.3EG 5.32024-10-30
The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device s…
- CVE-2024-30405HIGHCVSS 7.5EG 7.52024-04-12
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial o…
- CVE-2024-39808MEDIUMCVSS 4.6EG 4.62024-09-11
Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This is…
- CVE-2024-42259MEDIUMCVSS 5.5EG 5.52024-08-14
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual siz…
- CVE-2024-43843HIGHCVSS 7.8EG 7.82024-08-17
In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image We get the size of the trampoline image during the dry run phase and allocate memory based on that si…
- CVE-2024-45287HIGHCVSS 7.5EG 9.12024-09-05
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.
- CVE-2024-46684MEDIUMCVSS 5.5EG 5.52024-09-13
In the Linux kernel, the following vulnerability has been resolved: binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined create_elf_fdpic_tables() does not correctly account the space for the AUX vector when an architec…
- CVE-2024-46729HIGHCVSS 7.8EG 7.82024-09-18
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix incorrect size calculation for loop [WHY] fe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is lager than the array size. [HOW] …
- CVE-2024-49776MEDIUMCVSS 6.5EG 6.52024-11-14
A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.
- CVE-2024-5000HIGHCVSS 7.5EG 7.52024-06-04
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.
- CVE-2024-8361HIGHCVSS 7.5EG 7.52025-01-07
In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device …
- CVE-2025-0288HIGHCVSS 7.8EG 7.82025-03-03
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to wri…
- CVE-2025-0395MEDIUMCVSS 6.2EG 7.52025-01-22
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size al…
- CVE-2025-1861CRITICALCVSS 9.8EG 9.82025-03-30
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limi…
- CVE-2025-27042HIGHCVSS 7.8EG 7.82025-07-08
Memory corruption while processing video packets received from video firmware.
- CVE-2025-27053HIGHCVSS 7.8EG 7.82025-10-09
Memory corruption during PlayReady APP usecase while processing TA commands.
- CVE-2025-27074HIGHCVSS 8.8EG 8.82025-11-04
Memory corruption while processing a GP command response.
- CVE-2025-30334MEDIUMCVSS 6.5EG 6.52025-03-20
In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash.
- CVE-2025-33124MEDIUMCVSS 6.5EG 6.52026-02-17
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.
- CVE-2025-33126MEDIUMCVSS 6.5EG 6.52025-10-28
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.…
- CVE-2025-43965LOWCVSS 2.9EG 2.92025-04-23
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.
- CVE-2025-46393LOWCVSS 2.9EG 2.92025-04-23
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).
- CVE-2025-46688MEDIUMCVSS 5.6EG 5.62025-04-27
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
- CVE-2025-46723HIGHCVSS 7.8EG 7.82025-05-02
OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being …
- CVE-2025-52955MEDIUMCVSS 6.5EG 6.52025-07-11
An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd cras…
- CVE-2025-55297HIGHCVSS 8.8EG 8.82025-08-21
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability …
- CVE-2025-57807LOWCVSS 3.8EG 3.82025-09-05
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end…
- CVE-2025-61661MEDIUMCVSS 4.8EG 4.82025-11-18
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsis…
- CVE-2025-62550HIGHCVSS 8.8EG 8.82025-12-09
Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
- CVE-2025-66216CRITICALCVSS 9.8EG 9.82025-11-29
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arb…
Map vulnerabilities like CWE-131 to your infrastructure
EchelonGraph correlates every CVE — across CWE-131 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →