CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,902 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 125 of 279
- CVE-2022-0311HIGHCVSS 8.8EG 8.82022-02-12
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0318CRITICALCVSS 9.8EG 9.82022-01-21
Heap-based Buffer Overflow in vim/vim prior to 8.2.
- CVE-2022-0324HIGHCVSS 8.1EG 7.52022-11-14
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to cras…
- CVE-2022-0359HIGHCVSS 7.8EG 7.82022-01-26
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0361HIGHCVSS 7.8EG 7.82022-01-26
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0367HIGHCVSS 7.8EG 7.82022-08-29
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
- CVE-2022-0392HIGHCVSS 7.8EG 7.82022-01-28
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
- CVE-2022-0407HIGHCVSS 7.8EG 7.82022-01-30
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0408HIGHCVSS 7.8EG 7.82022-01-30
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0417HIGHCVSS 7.8EG 7.82022-02-01
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
- CVE-2022-0435HIGHCVSS 8.8EG 8.82022-03-25
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user…
- CVE-2022-0454HIGHCVSS 8.8EG 8.82022-04-05
Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0470HIGHCVSS 8.8EG 8.82022-04-05
Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0500HIGHCVSS 7.8EG 7.82022-03-25
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate the…
- CVE-2022-0511HIGHCVSS 8.8EG 8.82022-12-22
Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of m…
- CVE-2022-0518HIGHCVSS 7.1EG 7.12022-02-08
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.
- CVE-2022-0529MEDIUMCVSS 5.5EG 7.82022-02-09
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash…
- CVE-2022-0566HIGHCVSS 8.8EG 8.82022-12-22
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.
- CVE-2022-0572HIGHCVSS 7.8EG 7.82022-02-14
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0583MEDIUMCVSS 6.3EG 7.52022-02-14
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- CVE-2022-0604HIGHCVSS 8.8EG 8.82022-04-05
Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a craft…
- CVE-2022-0610HIGHCVSS 8.8EG 8.82022-04-05
Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0629HIGHCVSS 7.8EG 7.82022-02-17
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0650HIGHCVSS 8.0EG 8.02023-03-28
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The spec…
- CVE-2022-0676HIGHCVSS 7.8EG 7.82022-02-22
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
- CVE-2022-0713HIGHCVSS 7.1EG 7.12022-02-22
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
- CVE-2022-0714MEDIUMCVSS 5.5EG 5.52022-02-22
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
- CVE-2022-0789HIGHCVSS 8.8EG 8.82022-04-05
Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0797HIGHCVSS 8.8EG 8.82022-04-05
Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
- CVE-2022-0800HIGHCVSS 8.8EG 8.82022-04-05
Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0809HIGHCVSS 8.8EG 8.82022-04-05
Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0843HIGHCVSS 8.8EG 8.82022-12-22
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could ha…
- CVE-2022-0891MEDIUMCVSS 6.1EG 7.12022-03-10
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, p…
- CVE-2022-0903MEDIUMCVSS 5.3EG 7.52022-03-10
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.
- CVE-2022-0904MEDIUMCVSS 4.3EG 6.52022-03-10
A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document.
- CVE-2022-0943HIGHCVSS 7.8EG 7.82022-03-14
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
- CVE-2022-0976HIGHCVSS 8.8EG 6.52022-07-21
Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-0982CRITICALCVSS 9.8EG 9.82022-03-16
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a m…
- CVE-2022-0995HIGHCVSS 7.8EG 7.12022-03-25
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a …
- CVE-2022-1015MEDIUMCVSS 6.6EG 6.62022-04-29
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
- CVE-2022-1041HIGHCVSS 8.2EG 8.22022-07-26
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
- CVE-2022-1042HIGHCVSS 8.2EG 8.22022-07-26
In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.
- CVE-2022-1052MEDIUMCVSS 5.5EG 5.52022-03-24
Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.
- CVE-2022-1061HIGHCVSS 7.5EG 7.52022-03-24
Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.
- CVE-2022-1068MEDIUMCVSS 5.5EG 7.52022-04-01
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.
- CVE-2022-1115MEDIUMCVSS 5.5EG 5.52022-08-29
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potent…
- CVE-2022-1142HIGHCVSS 8.8EG 8.82022-07-23
Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.
- CVE-2022-1143HIGHCVSS 8.8EG 8.82022-07-23
Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.
- CVE-2022-1160HIGHCVSS 7.8EG 7.82022-03-30
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
- CVE-2022-1185MEDIUMCVSS 6.5EG 6.52022-04-04
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →