CWE-823— Use of Out-of-range Pointer Offset
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.— MITRE CWE catalog
96 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-823page 2 of 2
- CVE-2024-33041MEDIUMCVSS 6.7EG 6.72025-01-06
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,
- CVE-2024-42383MEDIUMCVSS 4.2EG 4.22024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
- CVE-2024-42386HIGHCVSS 8.2EG 8.22024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
- CVE-2024-42387MEDIUMCVSS 5.3EG 5.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42388MEDIUMCVSS 5.3EG 5.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42389MEDIUMCVSS 5.3EG 5.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42390MEDIUMCVSS 4.3EG 4.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42391MEDIUMCVSS 4.3EG 4.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42416HIGHCVSS 8.8EG 8.42024-09-05
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scs…
- CVE-2024-43060HIGHCVSS 7.8EG 7.82025-03-03
Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.
- CVE-2024-45557HIGHCVSS 7.8EG 7.82025-04-07
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
- CVE-2024-45570MEDIUMCVSS 6.6EG 6.62025-05-06
Memory corruption may occur during IO configuration processing when the IO port count is invalid.
- CVE-2024-45573HIGHCVSS 7.8EG 7.82025-02-03
Memory corruption may occour while generating test pattern due to negative indexing of display ID.
- CVE-2024-47893MEDIUMCVSS 6.5EG 6.52025-05-17
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory.
- CVE-2024-47894HIGHCVSS 7.1EG 7.12025-01-13
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
- CVE-2024-47895HIGHCVSS 7.1EG 7.12025-01-13
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
- CVE-2024-47896LOWCVSS 3.3EG 3.32025-02-22
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2024-47900HIGHCVSS 7.8EG 7.82025-01-31
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
- CVE-2024-49840HIGHCVSS 7.8EG 7.82025-02-03
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
- CVE-2024-52935MEDIUMCVSS 4.1EG 4.12025-01-13
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2024-52936MEDIUMCVSS 4.4EG 4.42025-01-13
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2024-52937MEDIUMCVSS 6.7EG 6.72025-01-13
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2024-52938HIGHCVSS 7.8EG 7.82025-01-13
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory.
- CVE-2024-52939HIGHCVSS 7.8EG 7.82025-02-22
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory.
- CVE-2024-53017MEDIUMCVSS 6.6EG 6.62025-06-03
Memory corruption while handling test pattern generator IOCTL command.
- CVE-2024-6603HIGHCVSS 7.4EG 7.42024-07-09
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunder…
- CVE-2025-0467HIGHCVSS 8.2EG 8.22025-04-18
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2025-11232HIGHCVSS 7.5EG 7.52025-10-29
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualif…
- CVE-2025-25180HIGHCVSS 7.8EG 7.82025-07-14
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allo…
- CVE-2025-27059HIGHCVSS 8.8EG 8.82025-10-09
Memory corruption while performing SCM call.
- CVE-2025-46806MEDIUMCVSS 6.9EG 6.92025-06-02
A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
- CVE-2025-47349HIGHCVSS 7.8EG 7.82025-10-09
Memory corruption while processing an escape call.
- CVE-2025-54152MEDIUMCVSS 6.5EG 6.52026-02-11
A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. We have already fixed t…
- CVE-2026-12290HIGHCVSS 8.1EG 8.12026-06-16
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-20022MEDIUMCVSS 6.1EG 6.12026-03-04
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition whe…
- CVE-2026-21487MEDIUMCVSS 6.1EG 6.12026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper Input Validation in its CIccProfile::L…
- CVE-2026-21732CRITICALCVSS 9.6EG 9.62026-03-20
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privi…
- CVE-2026-21734HIGHCVSS 7.7EG 7.72026-06-26
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privi…
- CVE-2026-23764MEDIUMCVSS 6.8EG 6.82026-01-22
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlie…
- CVE-2026-28764HIGHCVSS 7.8EG 7.82026-05-21
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
- CVE-2026-32829HIGHCVSS 7.5EG 7.52026-03-20
lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression oper…
- CVE-2026-34193MEDIUMCVSS 4.3EG 4.32026-06-01
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host …
- CVE-2026-41907HIGHCVSS 7.5EG 7.52026-04-24
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-p…
- CVE-2026-42946HIGHCVSS 7.4EG 6.52026-05-13
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with m…
- CVE-2026-46244CRITICALCVSS 9.1EG 9.12026-06-03
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly computes the transport header …
- CVE-2026-4693HIGHCVSS 7.5EG 7.52026-03-24
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Map vulnerabilities like CWE-823 to your infrastructure
EchelonGraph correlates every CVE — across CWE-823 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →