CVEbaza.plSłownik CWECWE-124
Common Weakness Enumeration

CWE-124

Buffer Underwrite ('Buffer Underflow')

Kategoria: BaseCVE: 37
Opis

Produkt zapisuje dane do bufora, używając indeksu lub wskaźnika, który odnosi się do lokalizacji pamięci przed początkm bufora. Może to prowadzić do nadpisania ważnych danych przechowywanych w pamięci przed buforem.

Description (EN)

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

Podatności CVE z CWE-124 (37)
9.8
CVSS
CRITICAL
CVE-2026-44631

Apache HTTP Server w wersjach od 2.4.0 do 2.4.67 zawiera podatność typu buffer underwrite (CWE-124) wywoływaną przez specjalnie spreparowane wyrażenia regularne w konfiguracji serwera. Podatność otrzymała ocenę CVSS 9.8 (CRITICAL), co oznacza poważne zagrożenie dla dostępności, integralności i poufności danych.

pub. 2026-06-08
9.8
CVSS
CRITICAL
CVE-2023-25610

Podatność typu buffer underwrite (buffer underflow) w interfejsie administracyjnym produktów Fortinet umożliwia zdalnemu, nieuwierzytelnionemu atakującemu wykonanie dowolnego kodu lub poleceń. Krytyczny poziom CVSS 9.8 i brak wymogu interakcji użytkownika czynią ją szczególnie groźną dla organizacji eksponujących interfejsy zarządzania na zewnątrz sieci.

pub. 2025-03-24
9.8
CVSS
CRITICAL
CVE-2018-15361

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.

pub. 2019-03-05
8.8
CVSS
HIGH
CVE-2015-2426

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."

pub. 2015-07-20🚩 CISA KEV⚡ EXPLOIT
8.6
CVSS
HIGH
CVE-2022-20683

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient packet verification for traffic inspected by the AVC feature. An attacker could exploit this vulnerability by sending crafted packets from the wired network to a wireless client, resulting in the crafted packets being processed by the wireless controller. A successful exploit could allow the attacker to cause a crash and reload of the affected device, resulting in a DoS condition.

pub. 2022-04-15
8.5
CVSS
HIGH
CVE-2025-27439

Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

pub. 2025-03-11
8.5
CVSS
HIGH
CVE-2025-27440

Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

pub. 2025-03-11
8.2
CVSS
HIGH
CVE-2026-34253

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.

pub. 2026-05-15
8.2
CVSS
HIGH
CVE-2026-0966

A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.

pub. 2026-03-26
8.1
CVSS
HIGH
CVE-2021-38575

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

pub. 2021-12-01
7.8
CVSS
HIGH
CVE-2024-52990

Animate versions 23.0.8, 24.0.5 and earlier are affected by a Buffer Underwrite ('Buffer Underflow') vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to manipulate memory in such a way that they could execute code under the privileges of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

pub. 2024-12-10
7.8
CVSS
HIGH
CVE-2022-33896

A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.

pub. 2022-10-07
7.8
CVSS
HIGH
CVE-2021-36064

XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

pub. 2021-09-01
7.5
CVSS
HIGH
CVE-2023-34351

Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.

pub. 2024-02-14
7.4
CVSS
HIGH
CVE-2025-53101

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

pub. 2025-07-14
7.4
CVSS
HIGH
CVE-2021-38578

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

pub. 2022-03-03
7.3
CVSS
HIGH
CVE-2026-5089

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost segment of a colon-separated value (e.g., the 1 in 1:30:45), the inner while loop can decrement a pointer past the start of the string buffer: while ( colon >= ptr && *colon != ':' ) { colon--; } if ( *colon == ':' ) *colon = '\0'; // colon may be ptr-1 here When no colon is found (final/leftmost segment), colon becomes ptr-1, and the subsequent *colon dereference reads one byte before the allocated buffer.

pub. 2026-05-12
7.1
CVSS
HIGH
CVE-2025-61690

KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.

pub. 2025-10-02
7.0
CVSS
HIGH
CVE-2023-32614

A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

pub. 2023-09-25
6.5
CVSS
MEDIUM
CVE-2026-41499

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse_uname_string() (remoted_op.c). This function processes OS identification data from agents and contains a dangerous code pattern that appears in 4 locations within the same function: writing to strlen(ptr) - 1 without checking for empty strings. When the string is empty, strlen() returns 0, and 0 - 1 wraps to SIZE_MAX due to unsigned integer underflow. Due to pointer arithmetic wrapping, SIZE_MAX effectively becomes -1, causing a write exactly 1 byte before the allocated buffer. This corrupts heap metadata (e.g., the chunk size field in glibc malloc), leading to heap corruption. This issue has been patched in version 4.14.4.

pub. 2026-04-29
Pokazano 20 z 37 podatności
Informacje
ID: CWE-124
Typ: Base
Podatności: 37
MITRE CWE ↗
← Słownik CWE