CVEbaza.plSłownik CWECWE-823
Common Weakness Enumeration

CWE-823

Use of Out-of-range Pointer Offset

Kategoria: BaseCVE: 100
Opis

Produkt wykonuje arytmetykę wskaźników na prawidłowym wskaźniku, jednak wykorzystuje przesunięcie, które może wskazywać poza zamierzone obszary prawidłowych lokalizacji pamięci dla wynikowego wskaźnika. To może prowadzić do dostępu do niedozwolonej pamięci i stanowi zagrożenie bezpieczeństwa.

Description (EN)

The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

Podatności CVE z CWE-823 (100)
9.8
CVSS
CRITICAL
CVE-2017-11076

Podatność w sprzętowym akceleratorze dekodowania VP9 w wybranych układach Qualcomm pozwala na nieprawidłowy dostęp do pamięci. Krytyczny poziom CVSS 9.8 wskazuje na możliwość zdalnego wywołania poważnych skutków bez wymagania uwierzytelnienia.

pub. 2024-11-26
9.8
CVSS
CRITICAL
CVE-2023-43553

Podatność w oprogramowaniu układowym urządzeń Qualcomm powoduje uszkodzenie pamięci (memory corruption) podczas przetwarzania ramek beacon lub probe response zawierających nadmiarowe wpisy obsługiwanych łączy w polu MLIE. Oceniona jako krytyczna z wynikiem CVSS 9.8, może umożliwić zdalnemu atakującemu przejęcie kontroli nad urządzeniem bez jakiegokolwiek uwierzytelnienia.

pub. 2024-03-04
9.8
CVSS
CRITICAL
CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

pub. 2023-11-07
9.8
CVSS
CRITICAL
CVE-2023-24855

Memory corruption in Modem while processing security related configuration before AS Security Exchange.

pub. 2023-10-03
9.6
CVSS
CRITICAL
CVE-2026-21732

Podatność w kompilatorze shaderów GPU biblioteki Imagination Technologies DDK umożliwia wywołanie zapisu poza granicami bufora (out-of-bounds write) poprzez załadowanie spreparowanej strony internetowej zawierającej niecodzienny kod shader GPU. Na określonych platformach, gdzie proces kompilatora działa z uprawnieniami systemowymi, może to prowadzić do dalszego przejęcia kontroli nad urządzeniem.

pub. 2026-03-20
9.1
CVSS
CRITICAL
CVE-2026-46244

Podatność w module nft_inner jądra Linux umożliwia desynchronizację między obliczonym offsetem nagłówka transportowego a rzeczywistym protokołem warstwy 4 dla wewnętrznych pakietów IPv6. Błąd pozwala atakującemu na sfałszowanie nagłówka transportowego i potencjalne ominięcie reguł firewalla (firewall bypass).

pub. 2026-06-03
8.8
CVSS
HIGH
CVE-2025-27059

Memory corruption while performing SCM call.

pub. 2025-10-09
8.8
CVSS
HIGH
CVE-2024-42416

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

pub. 2024-09-05
8.8
CVSS
HIGH
CVE-2022-0729

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

pub. 2022-02-23
8.6
CVSS
HIGH
CVE-2017-20211

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).

pub. 2025-11-12
8.6
CVSS
HIGH
CVE-2023-43534

Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.

pub. 2024-02-06
8.6
CVSS
HIGH
CVE-2023-46724

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.

pub. 2023-11-01
8.6
CVSS
HIGH
CVE-2023-20187

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition.

pub. 2023-09-27
8.4
CVSS
HIGH
CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

pub. 2024-03-04
8.4
CVSS
HIGH
CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

pub. 2024-01-02
8.4
CVSS
HIGH
CVE-2023-33106

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

pub. 2023-12-05🚩 CISA KEV⚡ EXPLOIT
8.4
CVSS
HIGH
CVE-2022-25694

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

pub. 2023-03-10
8.4
CVSS
HIGH
CVE-2022-25709

Memory corruption in modem due to use of out of range pointer offset while processing qmi msg

pub. 2023-03-10
8.3
CVSS
HIGH
CVE-2026-42946

A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

pub. 2026-05-13
8.2
CVSS
HIGH
CVE-2026-32829

lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 "match copy operations," allowing out-of-bounds reads from the output buffer. The block-based API functions (`decompress_into`, `decompress_into_with_dict`, and others when `safe-decode` is disabled) are affected, while all frame APIs are unaffected. The impact is potential exposure of sensitive data and secrets through crafted or malformed LZ4 input. This issue has been fixed in versions 0.11.6 and 0.12.1.

pub. 2026-03-20
Pokazano 20 z 100 podatności
Informacje
ID: CWE-823
Typ: Base
Podatności: 100
MITRE CWE ↗
← Słownik CWE
CWE-823 — Użycie przesunięcia wskaźnika poza dozwolony zakres | Słownik CWE | CVEbaza.pl