| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as `SIZE_MAX` (or slightly less) because the expected type of the argument is `size_t`. Depending on whether the server is plain TCP or TLS, this leads to either an infinite loop or a stack buffer overflow. Version 2025.10.0 fixes the issue. |
| Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive |
| Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page. |
| Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained. |
| A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub_4106d4 of the file apply.cgi. The manipulation of the argument countdown_time results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This vulnerability only affects products that are no longer supported by the maintainer. |
| Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. |
| AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism. |
| NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription. |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. |
| Memory corruption while parsing clock configuration data for a specific hardware type. |
| Memory corruption while copying packets received from unix clients. |
| Memory corruption while passing pages to DSP with an unaligned starting address. |
| Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. |
| uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. |
| A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue affects
Junos OS:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R2.
Junos OS Evolved: * All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S2-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R2-EVO. |
| A Buffer Copy without Checking Size of Input vulnerability in the
Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When memory utilization is high, and specific SIP packets are received, flowd/mspmand crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this.
This issue affects Junos OS on SRX Series and MX Series:
* All versions before 22.4R3-S7,
* from 23.2 before 23.2R2-S4,
* from 23.4 before 23.4R2-S5,
* from 24.2 before 24.2R2. |
| Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request. |
| A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a
Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered.
This issue affects Junos OS Evolved on ACX7000 Series:
* All versions before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S7-EVO,
* 22.2-EVO versions before 22.2R3-S4-EVO,
* 22.3-EVO versions before 22.3R3-S3-EVO,
* 22.4-EVO versions before 22.4R3-S2-EVO,
* 23.2-EVO versions before 23.2R2-EVO,
* 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO. |
| RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first fragment (offset=0) into the reassembly buffer, no size check is performed. It is possible to force the creation of a small reassembly buffer by first sending a shorter fragment (also with offset=0). Overflowing the reassembly buffer corrupts the state of other packet buffers which an attacker might be able to used to achieve further memory corruption (potentially resulting in remote code execution). To trigger the vulnerability, the `gnrc_ipv6_ext_frag` module must be included and the attacker must be able to send arbitrary IPv6 packets to the victim. Version 2025.10 fixes the issue. |
| ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9. |
