CWE-1260
AllowedImproper Handling of Overlap Between Protected Memory Ranges
Abstraction: Base · Status: Stable
The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
27 vulnerabilities reference this CWE, most recent first.
GHSA-J9W6-9FCP-73WH
Vulnerability from github – Published: 2026-02-10 21:31 – Updated: 2026-02-10 21:31Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality.
{
"affected": [],
"aliases": [
"CVE-2025-0012"
],
"database_specific": {
"cwe_ids": [
"CWE-1260"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T20:16:43Z",
"severity": "MODERATE"
},
"details": "Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality.",
"id": "GHSA-j9w6-9fcp-73wh",
"modified": "2026-02-10T21:31:30Z",
"published": "2026-02-10T21:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0012"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M8M2-8CM8-P8JV
Vulnerability from github – Published: 2023-10-19 12:30 – Updated: 2024-04-04 08:47Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.
{
"affected": [],
"aliases": [
"CVE-2022-27813"
],
"database_specific": {
"cwe_ids": [
"CWE-1260"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-19T10:15:10Z",
"severity": "HIGH"
},
"details": "Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.",
"id": "GHSA-m8m2-8cm8-p8jv",
"modified": "2024-04-04T08:47:37Z",
"published": "2023-10-19T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27813"
},
{
"type": "WEB",
"url": "https://tetraburst.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MG6V-RX7X-H8Q2
Vulnerability from github – Published: 2026-03-22 03:30 – Updated: 2026-03-22 03:30Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.
{
"affected": [],
"aliases": [
"CVE-2019-25585"
],
"database_specific": {
"cwe_ids": [
"CWE-1260"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-22T01:16:56Z",
"severity": "MODERATE"
},
"details": "Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.",
"id": "GHSA-mg6v-rx7x-h8q2",
"modified": "2026-03-22T03:30:25Z",
"published": "2026-03-22T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25585"
},
{
"type": "WEB",
"url": "https://dev.deluge-torrent.org"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46884"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/deluge-denial-of-service-via-webseeds-field"
},
{
"type": "WEB",
"url": "http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MGX6-29R4-V32X
Vulnerability from github – Published: 2026-03-21 15:33 – Updated: 2026-03-21 15:33SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.
{
"affected": [],
"aliases": [
"CVE-2019-25559"
],
"database_specific": {
"cwe_ids": [
"CWE-1260"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-21T13:16:18Z",
"severity": "MODERATE"
},
"details": "SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.",
"id": "GHSA-mgx6-29r4-v32x",
"modified": "2026-03-21T15:33:23Z",
"published": "2026-03-21T15:33:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25559"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46822"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/spotpaltalk-name-key-field-denial-of-service"
},
{
"type": "WEB",
"url": "http://www.nsauditor.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PF46-M6H6-8J38
Vulnerability from github – Published: 2026-03-22 15:31 – Updated: 2026-03-22 15:31PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.
{
"affected": [],
"aliases": [
"CVE-2019-25592"
],
"database_specific": {
"cwe_ids": [
"CWE-1260"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-22T14:16:25Z",
"severity": "MODERATE"
},
"details": "PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.",
"id": "GHSA-pf46-m6h6-8j38",
"modified": "2026-03-22T15:31:28Z",
"published": "2026-03-22T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25592"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46824"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/phprunner-denial-of-service-via-dashboard-name-field"
},
{
"type": "WEB",
"url": "https://xlinesoft.com"
},
{
"type": "WEB",
"url": "https://xlinesoft.com/phprunner/download.htm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R6WJ-XMGR-MG33
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-07-03 18:41Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.
{
"affected": [],
"aliases": [
"CVE-2024-4778"
],
"database_specific": {
"cwe_ids": [
"CWE-1260"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T18:15:16Z",
"severity": "CRITICAL"
},
"details": "Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 126.",
"id": "GHSA-r6wj-xmgr-mg33",
"modified": "2024-07-03T18:41:41Z",
"published": "2024-05-14T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4778"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1838834%2C1889291%2C1889595%2C1890204%2C1891545"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9P4-6H68-VM5Q
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-11-03 18:31Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2025-22889"
],
"database_specific": {
"cwe_ids": [
"CWE-1260"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T17:15:32Z",
"severity": "HIGH"
},
"details": "Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-x9p4-6h68-vm5q",
"modified": "2025-11-03T18:31:33Z",
"published": "2025-08-12T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22889"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01311.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00027.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Ensure that memory regions are isolated as intended and that access control (read/write) policies are used by hardware to protect privileged software.
Mitigation
- For all of the programmable memory protection regions, the memory protection unit (MPU) design can define a priority scheme.
- For example: if three memory regions can be programmed (Region_0, Region_1, and Region_2), the design can enforce a priority scheme, such that, if a system address is within multiple regions, then the region with the lowest ID takes priority and the access-control policy of that region will be applied. In some MPU designs, the priority scheme can also be programmed by trusted software.
- Hardware logic or trusted firmware can also check for region definitions and block programming of memory regions with overlapping addresses.
- The memory-access-control-check filter can also be designed to apply a policy filter to all of the overlapping ranges, i.e., if an address is within Region_0 and Region_1, then access to this address is only granted if both Region_0 and Region_1 policies allow the access.
CAPEC-456: Infected Memory
An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections
An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.