CWE-788
DiscouragedAccess of Memory Location After End of Buffer
Abstraction: Base · Status: Incomplete
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
283 vulnerabilities reference this CWE, most recent first.
GHSA-PMMM-MGXP-RWV5
Vulnerability from github – Published: 2022-05-24 19:21 – Updated: 2022-05-24 19:21Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40770"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-22T16:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.",
"id": "GHSA-pmmm-mgxp-rwv5",
"modified": "2022-05-24T19:21:11Z",
"published": "2022-05-24T19:21:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40770"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-96.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PP9V-H875-V39W
Vulnerability from github – Published: 2022-05-24 19:21 – Updated: 2022-05-24 19:21Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40760"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-18T17:15:00Z",
"severity": "HIGH"
},
"details": "Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.",
"id": "GHSA-pp9v-h875-v39w",
"modified": "2022-05-24T19:21:04Z",
"published": "2022-05-24T19:21:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40760"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-79.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQFM-P88J-XQ9G
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-36059"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-pqfm-p88j-xq9g",
"modified": "2022-05-24T19:12:44Z",
"published": "2022-05-24T19:12:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36059"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-69.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQWW-3MGV-R6MJ
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2020-27738"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-22T21:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in Nucleus 4 (All versions \u003c V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions \u003c V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.",
"id": "GHSA-pqww-3mgv-r6mj",
"modified": "2022-05-24T17:48:19Z",
"published": "2022-05-24T17:48:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27738"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PRX7-JM7P-362C
Vulnerability from github – Published: 2024-10-23 18:33 – Updated: 2024-10-23 18:33A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cause the Snort detection engine to restart unexpectedly.
This vulnerability is due to improper memory management when the Snort detection engine processes specific TCP or UDP packets. An attacker could exploit this vulnerability by sending crafted TCP or UDP packets through a device that is inspecting traffic using the Snort detection engine. A successful exploit could allow the attacker to restart the Snort detection engine repeatedly, which could cause a denial of service (DoS) condition. The DoS condition impacts only the traffic through the device that is examined by the Snort detection engine. The device can still be managed over the network. Note: Once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded. This means that the Snort detection engine could crash repeatedly, causing traffic that is processed by the Snort detection engine to be dropped until the device is manually reloaded.
{
"affected": [],
"aliases": [
"CVE-2024-20330"
],
"database_specific": {
"cwe_ids": [
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-23T17:15:17Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cause the Snort detection engine to restart unexpectedly.\n\nThis vulnerability is due to improper memory management when the Snort detection engine processes specific TCP or UDP packets. An attacker could exploit this vulnerability by sending crafted TCP or UDP packets through a device that is inspecting traffic using the Snort detection engine. A successful exploit could allow the attacker to restart the Snort detection engine repeatedly, which could cause a denial of service (DoS) condition. The DoS condition impacts only the traffic through the device that is examined by the Snort detection engine. The device can still be managed over the network.\nNote: Once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded. This means that the Snort detection engine could crash repeatedly, causing traffic that is processed by the Snort detection engine to be dropped until the device is manually reloaded.",
"id": "GHSA-prx7-jm7p-362c",
"modified": "2024-10-23T18:33:08Z",
"published": "2024-10-23T18:33:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20330"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd2100-snort-dos-M9HuMt75"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PX8H-XX9C-QW5C
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-39824"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-27T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-px8h-xx9c-qw5c",
"modified": "2022-05-24T19:15:47Z",
"published": "2022-05-24T19:15:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39824"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-78.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q3CQ-46X3-3MXJ
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2025-11-03 21:30XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-36046"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "HIGH"
},
"details": "XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-q3cq-46x3-3mxj",
"modified": "2025-11-03T21:30:33Z",
"published": "2022-05-24T19:12:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36046"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QFQR-MXW4-Q8J5
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-10-08 00:00Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-35997"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-20T19:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-qfqr-mxw4-q8j5",
"modified": "2022-10-08T00:00:19Z",
"published": "2022-05-24T19:11:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35997"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-56.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QG28-72M5-QQM8
Vulnerability from github – Published: 2021-11-23 00:00 – Updated: 2022-04-26 00:01Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-43015"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-22T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.",
"id": "GHSA-qg28-72m5-qqm8",
"modified": "2022-04-26T00:01:22Z",
"published": "2021-11-23T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43015"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/incopy/apsb21-110.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QG8W-FQF6-RHHV
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40764"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-qg8w-fqf6-rhhv",
"modified": "2022-03-17T00:00:33Z",
"published": "2022-03-17T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40764"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/character_animator/apsb21-95.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.