CWE-823
AllowedUse of Out-of-range Pointer Offset
Abstraction: Base · Status: Incomplete
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.
177 vulnerabilities reference this CWE, most recent first.
GHSA-HQM8-GPP6-J34P
Vulnerability from github – Published: 2024-02-06 06:30 – Updated: 2024-02-06 06:30Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
{
"affected": [],
"aliases": [
"CVE-2023-43534"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T06:16:02Z",
"severity": "HIGH"
},
"details": "Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.",
"id": "GHSA-hqm8-gpp6-j34p",
"modified": "2024-02-06T06:30:32Z",
"published": "2024-02-06T06:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43534"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J476-HF2Q-984G
Vulnerability from github – Published: 2024-07-09 15:30 – Updated: 2024-07-16 18:31In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13.
{
"affected": [],
"aliases": [
"CVE-2024-6603"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T15:15:12Z",
"severity": "HIGH"
},
"details": "In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox \u003c 128 and Firefox ESR \u003c 115.13.",
"id": "GHSA-j476-hf2q-984g",
"modified": "2024-07-16T18:31:41Z",
"published": "2024-07-09T15:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6603"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895081"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-30"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-31"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J622-84GV-VX9M
Vulnerability from github – Published: 2025-01-31 06:30 – Updated: 2025-01-31 18:31Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
{
"affected": [],
"aliases": [
"CVE-2024-47900"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-31T04:15:08Z",
"severity": "HIGH"
},
"details": "Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.",
"id": "GHSA-j622-84gv-vx9m",
"modified": "2025-01-31T18:31:05Z",
"published": "2025-01-31T06:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47900"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JV3V-7C3Q-8HH2
Vulnerability from github – Published: 2022-06-25 00:01 – Updated: 2022-06-25 00:01Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.
{
"affected": [],
"aliases": [
"CVE-2022-32142"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-24T08:15:00Z",
"severity": "HIGH"
},
"details": "Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.",
"id": "GHSA-jv3v-7c3q-8hh2",
"modified": "2022-06-25T00:01:01Z",
"published": "2022-06-25T00:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32142"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M264-RXP9-QM6V
Vulnerability from github – Published: 2023-05-10 18:30 – Updated: 2025-11-04 21:30An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the PORT command.
{
"affected": [],
"aliases": [
"CVE-2022-46378"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T16:15:10Z",
"severity": "HIGH"
},
"details": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.",
"id": "GHSA-m264-rxp9-qm6v",
"modified": "2025-11-04T21:30:33Z",
"published": "2023-05-10T18:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46378"
},
{
"type": "WEB",
"url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MHHC-7VG8-H992
Vulnerability from github – Published: 2025-01-13 12:31 – Updated: 2025-01-13 18:31Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
{
"affected": [],
"aliases": [
"CVE-2024-52937"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-13T11:15:09Z",
"severity": "MODERATE"
},
"details": "Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory.",
"id": "GHSA-mhhc-7vg8-h992",
"modified": "2025-01-13T18:31:55Z",
"published": "2025-01-13T12:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52937"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P8VW-H7RX-FGXR
Vulnerability from github – Published: 2024-03-04 12:31 – Updated: 2024-03-04 12:31Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
{
"affected": [],
"aliases": [
"CVE-2023-43553"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-04T11:15:14Z",
"severity": "CRITICAL"
},
"details": "Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.",
"id": "GHSA-p8vw-h7rx-fgxr",
"modified": "2024-03-04T12:31:11Z",
"published": "2024-03-04T12:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43553"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PG26-49X3-7H59
Vulnerability from github – Published: 2024-02-06 06:30 – Updated: 2024-02-06 06:30Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
{
"affected": [],
"aliases": [
"CVE-2023-43513"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T06:16:01Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.",
"id": "GHSA-pg26-49x3-7h59",
"modified": "2024-02-06T06:30:31Z",
"published": "2024-02-06T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43513"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PGW3-2GJQ-FHGR
Vulnerability from github – Published: 2023-11-14 18:30 – Updated: 2023-11-14 18:30Memory Corruption in Multi-mode Call Processor while processing bit mask API.
{
"affected": [],
"aliases": [
"CVE-2023-22388"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T06:15:08Z",
"severity": "CRITICAL"
},
"details": "Memory Corruption in Multi-mode Call Processor while processing bit mask API.",
"id": "GHSA-pgw3-2gjq-fhgr",
"modified": "2023-11-14T18:30:26Z",
"published": "2023-11-14T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22388"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2H3-9C64-6VMC
Vulnerability from github – Published: 2023-12-09 00:35 – Updated: 2023-12-09 00:35An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.
{
"affected": [],
"aliases": [
"CVE-2023-6560"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-09T00:15:07Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.",
"id": "GHSA-q2h3-9c64-6vmc",
"modified": "2023-12-09T00:35:05Z",
"published": "2023-12-09T00:35:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6560"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-6560"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253249"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK"
},
{
"type": "WEB",
"url": "https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.