CWE-823
AllowedUse of Out-of-range Pointer Offset
Abstraction: Base · Status: Incomplete
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.
177 vulnerabilities reference this CWE, most recent first.
GHSA-Q6F6-GFQ8-34CX
Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2022-03-17 00:05Use of Out-of-range Pointer Offset in Conda vim prior to 8.2.
{
"affected": [],
"aliases": [
"CVE-2022-0554"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-10T22:15:00Z",
"severity": "HIGH"
},
"details": "Use of Out-of-range Pointer Offset in Conda vim prior to 8.2.",
"id": "GHSA-q6f6-gfq8-34cx",
"modified": "2022-03-17T00:05:45Z",
"published": "2022-02-11T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0554"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q7VH-44J8-J22P
Vulnerability from github – Published: 2025-11-13 00:30 – Updated: 2025-11-13 00:30UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).
{
"affected": [],
"aliases": [
"CVE-2017-20211"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-12T22:15:41Z",
"severity": "HIGH"
},
"details": "UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).",
"id": "GHSA-q7vh-44j8-j22p",
"modified": "2025-11-13T00:30:17Z",
"published": "2025-11-13T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20211"
},
{
"type": "WEB",
"url": "https://www.ucancode.net"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/ucancode-e-xd-visualization-enterprise-suite-untrusted-pointer-dereference-rce"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-17-422"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q9C7-F5PH-HCWX
Vulnerability from github – Published: 2024-12-02 12:38 – Updated: 2024-12-02 12:38Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.
{
"affected": [],
"aliases": [
"CVE-2024-33036"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-02T11:15:06Z",
"severity": "MODERATE"
},
"details": "Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.",
"id": "GHSA-q9c7-f5ph-hcwx",
"modified": "2024-12-02T12:38:27Z",
"published": "2024-12-02T12:38:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33036"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R36W-QC6C-G892
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-10-24 19:00A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
{
"affected": [],
"aliases": [
"CVE-2021-34595"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-26T10:15:00Z",
"severity": "HIGH"
},
"details": "A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.",
"id": "GHSA-r36w-qc6c-g892",
"modified": "2022-10-24T19:00:21Z",
"published": "2022-05-24T19:18:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34595"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16878\u0026token=e5644ec405590e66aefa62304cb8632df9fc9e9c\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R633-28CW-P576
Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:03Memory corruption in Modem while processing security related configuration before AS Security Exchange.
{
"affected": [],
"aliases": [
"CVE-2023-24855"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-03T06:15:23Z",
"severity": "CRITICAL"
},
"details": "Memory corruption in Modem while processing security related configuration before AS Security Exchange.",
"id": "GHSA-r633-28cw-p576",
"modified": "2024-04-04T08:03:08Z",
"published": "2023-10-03T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24855"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RGWM-PX7V-J678
Vulnerability from github – Published: 2025-01-13 12:31 – Updated: 2025-01-13 18:31Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
{
"affected": [],
"aliases": [
"CVE-2024-47894"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-13T11:15:08Z",
"severity": "HIGH"
},
"details": "Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest\u0027s virtualised GPU memory.",
"id": "GHSA-rgwm-px7v-j678",
"modified": "2025-01-13T18:31:55Z",
"published": "2025-01-13T12:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47894"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RJPG-QPWF-XP3R
Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,
{
"affected": [],
"aliases": [
"CVE-2024-33041"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T11:15:08Z",
"severity": "MODERATE"
},
"details": "Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,",
"id": "GHSA-rjpg-qpwf-xp3r",
"modified": "2025-01-06T12:30:32Z",
"published": "2025-01-06T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33041"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RR79-WXQV-V9VQ
Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2023-01-17 21:30Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.
{
"affected": [],
"aliases": [
"CVE-2022-0614"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-16T10:15:00Z",
"severity": "MODERATE"
},
"details": "Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.",
"id": "GHSA-rr79-wxqv-v9vq",
"modified": "2023-01-17T21:30:22Z",
"published": "2022-02-17T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0614"
},
{
"type": "WEB",
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RRMX-RW89-WHM4
Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-15 18:30Memory corruption in modem due to use of out of range pointer offset while processing qmi msg
{
"affected": [],
"aliases": [
"CVE-2022-25709"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T21:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption in modem due to use of out of range pointer offset while processing qmi msg",
"id": "GHSA-rrmx-rw89-whm4",
"modified": "2023-03-15T18:30:25Z",
"published": "2023-03-10T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25709"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RX6M-WJQW-383G
Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-15 18:30Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
{
"affected": [],
"aliases": [
"CVE-2022-25694"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T21:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM",
"id": "GHSA-rx6m-wjqw-383g",
"modified": "2023-03-15T18:30:25Z",
"published": "2023-03-10T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25694"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.