Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-124 (缓冲区下溢) — Vulnerability Class 29

29 vulnerabilities classified as CWE-124 (缓冲区下溢). AI Chinese analysis included.

CWE-124, known as Buffer Underwrite or Buffer Underflow, is a critical memory safety weakness where software writes data to a memory location preceding the intended buffer’s start. This occurs when an index or pointer is incorrectly calculated, often due to signed integer underflows or improper boundary checks, causing the write operation to overwrite adjacent memory structures. Attackers typically exploit this vulnerability to corrupt critical data, such as function return addresses or security metadata, potentially leading to arbitrary code execution or system crashes. To prevent such issues, developers must implement rigorous bounds checking, utilize static analysis tools to detect pointer arithmetic errors, and adopt safe programming languages or libraries that enforce memory safety. Additionally, employing compiler protections like stack canaries and address space layout randomization can mitigate the impact of underflow attempts, ensuring that memory access remains strictly within allocated boundaries.

MITRE CWE Description
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
Common Consequences (3)
Integrity, AvailabilityModify Memory, DoS: Crash, Exit, or Restart
Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash.
Integrity, Confidentiality, Availability, Access Control, OtherExecute Unauthorized Code or Commands, Modify Memory, Bypass Protection Mechanism, Other
If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy. The consequences would o…
Access Control, OtherBypass Protection Mechanism, Other
When the consequence is arbitrary code execution, this can often be used to subvert any other security service.
Mitigations (2)
RequirementsChoose a language that is not susceptible to these issues.
ImplementationAll calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.
Examples (2)
In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.
char* trimTrailingWhitespace(char *strMessage, int length) { char *retMessage; char *message = malloc(sizeof(char)*(length+1)); // copy input string to a temporary string char message[length+1]; int index; for (index = 0; index < length; index++) { message[index] = strMessage[index]; } message[index] = '\0'; // trim trailing whitespace int len = index-1; while (isspace(message[len])) { message[len] = '\0'; len--; } // return string without trailing whitespace retMessage = message; return retMessage; }
Bad · C
The following is an example of code that may result in a buffer underwrite. This code is attempting to replace the substring "Replace Me" in destBuf with the string stored in srcBuf. It does so by using the function strstr(), which returns a pointer to the found substring in destBuf. Using pointer arithmetic, the starting index of the substring is found.
int main() { ... char *result = strstr(destBuf, "Replace Me"); int idx = result - destBuf; strcpy(&destBuf[idx], srcBuf); ... }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-41499 Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string() — wazuh 6.5 Medium2026-04-29
CVE-2026-26204 Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData — wazuh 4.4 Medium2026-04-29
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input — Red Hat Hardened Images 7.5AIHighAI2026-03-26
CVE-2026-20104 Cisco多款产品 安全漏洞 — Cisco IOS XE Software 6.1 Medium2026-03-25
CVE-2026-28419 Vim has Heap-based Buffer Underflow in Emacs tags parsing — vim 5.3 Medium2026-02-27
CVE-2024-36310 AMD多款产品 安全漏洞 — AMD EPYC™ 9004 Series Processors 6.7AIMediumAI2026-02-10
CVE-2026-1485 Glib: glib: local denial of service via buffer underflow in content type parsing — Red Hat Enterprise Linux 10 2.8 Low2026-01-27
CVE-2025-68114 Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow — capstone 4.8 Medium2025-12-17
CVE-2025-62786 Wazuh Vulnerable to Heap-based Buffer Out-Of-Bounds WRITE in decode_win_permissions — wazuh 9.8AICriticalAI2025-10-29
CVE-2025-61690 KEYENCE KV STUDIO 安全漏洞 — KV STUDIO 7.8 High2025-10-02
CVE-2025-53101 ImageMagick has Stack Buffer Overflow in image.c — ImageMagick 7.4 High2025-07-14
CVE-2025-20695 MediaTek Chipsets 安全漏洞 — MT6639, MT6653, MT6985, MT6989, MT6990, MT6991, MT7925, MT7927, MT8196, MT8678, MT8796 6.5AIMediumAI2025-07-08
CVE-2025-20694 MediaTek Chipsets 安全漏洞 — MT2718, MT6639, MT6653, MT6985, MT6989, MT6990, MT6991, MT7925, MT7927, MT8113, MT8115, MT8127, MT8163, MT8168, MT8169, MT8173, MT8183, MT8186, MT8188, MT8195, MT8196, MT8370, MT8390, MT8391, MT8395, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8786, MT8792, MT8796, MT8893 6.5 -2025-07-08
CVE-2025-4373 Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar 4.8 Medium2025-05-06
CVE-2023-25610 Fortinet FortiOS和FortiProxy 安全漏洞 — FortiSwitchManager 9.3 Critical2025-03-24
CVE-2025-27440 Zoom Apps - Heap-based Buffer Overflow — Zoom Workplace Apps 8.5 High2025-03-11
CVE-2025-27439 Zoom Apps - Buffer Underflow — Zoom Workplace Apps 8.5 High2025-03-11
CVE-2020-9086 Huawei 4G Router B612安全漏洞 — HUAWEI 4G Router B612 4.3 Medium2024-12-27
CVE-2024-52990 Animate | Buffer Underwrite ('Buffer Underflow') (CWE-124) — Animate 7.8 High2024-12-10
CVE-2023-48230 Cap'n Proto WebSocket message can cause crash — capnproto 5.9 Medium2023-11-21
CVE-2023-32614 Accusoft ImageGear 缓冲区错误漏洞 — ImageGear 7.0 High2023-09-25
CVE-2023-31130 Buffer Underwrite in ares_inet_net_pton() — c-ares 4.1 Medium2023-05-25
CVE-2022-33896 Hancom Office 安全漏洞 — Hancom Office 2020 7.8 -2022-10-07
CVE-2022-20683 Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability — Cisco IOS XE Software 8.6 High2022-04-15
CVE-2021-38578 Tianocore Edk2 缓冲区错误漏洞 — EDK II 7.4 High2022-03-03
CVE-2021-38575 Tianocore Edk2 缓冲区错误漏洞 — EDK II 8.1 -2021-12-01
CVE-2021-36064 XMP Toolkit SDK SVG_Adapter ParseFullNS Buffer Underflow — XMP Toolkit 7.8 High2021-09-01
CVE-2018-15361 UltraVNC 缓冲区错误漏洞 — UltraVNC 9.8 -2019-03-05
CVE-2018-5388 strongSwan 缓冲区错误漏洞 — strongSwan 6.5 -2018-05-31

Vulnerabilities classified as CWE-124 (缓冲区下溢) represent 29 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.