Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-787 (跨界内存写) — Vulnerability Class 2200

2200 vulnerabilities classified as CWE-787 (跨界内存写). AI Chinese analysis included.

CWE-787 represents a critical memory management weakness where software incorrectly writes data beyond the allocated boundaries of a buffer. This flaw typically arises from insufficient bounds checking, allowing attackers to overwrite adjacent memory locations with malicious payloads. Exploitation often leads to arbitrary code execution, denial of service, or privilege escalation by corrupting critical system structures or control flow data. Developers mitigate this risk by implementing rigorous input validation and utilizing safe programming practices that enforce strict boundary checks before any memory operation. Employing modern languages with automatic memory management, such as Rust or Java, further reduces exposure by preventing direct pointer arithmetic. Additionally, static analysis tools and fuzzing techniques help identify potential out-of-bounds conditions during the development lifecycle, ensuring that buffer operations remain within their intended limits and preserving application integrity against memory corruption attacks.

MITRE CWE Description
The product writes data past the end, or before the beginning, of the intended buffer.
Common Consequences (3)
IntegrityModify Memory, Execute Unauthorized Code or Commands
Write operations could cause memory corruption. In some cases, an adversary can modify control data such as return addresses in order to execute unexpected code.
AvailabilityDoS: Crash, Exit, or Restart
Attempting to access out-of-range, invalid, or unauthorized memory could cause the product to crash.
OtherUnexpected State
Subsequent write operations can produce undefined or unexpected results.
Mitigations (5)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer. Be wary that a lan…
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Operation, Build and CompilationUse automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking. D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses…
Effectiveness: Defense in Depth
ImplementationConsider adhering to the following rules when allocating and managing an application's memory: Double check that the buffer is as large as specified. When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string. Check buffer boundaries if accessing the buffer in a…
Operation, Build and CompilationRun or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code. Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported…
Effectiveness: Defense in Depth
Examples (2)
The following code attempts to save four different identification numbers into an array.
int id_sequence[3]; /* Populate the id array. */ id_sequence[0] = 123; id_sequence[1] = 234; id_sequence[2] = 345; id_sequence[3] = 456;
Bad · C
In the following code, it is possible to request that memcpy move a much larger segment of memory than assumed:
int returnChunkSize(void *) { /* if chunk info is valid, return the size of usable memory, * else, return -1 to indicate an error */ ... } int main() { ... memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1)); ... }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2019-25598 HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow — HeidiSQL Portable 6.2 Medium2026-03-22
CVE-2019-25597 NSauditor 3.1.2.0 Denial of Service via Community Field — NSauditor 6.2 Medium2026-03-22
CVE-2019-25591 DNSS Domain Name Search Software 2.1.8 Denial of Service — DNSS Domain Name Search Software 6.2 Medium2026-03-22
CVE-2019-25589 ZOC Terminal 7.23.4 Buffer Overflow Denial of Service — ZOC Terminal 6.2 Medium2026-03-22
CVE-2019-25584 RarmaRadio 2.72.3 Server Field Buffer Overflow Denial of Service — RarmaRadio 6.2 Medium2026-03-22
CVE-2019-25569 RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash — RealTerm: Serial Terminal 6.2 Medium2026-03-21
CVE-2019-25567 Valentina Studio 9.0.5 Linux Buffer Overflow via Host Field — Valentina Studio 6.2 Medium2026-03-21
CVE-2019-25566 TransMac 12.3 Denial of Service via Volume Name Field — TransMac 6.2 Medium2026-03-21
CVE-2019-25565 Magic Iso Maker 5.5 Buffer Overflow Denial of Service — Magic Iso Maker 6.2 Medium2026-03-21
CVE-2019-25564 PCHelpWareV2 1.0.0.5 Denial of Service via Group Field — PCHelpWareV2 5.5 Medium2026-03-21
CVE-2019-25562 jetAudio 8.1.7 Denial of Service via File Naming Buffer Overflow — Convert Video jetAudio 5.5 Medium2026-03-21
CVE-2019-25561 Lyric Maker 2.0.1.0 Denial of Service via Buffer Overflow — Lyric Maker 6.2 Medium2026-03-21
CVE-2019-25558 Selfie Studio 2.17 Denial of Service via Resize Image — Selfie Studio 6.2 Medium2026-03-21
CVE-2019-25556 TwistedBrush Pro Studio 24.06 Resize Image Denial of Service — TwistedBrush Pro Studio 6.2 Medium2026-03-21
CVE-2019-25554 Tomabo MP4 Converter 3.25.22 Denial of Service via Name Field — MP4 Converter 5.5 Medium2026-03-21
CVE-2019-25550 Encrypt PDF 2.3 Denial of Service via Buffer Overflow — Encrypt PDF 6.2 Medium2026-03-21
CVE-2019-25549 VeryPDF PCL Converter 2.7 Denial of Service via PDF Security — VeryPDF PCL Converter 6.2 Medium2026-03-21
CVE-2019-25547 NetAware 1.20 Denial of Service via Add Block Buffer Overflow — NetAware 6.2 Medium2026-03-21
CVE-2019-25546 NetAware 1.20 Share Name Denial of Service — NetAware 6.2 Medium2026-03-21
CVE-2019-25545 Terminal Services Manager 3.2.1 Local Buffer Overflow Denial of Service — Terminal Services Manager 6.2 Medium2026-03-21
CVE-2026-33165 heap out-of-bounds write in libde265 1.0.16 — libde265 5.5 Medium2026-03-20
CVE-2026-33144 GPAC MP4Box Heap Buffer Overflow Write in gf_xml_parse_bit_sequence_bs (NHML BS Parsing) — gpac 5.8 Medium2026-03-20
CVE-2026-4450 Google Chrome 安全漏洞 — Chrome 8.8 -2026-03-20
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config — wolfSSL 9.8 -2026-03-19
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL — wolfSSL 8.8 -2026-03-19
CVE-2026-32636 ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash — ImageMagick 5.3 Medium2026-03-18
CVE-2025-64301 Canva Affinity 安全漏洞 — Affinity 7.8 High2026-03-17
CVE-2025-52458 arkcompiler_ets_runtime has an out-of-bounds write vulnerability — OpenHarmony 5.5 Medium2026-03-16
CVE-2025-41432 arkcompiler_ets_runtime has an out-of-bounds write vulnerability — OpenHarmony 5.5 Medium2026-03-16
CVE-2026-3086 GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability — GStreamer 8.4 -2026-03-13

Vulnerabilities classified as CWE-787 (跨界内存写) represent 2200 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.