Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-788 (在缓冲区结束位置之后访问内存) — Vulnerability Class 140

140 vulnerabilities classified as CWE-788 (在缓冲区结束位置之后访问内存). AI Chinese analysis included.

CWE-788 represents a critical memory safety vulnerability where software accesses memory locations beyond the allocated boundaries of a buffer. This weakness typically arises from improper pointer arithmetic or off-by-one errors during index manipulation, allowing attackers to read sensitive data or write malicious payloads into adjacent memory regions. Exploitation often leads to information disclosure, application crashes, or arbitrary code execution, depending on the memory layout and attacker control. Developers can prevent this by implementing rigorous bounds checking before any memory access, utilizing safe string handling libraries that enforce length limits, and adopting static analysis tools to detect out-of-bounds references during the coding phase. Furthermore, employing memory-safe programming languages or compiler protections like Address Sanitizers helps identify these errors early, ensuring that buffer indices remain strictly within valid limits throughout the application’s lifecycle.

MITRE CWE Description
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This typically occurs when a pointer or its index is incremented to a position after the buffer; or when pointer arithmetic results in a position after the buffer.
Common Consequences (3)
ConfidentialityRead Memory
For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences.
Integrity, AvailabilityModify Memory, DoS: Crash, Exit, or Restart
Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
IntegrityModify Memory, Execute Unauthorized Code or Commands
If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer's worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious cod…
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:
int returnChunkSize(void *) { /* if chunk info is valid, return the size of usable memory, * else, return -1 to indicate an error */ ... } int main() { ... memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1)); ... }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-42738 Adobe Prelude MXF File Parsing Memory Corruption Arbitrary Code Execution — Prelude 7.8 High2021-11-22
CVE-2021-42737 Adobe Prelude WAV File Parsing Memory Corruption Arbitrary Code Execution — Prelude 7.8 High2021-11-22
CVE-2021-40775 Adobe Prelude SVG File Parsing Memory Corruption Arbitrary Code Execution — Prelude 7.8 -2021-11-22
CVE-2021-40772 Adobe Prelude M4A File Parsing Memory Corruption Arbitrary Code Execution — Prelude 7.8 -2021-11-22
CVE-2021-40771 Adobe Prelude WAV File Parsing Memory Corruption Arbitrary Code Execution — Prelude 7.8 -2021-11-22
CVE-2021-40770 Adobe Prelude M4A File Parsing Memory Corruption Arbitrary Code Execution — Prelude 7.8 High2021-11-22
CVE-2021-42267 Adobe Animate FLA File Parsing Memory Corruption Arbitrary Code Execution — Animate 7.8 High2021-11-18
CVE-2021-42266 Adobe Animate FLA File Parsing Memory Corruption Arbitrary Code Execution — Animate 7.8 High2021-11-18
CVE-2021-40733 Adobe Animate Memory Corruption Could Lead To Arbitrary Code Execution — Animate 7.8 -2021-11-18
CVE-2021-40760 Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution — After Effects 7.8 High2021-11-18
CVE-2021-40759 Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution — After Effects 7.8 High2021-11-18
CVE-2021-40758 Adobe After Effects WAV File Parsing Memory Corruption Arbitrary Code Execution — After Effects 7.8 High2021-11-18
CVE-2021-40757 Adobe After Effects MXF File Parsing Memory Corruption Arbitrary Code Execution — After Effects 7.8 High2021-11-18
CVE-2021-40755 Adobe After Effects SGI File Parsing Memory Corruption Arbitrary Code Execution — After Effects 7.8 High2021-11-18
CVE-2021-40754 Adobe After Effects WAV File Parsing Memory Corruption Arbitrary Code Execution — After Effects 7.8 -2021-11-18
CVE-2021-40753 Adobe After Effects SVG File Parsing Memory Corruption Arbitrary Code Execution — After Effects 7.8 -2021-11-18
CVE-2021-40752 Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution — After Effects 7.8 -2021-11-18
CVE-2021-40751 Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution — After Effects 7.8 -2021-11-18
CVE-2021-43011 Adobe Prelude M4A file memory corruption vulnerability could lead to remote code execution — Prelude 7.8 High2021-11-16
CVE-2021-43012 Adobe Prelude M4A file memory corruption vulnerability could lead to remote code execution — Prelude 7.8 High2021-11-16
CVE-2021-42725 Adobe Bridge Memory Corruption could lead to Arbitrary code execution — Bridge 7.8 High2021-11-16
CVE-2021-43013 Adobe Media Encoder memory corruption vulnerability could lead to remote code execution — Media Encoder 7.8 High2021-11-16
CVE-2021-42726 Adobe Bridge Memory Corruption could lead to Arbitrary code execution — Bridge 7.8 High2021-11-16
CVE-2021-40710 Adobe Premiere Pro 2021 SVG File Parsing Leads to Memory Corruption — Premiere 7.8 -2021-09-29
CVE-2021-40715 Adobe Premiere Pro 2021 EXR File Parsing Leads to Memory Corruption — Premiere 7.8 High2021-09-29
CVE-2021-39832 Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability — FrameMaker 7.8 -2021-09-29
CVE-2021-39830 Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability — FrameMaker 7.8 -2021-09-29
CVE-2021-40700 Adobe Premiere Elements TIFF Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Premiere 7.8 -2021-09-27
CVE-2021-40701 Adobe Premiere Elements m4a Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Premiere 7.8 -2021-09-27
CVE-2021-40703 Adobe Premiere Elements m4a Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Not a product 7.8 -2021-09-27

Vulnerabilities classified as CWE-788 (在缓冲区结束位置之后访问内存) represent 140 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.