Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-788 (在缓冲区结束位置之后访问内存) — Vulnerability Class 140

140 vulnerabilities classified as CWE-788 (在缓冲区结束位置之后访问内存). AI Chinese analysis included.

CWE-788 represents a critical memory safety vulnerability where software accesses memory locations beyond the allocated boundaries of a buffer. This weakness typically arises from improper pointer arithmetic or off-by-one errors during index manipulation, allowing attackers to read sensitive data or write malicious payloads into adjacent memory regions. Exploitation often leads to information disclosure, application crashes, or arbitrary code execution, depending on the memory layout and attacker control. Developers can prevent this by implementing rigorous bounds checking before any memory access, utilizing safe string handling libraries that enforce length limits, and adopting static analysis tools to detect out-of-bounds references during the coding phase. Furthermore, employing memory-safe programming languages or compiler protections like Address Sanitizers helps identify these errors early, ensuring that buffer indices remain strictly within valid limits throughout the application’s lifecycle.

MITRE CWE Description
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This typically occurs when a pointer or its index is incremented to a position after the buffer; or when pointer arithmetic results in a position after the buffer.
Common Consequences (3)
ConfidentialityRead Memory
For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences.
Integrity, AvailabilityModify Memory, DoS: Crash, Exit, or Restart
Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
IntegrityModify Memory, Execute Unauthorized Code or Commands
If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer's worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious cod…
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:
int returnChunkSize(void *) { /* if chunk info is valid, return the size of usable memory, * else, return -1 to indicate an error */ ... } int main() { ... memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1)); ... }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-40702 Adobe Premiere Elements psd Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Premiere 7.8 -2021-09-27
CVE-2021-39824 Adobe Premiere Elements png Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Premiere 7.8 -2021-09-27
CVE-2021-39818 Adobe InCopy Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — InCopy 7.8 High2021-09-27
CVE-2021-39819 Adobe InCopy Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — InCopy 7.8 High2021-09-27
CVE-2021-21105 Adobe Illustrator memory corruption vulnerability could lead to remote code execution — Illustrator 8.8 High2021-09-08
CVE-2021-21104 Adobe Illustrator memory corruption vulnerability could lead to remote code execution — Illustrator 8.8 High2021-09-08
CVE-2021-21103 Adobe Illustrator memory corruption vulnerability could lead to information disclosure — Illustrator 4.3 Medium2021-09-08
CVE-2021-36017 Adobe After Effects PDF File Parsing Memory Corruption Remote Code Execution Vulnerability — After Effects 7.8 High2021-09-02
CVE-2021-35996 Adobe After Effects Memory Corruption Could Lead To Arbitrary Code Execution — After Effects 7.8 High2021-09-02
CVE-2021-39817 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Bridge 7.8 High2021-09-01
CVE-2021-36077 Adobe Bridge SVG File Memory Corruption Could Lead To Application Denial Of Service — Bridge 5.5 Medium2021-09-01
CVE-2021-36078 Adobe Bridge PDF File Parsing Memory Corruption Remote Code Execution Vulnerability — Bridge 7.8 High2021-09-01
CVE-2021-39816 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Bridge 7.8 High2021-09-01
CVE-2021-36076 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Bridge 7.8 High2021-09-01
CVE-2021-36069 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Bridge 7.8 High2021-09-01
CVE-2021-36067 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Bridge 7.8 High2021-09-01
CVE-2021-36070 Adobe Media Encoder Improper Memory Access When Parsing SVG Files Could Lead To Remote Code Execution — Media Encoder 7.8 High2021-09-01
CVE-2021-36068 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Bridge 7.8 High2021-09-01
CVE-2021-36059 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Bridge 7.8 High2021-09-01
CVE-2021-36052 XMPToolkit SDK ImportTIFF_CheckStandardMapping Memory Corruption — XMP Toolkit 7.8 High2021-09-01
CVE-2021-36049 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution — Bridge 7.8 High2021-09-01
CVE-2021-36046 XMP Toolkit SDK TIFF_MemoryReader::SortIFD function Memory Corruption — XMP Toolkit 7.8 -2021-09-01
CVE-2021-36015 Adobe Media Encoder Memory Corruption Could Lead To Remote Code Execution — Media Encoder 7.8 High2021-08-20
CVE-2021-36009 Adobe Illustrator PDF File Parsing Memory Corruption Remote Code Execution Vulnerability — Illustrator 7.8 High2021-08-20
CVE-2021-35999 Adobe Prelude Memory Corruption Remote Code Execution Vulnerability — Prelude 7.8 High2021-08-20
CVE-2021-36000 Adobe Character Animator Memory Corruption Arbitrary Code Execution Vulnerability — Character Animator (Preview 4) 7.8 High2021-08-20
CVE-2021-35997 Adobe Premiere Pro Memory Corruption Remote Code Execution Vulnerability — Premiere 7.8 High2021-08-20
CVE-2021-3588 memory contents disclosure in cli_feat_read_cb — BlueZ 3.3 Low2021-06-10
CVE-2021-22548 Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall — Asylo 6.5 Medium2021-06-08
CVE-2021-32629 Memory access due to code generation flaw in Cranelift module — wasmtime 7.2 High2021-05-24

Vulnerabilities classified as CWE-788 (在缓冲区结束位置之后访问内存) represent 140 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.