Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-805 (使用不正确的长度值访问缓冲区) — Vulnerability Class 36

36 vulnerabilities classified as CWE-805 (使用不正确的长度值访问缓冲区). AI Chinese analysis included.

CWE-805 represents a critical memory safety weakness where software performs sequential read or write operations using an incorrect length value, leading to access beyond the allocated buffer boundaries. This flaw typically manifests when developers miscalculate the size of the destination buffer or fail to validate input lengths against available space, resulting in buffer overflows. Attackers exploit this vulnerability by supplying crafted inputs that exceed expected limits, allowing them to overwrite adjacent memory, corrupt data structures, or execute arbitrary code with elevated privileges. To prevent such incidents, developers must rigorously validate all length parameters before performing memory operations, ensuring they strictly adhere to the actual allocated size. Implementing bounds-checking mechanisms, utilizing safe string handling libraries, and conducting thorough code reviews are essential practices to mitigate the risk of out-of-bounds memory access and maintain application integrity.

MITRE CWE Description
The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. When the length value exceeds the size of the destination, a buffer overflow could occur.
Common Consequences (2)
Integrity, Confidentiality, AvailabilityRead Memory, Modify Memory, Execute Unauthorized Code or Commands
Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. This can often be used to subvert any other security service.
AvailabilityModify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU)
Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
Mitigations (5)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer. Be wary that a lan…
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Operation, Build and CompilationUse automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking. D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses…
Effectiveness: Defense in Depth
ImplementationConsider adhering to the following rules when allocating and managing an application's memory: Double check that the buffer is as large as specified. When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string. Check buffer boundaries if accessing the buffer in a…
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Examples (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:
int returnChunkSize(void *) { /* if chunk info is valid, return the size of usable memory, * else, return -1 to indicate an error */ ... } int main() { ... memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1)); ... }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-34002 Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling — Red Hat Enterprise Linux 10 6.1 Medium2026-05-05
CVE-2026-6245 Sssd: out-of-bounds read in the sssd — Red Hat Enterprise Linux 10 5.5 Medium2026-04-15
CVE-2026-20033 Cisco NX-OS Software Denial of Service Vulnerability — Cisco NX-OS System Software in ACI Mode 7.4 High2026-02-25
CVE-2026-20010 Cisco Nexus 3000 and 9000 Series Switches Link Layer Discovery Protocol Denial of Service Vulnerability — Cisco NX-OS Software 7.4 High2026-02-25
CVE-2026-1837 libjxl: Out-of-bounds write in grayscale color transformation when using LCMS2 — libjxl 8.1 -2026-02-11
CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing — Red Hat Enterprise Linux 10 4.8 Medium2026-01-13
CVE-2025-7048 On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o — EOS 4.3 Medium2026-01-06
CVE-2025-36463 Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability — BCM5820X 7.3 High2025-11-17
CVE-2025-36462 Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability — BCM5820X 7.3 High2025-11-17
CVE-2025-36461 Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability — BCM5820X 7.3 High2025-11-17
CVE-2025-36460 Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability — BCM5820X 7.3 High2025-11-17
CVE-2025-20360 Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerability — Cisco Cyber Vision 5.8 Medium2025-10-15
CVE-2025-20315 Cisco IOS XE 安全漏洞 — Cisco IOS XE Software 8.6 High2025-09-24
CVE-2025-38743 Dell iDRAC Service Module 安全漏洞 — iDRAC Service Module (iSM) 7.8 High2025-08-21
CVE-2025-23319 NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server 8.1 High2025-08-06
CVE-2025-23318 NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server 8.1 High2025-08-06
CVE-2025-20202 Cisco IOS XE Wireless Controller Software 安全漏洞 — Cisco IOS XE Software 7.4 High2025-05-07
CVE-2025-20191 Multiple Cisco Products Denial of Service Vulnerability — Cisco NX-OS Software 7.4 High2025-05-07
CVE-2025-30651 Junos OS and Junos OS Evolved: Receipt of a specific ICMPv6 packet causes a memory overrun leading to an rpd crash — Junos OS 7.5 High2025-04-09
CVE-2025-21591 Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash — Junos OS 7.4 High2025-04-09
CVE-2025-20169 Cisco IOS、Cisco IOS XE和Cisco IOS XR 安全漏洞 — IOS 7.7 High2025-02-05
CVE-2024-0131 NVIDIA GPU kernel driver 安全漏洞 — NVIDIA GPU Display Driver, vGPU software 4.4 Medium2025-02-02
CVE-2024-24851 AutomationDirect P3-550E 安全漏洞 — P3-550E 7.5 High2024-05-28
CVE-2024-3933 Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a buffer — Open J9 5.3 Medium2024-05-27
CVE-2023-5396 Honeywell Experion Server 安全漏洞 — Experion Server 7.4 High2024-04-17
CVE-2024-20294 Cisco NX-OS Software和Cisco FXOS Software安全漏洞 — Cisco NX-OS Software 6.6 Medium2024-02-28
CVE-2022-47375 编号已被CVE保留 — SIMATIC PC-Station Plus 7.5 High2023-12-12
CVE-2023-20049 Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability — Cisco IOS XR Software 8.6 High2023-03-09
CVE-2022-34399 Dell Alienware 缓冲区错误漏洞 — CPG BIOS 5.1 Medium2023-01-18
CVE-2022-0519 Buffer Access with Incorrect Length Value in radareorg/radare2 — radareorg/radare2 7.8 -2022-02-08

Vulnerabilities classified as CWE-805 (使用不正确的长度值访问缓冲区) represent 36 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.