Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-823 (使用越界的指针偏移) — Vulnerability Class 86

86 vulnerabilities classified as CWE-823 (使用越界的指针偏移). AI Chinese analysis included.

CWE-823 represents a critical memory safety weakness where software executes pointer arithmetic using an offset that exceeds the bounds of the intended memory region. This flaw typically arises when developers fail to validate calculated addresses against the allocated buffer’s limits, allowing the resulting pointer to reference unauthorized or uninitialized memory locations. Attackers exploit this vulnerability to trigger out-of-bounds reads or writes, potentially leading to information disclosure, application crashes, or arbitrary code execution by overwriting adjacent memory structures. To mitigate this risk, developers must rigorously enforce boundary checks before performing any pointer arithmetic operations. Implementing static analysis tools and dynamic memory sanitizers helps detect invalid offsets during testing, while adhering to safe programming practices ensures that all pointer calculations remain strictly within the allocated memory footprint, thereby preserving application integrity and preventing exploitation.

MITRE CWE Description
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. While a pointer can contain a reference to any arbitrary memory location, a program typically only intends to use the pointer to access limited portions of memory, such as contiguous memory used to access an individual array. Programs may use offsets in order to access fields or sub-elements stored within structured data. The offset might be out-of-range if it comes from an untrusted source, is the result of an incorrect calculation, or occurs because of another error. If an attacker can control or influence the offset so that it points outside of the intended boundaries of the structure, then the attacker may be able to read or write to memory locations that are used elsewhere in the product. As a result, the attack might change the state of the product as accessed through program variables, cause a crash or instable behavior, and possibly lead to code execution.
Common Consequences (3)
ConfidentialityRead Memory
If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
AvailabilityDoS: Crash, Exit, or Restart
If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is "malformed" or larger than expected by a read or write operation, the application may terminate unexpectedly.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands, Modify Memory
If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
CVE IDTitleCVSSSeverityPublished
CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided — uuid 9.1AICriticalAI2026-04-24
CVE-2025-33215 NVIDIA SNAP-4 Container 安全漏洞 — SNAP-4 Container 6.8 Medium2026-03-24
CVE-2026-21732 GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation — Graphics DDK 8.1 -2026-03-20
CVE-2026-20022 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 6.1 Medium2026-03-04
CVE-2025-54152 Qsync Central — Qsync Central 7.5AIHighAI2026-02-11
CVE-2026-23764 VB-Audio Voicemeeter & Matrix Drivers DoS via Corrupted IoAllocateMdl Length — Voicemeeter (Standard) 6.3AIMediumAI2026-01-22
CVE-2017-20211 UCanCode E-XD++ Visualization Enterprise Suite Untrusted Pointer Dereference RCE — E-XD++ Visualization Enterprise Suite 8.8 -2025-11-12
CVE-2025-11232 Invalid characters cause assert — Kea 7.5 High2025-10-29
CVE-2025-47349 Use of Out-of-range Pointer Offset in DSP Service — Snapdragon 7.8 High2025-10-09
CVE-2025-27059 Use of Out-of-range Pointer Offset in TZ Firmware — Snapdragon 8.8 High2025-10-09
CVE-2025-25180 GPU DDK - Insufficient validation in RGXCREATEFREELIST creates corrupt freelist — Graphics DDK 5.5AIMediumAI2025-07-14
CVE-2024-53017 Use of Out-of-range Pointer Offset in Camera Driver — Snapdragon 6.6 Medium2025-06-03
CVE-2025-46806 Misaligned Memory Accesses in `is_openvpn_protocol()` — sslh 7.5AIHighAI2025-06-02
CVE-2024-47893 GPU DDK - OOB read and write of the shared KMD/FW memory heap (VZ/TEE setups) — Graphics DDK 8.4AIHighAI2025-05-17
CVE-2024-45570 Use of Out-of-range Pointer Offset in Camera Driver — Snapdragon 6.6 Medium2025-05-06
CVE-2025-0467 GPU DDK - rgxfw_hwperf_get_packet_buffer OOB write — Graphics DDK 7.8 -2025-04-18
CVE-2024-45557 Use of Out-of-range Pointer Offset in Trust Management Engine — Snapdragon 7.8 High2025-04-07
CVE-2024-43060 Use of Out-of-range Pointer Offset in Automotive Audio — Snapdragon 7.8 High2025-03-03
CVE-2024-12577 GPU DDK - rgxfw_pcset_ungrab OOB write via psFWMemContext->uiPageCatBaseRegSet — Graphics DDK 7.8 -2025-02-22
CVE-2024-52939 GPU DDK - RGXFWIF_HWPERF_CTL_BLK.uiNumCounters OOB write — Graphics DDK 7.8 -2025-02-22
CVE-2024-47896 GPU DDK - rgxfw_hwr_log_info OOB write via psHWRInfoBuf->ui32WriteIndex — Graphics DDK 7.8 -2025-02-22
CVE-2024-49840 Use of Out-of-range Pointer Offset in WLAN Windows Host — Snapdragon 7.8 High2025-02-03
CVE-2024-45573 Use of Out-of-range Pointer Offset in Display — Snapdragon 7.8 High2025-02-03
CVE-2024-47900 GPU DDK - Multiple integer overflow in DmaTransfer PMR_DevPhysAddr functions leading to OOB writes — Graphics DDK 7.1 -2025-01-31
CVE-2024-52938 GPU DDK - rgxfw_pm_add_freelist_for_reconstruction OOB write — Graphics DDK 7.8 -2025-01-13
CVE-2024-52937 GPU DDK - rgxfw_kernel_CMD_DISABLE_ZSSTORE OOB write via ui32WriteOffsetOfDisableZSStore — Graphics DDK 7.8 -2025-01-13
CVE-2024-52936 GPU DDK - rgxfw_hwperf_config OOB read & write — Graphics DDK 7.8 -2025-01-13
CVE-2024-52935 GPU DDK - psContext->eDM gives OOB write — Graphics DDK 7.8 -2025-01-13
CVE-2024-47895 GPU DDK - OOB read into fwlog due to unchecked block count — Graphics DDK 5.5 -2025-01-13
CVE-2024-47894 GPU DDK - Out of bounds read into fwlog due to unchecked loop bounds — Graphics DDK 5.5 -2025-01-13

Vulnerabilities classified as CWE-823 (使用越界的指针偏移) represent 86 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.