Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-823 (使用越界的指针偏移) — Vulnerability Class 86

86 vulnerabilities classified as CWE-823 (使用越界的指针偏移). AI Chinese analysis included.

CWE-823 represents a critical memory safety weakness where software executes pointer arithmetic using an offset that exceeds the bounds of the intended memory region. This flaw typically arises when developers fail to validate calculated addresses against the allocated buffer’s limits, allowing the resulting pointer to reference unauthorized or uninitialized memory locations. Attackers exploit this vulnerability to trigger out-of-bounds reads or writes, potentially leading to information disclosure, application crashes, or arbitrary code execution by overwriting adjacent memory structures. To mitigate this risk, developers must rigorously enforce boundary checks before performing any pointer arithmetic operations. Implementing static analysis tools and dynamic memory sanitizers helps detect invalid offsets during testing, while adhering to safe programming practices ensures that all pointer calculations remain strictly within the allocated memory footprint, thereby preserving application integrity and preventing exploitation.

MITRE CWE Description
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. While a pointer can contain a reference to any arbitrary memory location, a program typically only intends to use the pointer to access limited portions of memory, such as contiguous memory used to access an individual array. Programs may use offsets in order to access fields or sub-elements stored within structured data. The offset might be out-of-range if it comes from an untrusted source, is the result of an incorrect calculation, or occurs because of another error. If an attacker can control or influence the offset so that it points outside of the intended boundaries of the structure, then the attacker may be able to read or write to memory locations that are used elsewhere in the product. As a result, the attack might change the state of the product as accessed through program variables, cause a crash or instable behavior, and possibly lead to code execution.
Common Consequences (3)
ConfidentialityRead Memory
If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory.
AvailabilityDoS: Crash, Exit, or Restart
If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is "malformed" or larger than expected by a read or write operation, the application may terminate unexpectedly.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands, Modify Memory
If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible.
CVE IDTitleCVSSSeverityPublished
CVE-2024-33041 Use of Out-of-range Pointer Offset in Computer Vision — Snapdragon 6.7 Medium2025-01-06
CVE-2024-33036 Use of Out-of-range Pointer Offset in Camera Driver — Snapdragon 6.7 Medium2024-12-02
CVE-2017-11076 Use of Out-of-range Pointer Offset in Video — Snapdragon 8.8 Critical2024-11-26
CVE-2024-42391 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web Server 4.3 Medium2024-11-18
CVE-2024-42390 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web Server 4.3 Medium2024-11-18
CVE-2024-42389 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web Server 5.3 Medium2024-11-18
CVE-2024-42388 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web Server 5.3 Medium2024-11-18
CVE-2024-42387 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web Server 5.3 Medium2024-11-18
CVE-2024-42386 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web Server 8.2 High2024-11-18
CVE-2024-42383 Use of Out-of-range Pointer Offset in Mongoose Web Server library — Mongoose Web Server 4.2 Medium2024-11-18
CVE-2024-23377 Use of Out-of-range Pointer Offset in ComputerVision — Snapdragon 6.7 Medium2024-11-04
CVE-2024-21475 Use of Out-of-range Pointer Offset in Video — Snapdragon 7.8 High2024-05-06
CVE-2024-1013 Unixodbc: out of bounds stack write due to pointer-to-integer types conversion — Red Hat Enterprise Linux 6 7.8 High2024-03-18
CVE-2023-43553 Use of Out-of-range Pointer Offset in WLAN HOST — Snapdragon 9.8 Critical2024-03-04
CVE-2023-33066 Use of Out-of-range Pointer Offset in Audio — Snapdragon 8.4 High2024-03-04
CVE-2023-43534 Use of Out-of-range Pointer Offset in WLAN HOST — Snapdragon 8.6 High2024-02-06
CVE-2023-43516 Use of out-of-range pointer offset in Video — Snapdragon 7.8 High2024-02-06
CVE-2023-43513 Use of Out-of-range Pointer Offset in PCIe — Snapdragon 7.8 High2024-02-06
CVE-2023-33067 Use of Out-of-range Pointer Offset in Audio — Snapdragon 6.7 Medium2024-02-06
CVE-2023-33110 Use of Out-of-range Pointer Offset in Audio — Snapdragon 7.8 High2024-01-02
CVE-2023-33033 Use of Out-of-range Pointer Offset in Audio — Snapdragon 8.4 High2024-01-02
CVE-2023-6560 Kernel: io_uring out of boundary memory access in __io_uaddr_map() — kernel 5.5 Medium2023-12-08
CVE-2023-33106 Use of Out-of-range Pointer Offset in Graphics — Snapdragon 8.4 High2023-12-05
CVE-2023-33079 Use of Out-of-range Pointer Offset in Audio — Snapdragon 7.8 High2023-12-05
CVE-2023-22388 Use of Out-of-range Pointer Offset in Multi-mode Call Processor — Snapdragon 9.8 Critical2023-11-07
CVE-2023-24855 Use of Out-of-range Pointer Offset in Modem — Snapdragon 9.8 Critical2023-10-03
CVE-2023-20187 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 8.6 High2023-09-27
CVE-2023-28564 Use of Out-of-range Pointer Offset in WLAN HAL — Snapdragon 7.8 High2023-09-05
CVE-2023-28575 Multiple Type Confusion Vulnerability — Snapdragon 6.7 Medium2023-08-08
CVE-2023-22387 Use of Out-of-range Pointer Offset in Qualcomm IPC — Snapdragon 7.8 High2023-07-04

Vulnerabilities classified as CWE-823 (使用越界的指针偏移) represent 86 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.