Vulnerabilities (CVE)

Filtered by CWE-195
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-25388 2024-08-01 N/A 8.4 HIGH
drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow.
CVE-2023-33034 1 Qualcomm 128 Apq5053-aa, Apq5053-aa Firmware, Csra6620 and 125 more 2024-04-12 N/A 7.8 HIGH
Memory corruption while parsing the ADSP response command.
CVE-2020-6096 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Glibc 2024-02-28 6.8 MEDIUM 8.1 HIGH
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.