CWE-118 (Incorrect Access of Indexable Resource ('Range Error')) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2025-54628 | 2025-08-05 | Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-48902 | 2025-06-06 | Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-43524 | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2023-37923 | 2024-01-08 | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to op… |
| CVE-2023-37922 | 2024-01-08 | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to op… |
| CVE-2023-37921 | 2024-01-08 | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to op… |
| CVE-2023-0201 | 2023-04-21 | NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service,… |
| CVE-2022-38072 | 2023-04-03 | An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buff… |
| CVE-2022-36402 | 2022-09-16 | An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows … |
| CVE-2020-3369 | 2020-07-16 | A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected dev… |
| CVE-2020-3235 | 2020-06-03 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacke… |
| CVE-2019-6130 | 2019-01-11 | Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg… |
| CVE-2016-10495 | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range. |
| CVE-2015-9142 | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/… |
| CVE-2018-7530 | 2018-04-17 | Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer ver… |
| CVE-2015-2004 | 2018-03-29 | The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacke… |
| CVE-2015-2003 | 2018-03-29 | The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-c… |
| CVE-2015-2002 | 2018-03-29 | The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-contr… |
| CVE-2015-2001 | 2018-03-29 | The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer … |
| CVE-2015-2000 | 2018-03-29 | The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to … |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Description, Name, Relationships |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Description |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Name |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Relationships |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Relationships |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Relationships |
| 2017-05-03 | CWE Content Team | 2.11 | — | updated Name, Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Applicable_Platforms, Relationships, Time_of_Introduction |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships, Time_of_Introduction |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |