CWE-1260 – Improper Handling of Overlap Between Protected Memory Ranges | Common Weakness Enumeration (CWE)

Overview

CWE-1260 (Improper Handling of Overlap Between Protected Memory Ranges) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product allows address regions to overlap, which can result in the bypassing of intended memory protection.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	Memory Hardware	—	Undetermined	—
technology	Processor Hardware	—	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2018-25240	2026-04-04	Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste…
CVE-2018-25238	2026-04-04	VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can pa…
CVE-2019-25602	2026-03-22	GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer …
CVE-2019-25592	2026-03-22	PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste …
CVE-2019-25585	2026-03-22	Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffe…
CVE-2019-25572	2026-03-21	NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a …
CVE-2019-25570	2026-03-21	RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers c…
CVE-2019-25559	2026-03-21	SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attacke…
CVE-2025-29948	2026-02-10	Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory inte…
CVE-2025-0012	2026-02-10	Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in …
CVE-2025-22889	2025-08-12	Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local…
CVE-2025-1937	2025-03-04	Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that wi…
CVE-2024-4778	2024-05-14	Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.…
CVE-2022-27813	2023-10-19	Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to en…
CVE-2019-1164	2019-08-14	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in…

Content submission

Name: Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
Organization: Intel Corporation
Date: 2020-02-10
Version: 4.1

Content modifications

Date	Name	Version	Importance	Comment
2020-08-20	CWE Content Team	4.2	—	updated Demonstrative_Examples, Description, Modes_of_Introduction, Related_Attack_Patterns
2020-12-10	CWE Content Team	4.3	—	updated Maintenance_Notes
2021-10-28	CWE Content Team	4.6	—	updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Observed_Examples, Relationships, Weakness_Ordinalities
2022-04-28	CWE Content Team	4.7	—	updated Applicable_Platforms, Related_Attack_Patterns
2022-06-28	CWE Content Team	4.8	—	updated Applicable_Platforms
2023-01-31	CWE Content Team	4.10	—	updated Related_Attack_Patterns
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Demonstrative_Examples, Mapping_Notes, References
2025-09-09	CWE Content Team	4.18	—	updated Relationships

Contributions

Type	Name	Date	Comment
Feedback	Narasimha Kumar V Mangipudi	2021-10-20	suggested content improvements
Content	Hareesh Khattri	2021-10-22	suggested observed examples
Content	Shaza Zeitouni, Mohamadreza Rostami, Pouya Mahmoody, Ahmad-Reza Sadeghi	2023-06-21	suggested demonstrative example
Content	Rahul Kande, Chen Chen, Jeyavijayan Rajendran	2023-06-21	suggested demonstrative example