CWE-786 (Access of Memory Location Before Start of Buffer) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Memory-Unsafe | Often | — |
| language | C | — | Often | — |
| language | C++ | — | Often | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-20058 | 2026-03-04 | Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. These vulnera… |
| CVE-2024-5700 | 2024-06-11 | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these coul… |
| CVE-2024-27840 | 2024-06-10 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1… |
| CVE-2024-27831 | 2024-06-10 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macO… |
| CVE-2024-27828 | 2024-06-10 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel … |
| CVE-2024-27808 | 2024-06-10 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content ma… |
| CVE-2023-46724 | 2023-11-01 | Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a … |
| CVE-2022-0522 | 2022-02-08 | Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. |
| CVE-2022-0351 | 2022-01-25 | Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Common_Consequences, Demonstrative_Examples, Taxonomy_Mappings |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Demonstrative_Examples |
| 2024-07-16 | CWE Content Team | 4.15 | — | updated Common_Consequences |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Applicable_Platforms |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Affected_Resources, Functional_Areas |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Detection_Factors, References, Time_of_Introduction, Weakness_Ordinalities |