CWE-120(Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Memory-Unsafe | Undetermined | — |
| language | C | — | Often | — |
| language | C++ | — | Often | — |
| language | — | Assembly | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2019-25741 | 2026-06-04 | Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code.… |
| CVE-2019-25736 | 2026-06-04 | LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a … |
| CVE-2019-25735 | 2026-06-04 | AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Atta… |
| CVE-2019-25733 | 2026-06-04 | NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a … |
| CVE-2026-30652 | 2026-06-02 | A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an a… |
| CVE-2026-30650 | 2026-06-02 | A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-030… |
| CVE-2026-3871 | 2026-06-02 | A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-… |
| CVE-2026-3870 | 2026-06-02 | A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-… |
| CVE-2026-25277 | 2026-06-01 | Memory corruption while using Strongbox due to buffer overflow. |
| CVE-2026-28580 | 2026-06-01 | In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User… |
| CVE-2026-0056 | 2026-06-01 | In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. … |
| CVE-2018-25432 | 2026-06-01 | Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input fil… |
| CVE-2026-10275 | 2026-06-01 | A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation c… |
| CVE-2026-10164 | 2026-05-31 | A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. The manipulation of the argument Sha… |
| CVE-2026-10163 | 2026-05-31 | A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of th… |
| CVE-2026-10126 | 2026-05-30 | A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the … |
| CVE-2018-25426 | 2026-05-30 | WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers ca… |
| CVE-2018-25423 | 2026-05-30 | Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes… |
| CVE-2026-38426 | 2026-05-27 | Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() fun… |
| CVE-2025-12686 | 2026-05-27 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via u… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-08-01 | — | 1.0 | — | added/updated white box definitions |
| 2008-08-15 | — | 1.0 | — | Suggested OWASP Top Ten 2004 mapping |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities |
| 2008-10-10 | CWE Content Team | 1.1 | — | Changed name and description to more clearly emphasize the "classic" nature of the overflow. |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Alternate_Terms, Description, Name, Other_Notes, Terminology_Notes |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Other_Notes, Relationships, Taxonomy_Mappings |
| 2009-01-12 | CWE Content Team | 1.2 | — | updated Common_Consequences, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships |
| 2009-07-27 | CWE Content Team | 1.5 | — | updated Other_Notes, Potential_Mitigations, Relationships |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Common_Consequences, Relationships |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Demonstrative_Examples, Related_Attack_Patterns |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Common_Consequences, Potential_Mitigations, References |
| 2010-09-27 | CWE Content Team | 1.10 | — | updated Potential_Mitigations |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Potential_Mitigations |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Demonstrative_Examples, Description |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Relationships |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated References, Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Potential_Mitigations, References |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Detection_Factors, Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated References, Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Potential_Mitigations, Relationships |
| 2020-06-25 | CWE Content Team | 4.1 | — | updated Common_Consequences, Potential_Mitigations |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Alternate_Terms, Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Demonstrative_Examples, Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Demonstrative_Examples |
| 2021-07-20 | CWE Content Team | 4.5 | — | updated Potential_Mitigations |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated References |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Common_Consequences, Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Potential_Mitigations, References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Applicable_Platforms, Relationships |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Description, Detection_Factors, Diagram, Other_Notes, References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Detection_Factors, References, Terminology_Notes |
| 2026-01-21 | CWE Content Team | 4.19.1 | — | updated Relationships |