CWE-131(Incorrect Calculation of Buffer Size)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Memory-Unsafe | Undetermined | — |
| language | C | — | Undetermined | — |
| language | C++ | — | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-46521 | 2026-06-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bound… |
| CVE-2026-11604 | 2026-06-10 | An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kerne… |
| CVE-2026-49841 | 2026-06-09 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version … |
| CVE-2026-42915 | 2026-06-09 | Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network. |
| CVE-2026-40618 | 2026-05-13 | When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacce… |
| CVE-2026-44223 | 2026-05-12 | vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect sha… |
| CVE-2026-43302 | 2026-05-08 | In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occas… |
| CVE-2026-43107 | 2026-05-06 | In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_… |
| CVE-2026-41676 | 2026-04-24 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out leng… |
| CVE-2026-1949 | 2026-04-24 | Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. |
| CVE-2026-41197 | 2026-04-23 | Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can in… |
| CVE-2026-29645 | 2026-04-20 | NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding… |
| CVE-2026-27820 | 2026-04-16 | zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zs… |
| CVE-2026-40918 | 2026-04-15 | A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-boun… |
| CVE-2026-20911 | 2026-04-07 | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer over… |
| CVE-2026-33987 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before wi… |
| CVE-2026-33986 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the realloc… |
| CVE-2026-33985 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker… |
| CVE-2026-33984 | 2026-03-30 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the … |
| CVE-2025-33216 | 2026-03-24 | NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A success… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Potential_Mitigations, Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Applicable_Platforms, Maintenance_Notes, Relationships, Taxonomy_Mappings, Type |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Relationships |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Relationships, Taxonomy_Mappings |
| 2009-12-28 | CWE Content Team | 1.7 | — | updated Demonstrative_Examples, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Maintenance_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Common_Consequences, Detection_Factors, Potential_Mitigations, References |
| 2010-09-27 | CWE Content Team | 1.10 | — | updated Potential_Mitigations |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Potential_Mitigations |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Maintenance_Notes |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Relationships |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Demonstrative_Examples, Potential_Mitigations, References, Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2013-02-21 | CWE Content Team | 2.4 | — | updated Demonstrative_Examples |
| 2013-07-17 | CWE Content Team | 2.5 | — | updated References |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Potential_Mitigations, References |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Detection_Factors, Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Likelihood_of_Exploit, References, Taxonomy_Mappings |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Demonstrative_Examples, Potential_Mitigations |
| 2022-06-28 | CWE Content Team | 4.8 | — | updated Observed_Examples |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated References |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Potential_Mitigations, References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Observed_Examples |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Affected_Resources, Detection_Factors, Functional_Areas, Potential_Mitigations, References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Detection_Factors, Observed_Examples, References, Weakness_Ordinalities |