Linux kernel out of bounds read via Xen-related sysfs file

ISSUE DESCRIPTION The Linux sysfs file /sys/hypervisor/properties/buildid does not contain printable information, but a binary value of typically 16 or 20 bytes, which is not terminated by a zero byte. The kernel driver making this information available is using the sprintf function for writing t...

CVE-2026-24113

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of nptr. When this value is passed into the getMibPrefix function and concatenated using sprintf without proper size validation, it could lead to a buffer overflow vulnerabilit...

CVE-2026-24109

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of picName. When this value is used in sprintf without validating variable sizes, it could lead to a buffer overflow vulnerability...

CVE-2026-24108

The CVE-2026-24108 vulnerability affects Tenda W20E devices in version V4.0br_V15.11.0.6. The root cause is a buffer overflow triggered when an attacker-controlled value (nptr) is passed to getMibPrefix and concatenated via sprintf without proper size validation. This could allow an overflow, lea...

UBUNTU-CVE-2020-37182

Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in...

EUVD-2025-200236

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated in...

PT-2025-48670

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists due to insufficient input validation. The GetParametermeter function retrieves user-supplied input, specifically the meter parameter, and copies it...

Ubuntu 16.04 LTS : Libspf2 vulnerabilities (USN-6584-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6584-2 advisory. USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 and...

CVE-2024-22667

Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions...

Debian DLA-2890-1 : libspf2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2890 advisory. - libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail messag...

CVE-2021-33912

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of incorrect sprintf usage in SPFrecordexpanddata in spfexpand.c...

CVE-2021-33912

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of incorrect sprintf usage in SPFrecordexpanddata in spfexpand.c...

cscope -- buffer overflow vulnerabilities

Jason Duell reports: Cscope contains an alarming number of buffer overflow vulnerabilities. By a rough count, there are at least 48 places where we blindly sprintf a file name into a fixed-length buffer of size PATHLEN without checking to see if the file's name is = PATHLEN. We do similar things...