Skip to main content

CWE-124

Buffer Underwrite ('Buffer Underflow')

29 CVEs Avg CVSS 7.2 MITRE
4
CRITICAL
12
HIGH
11
MEDIUM
1
LOW
6
POC
0
KEV

Monthly

CVE-2026-44631 CRITICAL PATCH Act Now

Apache HTTP Server 2.4.0-2.4.67 has a buffer underwrite (CWE-124) in ap_regname, triggered by a crafted regular expression in the server configuration. The vendor (Apache) rates this Low severity. A separate CISA-ADP assessment assigned CVSS 9.8 using a network, unauthenticated vector that is inconsistent with the vendor description, because exploitation requires control over the httpd configuration. No public exploit and not in CISA KEV. Fixed in 2.4.68.

Information Disclosure Apache Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-36343 MEDIUM This Month

Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Amd Epyc 4004 Amd Epyc 4005 Amd Ryzen 6000 Series Processors With Radeon Graphics Amd Ryzen 7040 Series Mobile Processors With Radeon Graphics +13
NVD VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2026-34253 HIGH PATCH This Week

Buffer underflow in vorbis-tools 1.4.3's ogg123 utility allows remote attackers to crash the application or potentially execute code through malformed remote control input. The vulnerability achieves an EPSS score indicating moderate exploitation likelihood, with proof-of-concept code available according to SSVC assessment, though it has not been added to CISA's KEV catalog indicating no confirmed active exploitation.

RCE
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-5089 HIGH PATCH This Week

Buffer underflow in YAML::Syck for Perl versions before 1.38 allows remote unauthenticated attackers to trigger out-of-bounds memory reads when parsing specially crafted base60 (sexagesimal) YAML values. The vulnerability affects both integer and floating-point base60 handlers in perl_syck.h, where processing leftmost colon-separated segments causes a pointer to decrement past allocated buffer boundaries. EPSS exploitation probability is minimal (0.01%, 3rd percentile) with no active exploitation or public weaponized exploit identified. Vendor-released patch available in version 1.38, confirmed by CPANSec and upstream commit.

Buffer Overflow Yaml Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-41499 MEDIUM PATCH This Month

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse_uname_string() (remoted_op.c). This function processes OS identification data from agents and contains a dangerous code pattern that appears in 4 locations within the same function: writing to strlen(ptr) - 1 without checking for empty strings. When the string is empty, strlen() returns 0, and 0 - 1 wraps to SIZE_MAX due to unsigned integer underflow. Due to pointer arithmetic wrapping, SIZE_MAX effectively becomes -1, causing a write exactly 1 byte before the allocated buffer. This corrupts heap metadata (e.g., the chunk size field in glibc malloc), leading to heap corruption. This issue has been patched in version 4.14.4.

Buffer Overflow Wazuh
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26204 MEDIUM PATCH This Month

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. Due to unsigned integer underflow and pointer arithmetic wrapping, the write lands at offset -1 from the buffer, corrupting heap metadata. A malicious actor can potentially leverage this issue through a compromised agent to cause denial of service or heap corruption by injecting a specially crafted alert into the alerts log file monitored by wazuh-logcollector. This issue has been patched in version 4.14.4.

Buffer Overflow Denial Of Service Wazuh
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-0966 HIGH PATCH This Week

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon processes via malformed GSSAPI authentication OID payloads. The vulnerability affects the ssh_get_hexa() API function when processing zero-length input, exploitable remotely when GSSAPI authentication is enabled and logging verbosity is set to SSH_LOG_PATCH (level 3) or higher. Red Hat, Ubuntu, SUSE, and Debian have released patches (libssh 0.11.4 and 0.12.0). EPSS score of 0.09% and SSVC assessment indicate low real-world exploitation likelihood despite network attack vector, with no active exploitation confirmed. Ubuntu classified this as low priority, and CISA SSVC notes exploitation as 'none' but 'automatable' with partial impact.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-20104 MEDIUM This Month

This vulnerability in Cisco IOS XE Software bootloader affects Catalyst 9200, ESS9300, IE9310/9320, and IE3500/3505 series switches, allowing authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute arbitrary code at boot time and bypass the chain of trust. An attacker can manipulate loaded binaries to circumvent integrity checks during boot, enabling execution of non-Cisco-signed images. While the CVSS score is 6.1 (Medium), Cisco assigned it a High Security Impact Rating due to the critical nature of breaking the secure boot mechanism, a foundational security control.

Cisco RCE Apple
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28419 MEDIUM PATCH This Month

Vim versions prior to 9.2.0075 contain a heap buffer underflow in the tags file parser that triggers when processing malformed tag files with delimiters at line starts, potentially allowing local attackers with user interaction to read out-of-bounds memory and cause information disclosure or crashes. The vulnerability requires local file system access and user interaction to exploit, with a CVSS score of 5.3 indicating medium severity. A patch is available in Vim 9.2.0075 and later versions.

Heap Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-36310 Monitor

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.

Buffer Overflow
NVD
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Apache HTTP Server 2.4.0-2.4.67 has a buffer underwrite (CWE-124) in ap_regname, triggered by a crafted regular expression in the server configuration. The vendor (Apache) rates this Low severity. A separate CISA-ADP assessment assigned CVSS 9.8 using a network, unauthenticated vector that is inconsistent with the vendor description, because exploitation requires control over the httpd configuration. No public exploit and not in CISA KEV. Fixed in 2.4.68.

Information Disclosure Apache Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Amd Epyc 4004 Amd Epyc 4005 +15
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Buffer underflow in vorbis-tools 1.4.3's ogg123 utility allows remote attackers to crash the application or potentially execute code through malformed remote control input. The vulnerability achieves an EPSS score indicating moderate exploitation likelihood, with proof-of-concept code available according to SSVC assessment, though it has not been added to CISA's KEV catalog indicating no confirmed active exploitation.

RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Buffer underflow in YAML::Syck for Perl versions before 1.38 allows remote unauthenticated attackers to trigger out-of-bounds memory reads when parsing specially crafted base60 (sexagesimal) YAML values. The vulnerability affects both integer and floating-point base60 handlers in perl_syck.h, where processing leftmost colon-separated segments causes a pointer to decrement past allocated buffer boundaries. EPSS exploitation probability is minimal (0.01%, 3rd percentile) with no active exploitation or public weaponized exploit identified. Vendor-released patch available in version 1.38, confirmed by CPANSec and upstream commit.

Buffer Overflow Yaml Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse_uname_string() (remoted_op.c). This function processes OS identification data from agents and contains a dangerous code pattern that appears in 4 locations within the same function: writing to strlen(ptr) - 1 without checking for empty strings. When the string is empty, strlen() returns 0, and 0 - 1 wraps to SIZE_MAX due to unsigned integer underflow. Due to pointer arithmetic wrapping, SIZE_MAX effectively becomes -1, causing a write exactly 1 byte before the allocated buffer. This corrupts heap metadata (e.g., the chunk size field in glibc malloc), leading to heap corruption. This issue has been patched in version 4.14.4.

Buffer Overflow Wazuh
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. Due to unsigned integer underflow and pointer arithmetic wrapping, the write lands at offset -1 from the buffer, corrupting heap metadata. A malicious actor can potentially leverage this issue through a compromised agent to cause denial of service or heap corruption by injecting a specially crafted alert into the alerts log file monitored by wazuh-logcollector. This issue has been patched in version 4.14.4.

Buffer Overflow Denial Of Service Wazuh
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon processes via malformed GSSAPI authentication OID payloads. The vulnerability affects the ssh_get_hexa() API function when processing zero-length input, exploitable remotely when GSSAPI authentication is enabled and logging verbosity is set to SSH_LOG_PATCH (level 3) or higher. Red Hat, Ubuntu, SUSE, and Debian have released patches (libssh 0.11.4 and 0.12.0). EPSS score of 0.09% and SSVC assessment indicate low real-world exploitation likelihood despite network attack vector, with no active exploitation confirmed. Ubuntu classified this as low priority, and CISA SSVC notes exploitation as 'none' but 'automatable' with partial impact.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +4
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

This vulnerability in Cisco IOS XE Software bootloader affects Catalyst 9200, ESS9300, IE9310/9320, and IE3500/3505 series switches, allowing authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute arbitrary code at boot time and bypass the chain of trust. An attacker can manipulate loaded binaries to circumvent integrity checks during boot, enabling execution of non-Cisco-signed images. While the CVSS score is 6.1 (Medium), Cisco assigned it a High Security Impact Rating due to the critical nature of breaking the secure boot mechanism, a foundational security control.

Cisco RCE Apple
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vim versions prior to 9.2.0075 contain a heap buffer underflow in the tags file parser that triggers when processing malformed tag files with delimiters at line starts, potentially allowing local attackers with user interaction to read out-of-bounds memory and cause information disclosure or crashes. The vulnerability requires local file system access and user interaction to exploit, with a CVSS score of 5.3 indicating medium severity. A patch is available in Vim 9.2.0075 and later versions.

Heap Overflow Vim Red Hat +1
NVD GitHub VulDB
EPSS 0%
Monitor

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.

Buffer Overflow
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy