CWE-120: Buffer Copy without Size Check
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Yearly Trend
Top Affected Vendors
All Buffer Copy without Size Check CVEs (1,146)
This is a critical buffer overflow vulnerability in Qualcomm's WPA MIC calculation that allows attackers to execute arbitrary code or cause denial of ...
Sep 8, 2020This CVE describes a critical buffer overflow vulnerability in firmware developed by Shenzhen Hichip Vision Technology, affecting millions of IoT devi...
Aug 10, 2020CVE-2020-11984 is a critical vulnerability in Apache HTTP Server's mod_proxy_uwsgi module that allows attackers to disclose sensitive information and ...
Aug 7, 2020A buffer overflow vulnerability in the web server of Siemens LOGO! 8 BM programmable logic controllers allows remote unauthenticated attackers to exec...
Jul 14, 2020A buffer overflow vulnerability in Siemens SICAM MMU, SGU, and T web applications allows attackers with network access to execute arbitrary code. This...
Jul 14, 2020This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Geovision Door Access Control devices via a buffe...
Jul 8, 2020A buffer overflow vulnerability in the TCP/IP function of Mitsubishi Electric GOT2000 series firmware allows remote attackers to crash network functio...
Jul 7, 2020A buffer overflow vulnerability in Vilo 5 Mesh WiFi System allows remote, unauthenticated attackers to execute arbitrary code by sending specially cra...
Oct 21, 2024A buffer overflow vulnerability in Vilo 5 Mesh WiFi System allows remote, unauthenticated attackers to execute arbitrary code by sending oversized PPP...
Oct 21, 2024A buffer overflow vulnerability in COMOS's Ptmcast executable allows attackers to execute arbitrary code or cause denial of service. This affects all ...
Nov 14, 2023CVE-2023-32722 is a critical buffer overflow vulnerability in Zabbix's JSON parsing module that allows remote code execution when processing malicious...
Oct 12, 2023This vulnerability affects multiple Siemens SCALANCE industrial network switches. An unauthenticated remote attacker can send specially crafted HTTP G...
Jul 12, 2022This vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected NETGEAR routers via a buffer overflow. It affects mul...
Dec 26, 2021This CVE describes a critical buffer overflow vulnerability in multiple NETGEAR router models that allows unauthenticated remote attackers to execute ...
Dec 26, 2021This CVE describes a post-authentication buffer overflow vulnerability in multiple NETGEAR routers, extenders, and WiFi systems. An authenticated atta...
Dec 26, 2021This CVE describes a memory corruption vulnerability in Qualcomm's hypervisor when platform information is not properly aligned. Successful exploitati...
Jun 3, 2024This vulnerability allows memory corruption in Qualcomm's TrustZone Secure OS during Tunnel Invoke Manager initialization. Attackers could potentially...
Jun 3, 2024This CVE describes a memory corruption vulnerability in Qualcomm Core components that could allow attackers to execute arbitrary code or cause denial ...
Feb 6, 2024This CVE describes a buffer overflow vulnerability in some Honor products that could allow attackers to execute arbitrary code. The vulnerability affe...
Dec 29, 2023CVE-2022-33288 is a critical buffer overflow vulnerability in Qualcomm's Core component that allows memory corruption when sending SCM commands to ret...
Apr 13, 2023CVE-2022-33232 is a critical buffer overflow vulnerability in Qualcomm memory sharing tests that allows attackers to execute arbitrary code or cause d...
Feb 12, 2023A buffer overflow vulnerability in QNAP HBS 3 Hybrid Backup Sync allows remote attackers to modify memory or crash processes. This affects all systems...
Mar 7, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending specially crafted HTTP requests that ...
Jan 14, 2025This CVE describes multiple buffer overflow vulnerabilities in the Wavlink AC3000 router's internet.cgi set_qos() function. An authenticated attacker ...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending specially crafted HTTP requests that ...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending a specially crafted HTTP request that...
Jan 14, 2025A buffer overflow vulnerability in the Wavlink AC3000 router's adm.cgi set_wzap() function allows authenticated attackers to execute arbitrary code vi...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending a specially crafted HTTP request that...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending a specially crafted HTTP request that...
Jan 14, 2025A buffer overflow vulnerability in the Wavlink AC3000 router's adm.cgi component allows authenticated attackers to execute arbitrary code via crafted ...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers by sending a specially crafted HTTP request that...
Jan 14, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 routers via a buffer overflow in the usbip.cgi component...
Jan 14, 2025A stack overflow vulnerability in the Linux kernel's BPF sockmap subsystem allows recursive function calls that can crash the system. This affects Lin...
May 21, 2024A buffer overflow vulnerability in Hikvision web browser plug-in allows attackers to send crafted messages to computers with this plug-in installed, p...
Nov 23, 2023This CVE describes a buffer overflow vulnerability in Huawei smartphones that affects Multi-Screen Collaboration functionality. Successful exploitatio...
Feb 25, 2022This CVE describes a buffer overflow and information disclosure vulnerability in certain HP OfficeJet Pro, PageWide Managed, and PageWide Pro printers...
Nov 9, 2021CVE-2021-30045 is a buffer overflow vulnerability in SerenityOS's EndOfCentralDirectory::read() function that allows attackers to execute arbitrary co...
Apr 6, 2021This vulnerability allows attackers to execute arbitrary code or cause denial of service by providing a specially crafted ELF file with an oversized f...
Dec 18, 2025NanoMQ versions before 0.24.4 contain a buffer overflow vulnerability when PUBLISH packets trigger both shared and vanilla subscriptions simultaneousl...
Dec 15, 2025A buffer overflow vulnerability in sngrep allows remote attackers to execute arbitrary code or cause denial of service through specially crafted SIP m...
Apr 10, 2024This vulnerability in WebKitGTK allows attackers to cause unexpected process crashes by exploiting improper memory handling when processing malicious ...
Dec 4, 2025CVE-2025-12970 is a buffer overflow vulnerability in Fluent Bit's in_docker input plugin that allows attackers who can create or control container nam...
Nov 24, 2025A buffer overflow vulnerability in Dell ControlVault3 and ControlVault3 Plus allows memory corruption via specially crafted API calls. Attackers could...
Nov 17, 2025A buffer overflow vulnerability in Dell ControlVault3 and ControlVault3 Plus allows attackers to execute arbitrary code through specially crafted API ...
Nov 17, 2025This vulnerability in MediaTek WLAN AP drivers allows attackers within wireless range to execute arbitrary code or escalate privileges without user in...
Oct 14, 2025A stack overflow vulnerability in ClickHouse allows authenticated malicious clients to trigger denial of service by sending specially crafted requests...
May 21, 2025A buffer overflow vulnerability in OpenHarmony v4.1.2 and earlier allows local attackers to escalate common permissions to root privileges and leak se...
Feb 7, 2025A buffer overflow vulnerability in Defense Platform Home Edition allows attackers to execute arbitrary code with SYSTEM privileges on Windows systems....
Feb 6, 2025This is a buffer overflow vulnerability in Silicon Labs Gecko OS that allows network-adjacent attackers to execute arbitrary code without authenticati...
Jan 31, 2025This buffer overflow vulnerability in ChargePoint Home Flex charging stations allows network-adjacent attackers to execute arbitrary code as root with...
Jan 31, 2025About Buffer Copy without Size Check (CWE-120)
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Our database tracks 1,146 CVEs classified as CWE-120, with 340 rated critical and 636 rated high severity. The average CVSS score for Buffer Copy without Size Check vulnerabilities is 8.2.
External reference: View CWE-120 on MITRE CWE →
Monitor Buffer Copy without Size Check Vulnerabilities
Get alerted when new Buffer Copy without Size Check CVEs affect your infrastructure.
Start Monitoring Free