Home/CWE/Improper Restriction of Operations within the Bounds of a Memory Buffer
Weakness

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119 · Class · Stable

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-118 · Incorrect Access of Indexable Resource ('Range Error')
ChildOfCWE-20 · Improper Input Validation
Children (more specific)
ParentOfCWE-120 · Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ParentOfCWE-123 · Write-what-where Condition
ParentOfCWE-125 · Out-of-bounds Read
ParentOfCWE-130 · Improper Handling of Length Parameter Inconsistency
ParentOfCWE-466 · Return of Pointer Value Outside of Expected Range
ParentOfCWE-786 · Access of Memory Location Before Start of Buffer
ParentOfCWE-787 · Out-of-bounds Write
ParentOfCWE-788 · Access of Memory Location After End of Buffer
ParentOfCWE-805 · Buffer Access with Incorrect Length Value
ParentOfCWE-822 · Untrusted Pointer Dereference
ParentOfCWE-823 · Use of Out-of-range Pointer Offset
ParentOfCWE-824 · Access of Uninitialized Pointer
ParentOfCWE-825 · Expired Pointer Dereference

Attack Patterns (CAPEC)

12
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-10Buffer Overflow via Environment Variables
CAPEC-100Overflow Buffers
CAPEC-123Buffer Manipulation
CAPEC-14Client-side Injection-induced Buffer Overflow
CAPEC-24Filter Failure through Buffer Overflow
CAPEC-42MIME Conversion
CAPEC-44Overflow Binary Resource File
CAPEC-45Buffer Overflow via Symbolic Links
CAPEC-46Overflow Variables and Tags
CAPEC-47Buffer Overflow via Parameter Expansion
CAPEC-8Buffer Overflow in an API Call
CAPEC-9Buffer Overflow in Local Command-Line Utilities

CVEs With This Weakness

14,168
A sample of the 14,168 CVEs tagged with this weakness.
CVECVE-2026-8836
CVECVE-2026-8780
CVECVE-2026-8779
CVECVE-2026-8776
CVECVE-2026-8775
CVECVE-2026-8764
CVECVE-2026-8746
CVECVE-2026-8733
CVECVE-2026-8556
CVECVE-2026-8545
CVECVE-2026-8391
CVECVE-2026-8389

Nuclei Scanner Templates

10
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
criticalCisco Small Business RV Series - OS Command Injection
criticalWindows Server 2003 & IIS 6.0 - Remote Code Execution
criticalXiongMai uc-httpd 1.0.0 - Buffer Overflow
criticalMicrosoft SMBv3 - Remote Code Execution
criticalOracle WebLogic Server Java Object Deserialization - Remote Code Execution
criticalTitan FTP Server 6.05 DELE Command - Heap Overflow
criticalTitan FTP Server 6.03 and 6.0.5.549 - Heap Overflow via Long Commands
highPowerDNS Authoritative Server - Denial of Service
highApache HTTP Server - NULL Pointer Dereference
highCitrix Bleed - Leaking Session Tokens
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin