🌐
Security Database
security-database.com › cwe.php
CWE-131 - Security Database
It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be. So if the user ever requests MAX_NUM_WIDGETS, there is an off-by-one buffer overflow (CWE-193) when the NULL is assigned.
🌐
CVE Details
cvedetails.com › vulnerability-list.php
Security vulnerabilities, CVEs, related to CWE-131
CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.
🌐
GitHub
github.com › wcventure › Static-Analysis-Rules › blob › master › Summary of static analysis in C & C++ › checkingRules › error_mismatchSize_CWE131.md
Static-Analysis-Rules/Summary of static analysis in C & C++/checkingRules/error_mismatchSize_CWE131.md at master · wcventure/Static-Analysis-Rules
<error id="mismatchSize" severity="error" msg="The allocated size sz is not a multiple of the underlying type&apos;s size." verbose="The allocated size sz is not a multiple of the underlying type&apos;s size." cwe="131"/>
Author   wcventure
🌐
HackerOne
hackerone.com › hacktivity › cwe_discovery
CWE-131
It looks like your JavaScript is disabled. To use HackerOne, enable JavaScript in your browser and refresh this page
🌐
CVE Details
cvedetails.com › vulnerability-list › cweid-131 › vulnerabilities.html
Security vulnerabilities, CVEs,
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries · In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit ...
Find elsewhere
🌐
Mondoo
mondoo.com › vulnerability-intelligence › cwe › CWE-131
CWE-131: Incorrect Calculation of Buffer Size
Font rendering library does not properly handle assigning a signed short value to an unsigned long (CWE-195), leading to an integer wraparound (CWE-190), causing too small of a buffer (CWE-131), leading to an out-of-bounds write (CWE-787).CVE-2020-17087
🌐
Feedly
feedly.com › cve › cwe › 131
Incorrect Calculation of Buffer Size - CVEs - page 1
Welcome to Feedly CVEs — Research critical vulnerabilities (CVEs) with all the real-time and historical information you need to assess the risk to your organization. This free resource uses Feedly's AI to synthesize and analyze vulnerability information from across the web, including estimating ...
🌐
MITRE
cwe.mitre.org › data › published › cwe_v3.2.pdf pdf
CWE Version 3.2 - Common Weakness Enumeration
CWE-131: Incorrect Calculation of Buffer Size.................................................................................................
🌐
MITRE
cwe.mitre.org › data › published › cwe_v4.13.pdf pdf
CWE Version 4.13 - Common Weakness Enumeration - MITRE
CWE-131: Incorrect Calculation of Buffer Size.................................................................................................
🌐
NIST
nvd.nist.gov › vuln › categories
NVD CWE Slice
The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. Each individual CWE represents a single vulnerability type.
🌐
SciSpace
scispace.com › pdf › a-basic-cwe-121-buffer-overflow-effectiveness-test-suite-4ihw0ish60.pdf pdf
A Basic CWE-121 Buffer Overflow Effectiveness Test Suite
classified under CWEs 120, 123, or 131. We did not · use any of them since some may not be stack-based. The SRD also has 28 moderate sized cases ex- tracted [7] from applications, such as BIND and Send- mail. We did not use these since they were much bigger. 2.3. Stage 2: Run Tools on Test Cases · While collecting cases, we identified and installed ·