| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-25645 |
319 |
|
|
2020-10-13 |
2021-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. |
|
2 |
CVE-2020-16166 |
200 |
|
+Info |
2020-07-30 |
2021-06-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. |
|
3 |
CVE-2020-16120 |
269 |
|
|
2021-02-10 |
2021-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11. |
|
4 |
CVE-2020-15862 |
269 |
|
|
2020-08-20 |
2020-09-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. |
|
5 |
CVE-2020-15707 |
362 |
|
Exec Code Overflow Bypass |
2020-07-29 |
2021-05-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. |
|
6 |
CVE-2020-15706 |
362 |
|
Exec Code Bypass |
2020-07-29 |
2021-05-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. |
|
7 |
CVE-2020-15705 |
347 |
|
Bypass |
2020-07-29 |
2021-05-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. |
|
8 |
CVE-2020-14392 |
119 |
|
Overflow Mem. Corr. |
2020-09-16 |
2020-09-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. |
|
9 |
CVE-2020-14355 |
120 |
|
Exec Code Overflow |
2020-10-07 |
2020-12-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. |
|
10 |
CVE-2020-14345 |
119 |
|
Overflow |
2020-09-15 |
2021-01-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
11 |
CVE-2020-13254 |
295 |
|
|
2020-06-03 |
2021-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
|
12 |
CVE-2020-12352 |
200 |
|
+Info |
2020-11-23 |
2021-04-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
|
13 |
CVE-2020-12049 |
404 |
|
|
2020-06-08 |
2021-03-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. |
|
14 |
CVE-2020-11565 |
787 |
|
|
2020-04-06 |
2020-06-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”. |
|
15 |
CVE-2020-10732 |
200 |
|
+Info |
2020-06-12 |
2021-01-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. |
|
16 |
CVE-2020-7595 |
835 |
|
|
2020-01-21 |
2021-04-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. |
|
17 |
CVE-2020-7070 |
565 |
|
|
2020-10-02 |
2021-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. |
|
18 |
CVE-2020-7069 |
326 |
|
|
2020-10-02 |
2021-06-14 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. |
|
19 |
CVE-2020-7065 |
787 |
|
Exec Code Mem. Corr. |
2020-04-01 |
2020-10-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. |
|
20 |
CVE-2020-7064 |
125 |
|
|
2020-04-01 |
2021-02-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. |
|
21 |
CVE-2020-5312 |
120 |
|
Overflow |
2020-01-03 |
2020-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. |
|
22 |
CVE-2020-1472 |
269 |
|
|
2020-08-17 |
2021-06-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. |
|
23 |
CVE-2020-0543 |
200 |
|
+Info |
2020-06-15 |
2020-11-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
24 |
CVE-2019-1010305 |
119 |
|
Overflow |
2019-07-15 |
2019-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. |
|
25 |
CVE-2019-1000018 |
77 |
|
Exec Code |
2019-02-04 |
2021-05-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission. |
|
26 |
CVE-2019-20907 |
20 |
|
|
2020-07-13 |
2021-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. |
|
27 |
CVE-2019-20810 |
772 |
|
|
2020-06-03 |
2020-09-15 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. |
|
28 |
CVE-2019-20367 |
125 |
|
|
2020-01-08 |
2021-04-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). |
|
29 |
CVE-2019-20079 |
416 |
|
|
2019-12-30 |
2020-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. |
|
30 |
CVE-2019-19956 |
772 |
|
|
2019-12-24 |
2021-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. |
|
31 |
CVE-2019-19816 |
787 |
|
|
2019-12-17 |
2021-03-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. |
|
32 |
CVE-2019-19813 |
416 |
|
|
2019-12-17 |
2021-03-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. |
|
33 |
CVE-2019-19807 |
416 |
|
|
2019-12-15 |
2020-01-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. |
|
34 |
CVE-2019-19529 |
416 |
|
|
2019-12-03 |
2020-08-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. |
|
35 |
CVE-2019-19462 |
476 |
|
DoS |
2019-11-30 |
2021-01-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. |
|
36 |
CVE-2019-19318 |
416 |
|
|
2019-11-28 |
2021-03-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, |
|
37 |
CVE-2019-19083 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1. |
|
38 |
CVE-2019-19082 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad. |
|
39 |
CVE-2019-19068 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. |
|
40 |
CVE-2019-19066 |
401 |
|
DoS |
2019-11-18 |
2021-06-14 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. |
|
41 |
CVE-2019-19063 |
401 |
|
DoS |
2019-11-18 |
2021-06-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. |
|
42 |
CVE-2019-19062 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. |
|
43 |
CVE-2019-19058 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. |
|
44 |
CVE-2019-19056 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932. |
|
45 |
CVE-2019-19045 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7. |
|
46 |
CVE-2019-18809 |
401 |
|
DoS |
2019-11-07 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. |
|
47 |
CVE-2019-18660 |
200 |
|
+Info |
2019-11-27 |
2020-01-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. |
|
48 |
CVE-2019-18609 |
190 |
|
Overflow Mem. Corr. |
2019-12-01 |
2020-03-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer. |
|
49 |
CVE-2019-18408 |
416 |
|
|
2019-10-24 |
2019-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. |
|
50 |
CVE-2019-18197 |
416 |
|
|
2019-10-18 |
2020-08-24 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. |
