CVE-2018-3898

HIGH Year: 2018
CVSS v3 Score
8.3
High
CVSS v2 Score
5.1
Medium
Weakness Type
CWE-120
View all →

Vulnerability Description

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field.

Related Vulnerabilities

CVE-2018-3899

HIGH
CVSS:8.3(High)

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code exe...

CWE-1202018

CVE-2024-31225

HIGH
CVSS:8.3(High)

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a si...

CWE-1202024

CVE-1999-0038

HIGH
CVSS:8.4(High)

Buffer overflow in xlock program allows local users to execute commands as root.

CWE-1201999

CVE-2017-18779

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by a buffer overflow. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR...

CWE-1202017

CVE-2019-4014

HIGH
CVSS:8.4(High)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary c...

CWE-1202019

CVE-2019-4015

HIGH
CVSS:8.4(High)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary c...

CWE-1202019