CWE · MITRE source
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: mostly · 19 mapping(s) from 3 framework(s): CAPEC 12 (partial) · ATT&CK 6 (partial) · ASVS 5.0 1 (mostly)
NIST 800-53 r5 controls that address this weakness (4)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SI-16 | Memory Protection | SI | Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution. |
SI-4 | System Monitoring | SI | Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior. |
SA-11 | Developer Testing and Evaluation | SA | Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release. |
SC-27 | Platform-independent Applications | SC | Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation. |
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2008-4250 KEV | 10.0 | 9.8 | 0.9875 | 2008-10-23 |
CVE-2008-0015 KEV | 10.0 | 8.8 | 0.7665 | 2009-07-07 |
CVE-2009-3459 KEV | 10.0 | 8.8 | 0.8647 | 2009-10-13 |
CVE-2010-3765 KEV | 10.0 | 9.8 | 0.8328 | 2010-10-28 |
CVE-2011-1889 KEV | 10.0 | 9.8 | 0.4837 | 2011-06-16 |
CVE-2012-2034 KEV | 10.0 | 7.5 | 0.0780 | 2012-06-09 |
CVE-2013-3660 KEV | 10.0 | 7.8 | 0.3958 | 2013-05-24 |
CVE-2013-1690 KEV | 10.0 | 8.8 | 0.6902 | 2013-06-26 |
CVE-2014-6332 KEV | 10.0 | 8.8 | 0.9500 | 2014-11-11 |
CVE-2014-8439 KEV | 10.0 | 8.8 | 0.2001 | 2014-11-25 |
CVE-2015-2360 KEV | 10.0 | 8.8 | 0.1496 | 2015-06-10 |
CVE-2015-2426 KEV | 10.0 | 8.8 | 0.8669 | 2015-07-20 |
CVE-2015-2546 KEV | 10.0 | 8.2 | 0.1093 | 2015-09-09 |
CVE-2016-7193 KEV | 10.0 | 7.8 | 0.5770 | 2016-10-14 |
CVE-2017-0022 KEV | 10.0 | 6.5 | 0.1807 | 2017-03-17 |
CVE-2017-0101 KEV | 10.0 | 7.8 | 0.5748 | 2017-03-17 |
CVE-2014-3931 KEV | 10.0 | 9.8 | 0.2657 | 2017-03-31 |
CVE-2017-6736 KEV | 10.0 | 8.8 | 0.7056 | 2017-07-17 |
CVE-2017-6737 KEV | 10.0 | 8.8 | 0.4263 | 2017-07-17 |
CVE-2017-6738 KEV | 10.0 | 8.8 | 0.1055 | 2017-07-17 |
CVE-2017-6739 KEV | 10.0 | 8.8 | 0.1055 | 2017-07-17 |
CVE-2017-6740 KEV | 10.0 | 8.8 | 0.1079 | 2017-07-17 |
CVE-2017-6742 KEV | 10.0 | 8.8 | 0.2142 | 2017-07-17 |
CVE-2017-6743 KEV | 10.0 | 8.8 | 0.1055 | 2017-07-17 |
CVE-2017-6744 KEV | 10.0 | 8.8 | 0.0716 | 2017-07-17 |