CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Abstraction: Base · CVEs in our corpus: 4,126

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Last updated: 19 May 2026 13:12 UTC

NIST 800-53 r5 controls that address this weakness (1)AI

Control	Title	Family	Why it addresses this CWE
`SC-27`	Platform-independent Applications	SC	Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2017-7269` KEV UPD	9.6	9.8	0.9443	2017-03-27
`CVE-2020-15999` KEV	9.5	9.6	0.9291	2020-11-03
`CVE-2016-10174` KEV UPD	9.4	9.8	0.9107	2017-01-30
`CVE-2019-11043` KEV	9.4	8.7	0.9405	2019-10-28
`CVE-2016-6366` KEV UPD	9.2	8.8	0.9121	2016-08-18
`CVE-2007-5659` KEV UPD	9.1	7.8	0.9287	2008-02-12
`CVE-2018-6789` KEV	9.1	9.8	0.8644	2018-02-08
`CVE-2016-0099` KEV UPD	9.0	7.8	0.9044	2016-03-09
`CVE-2013-1331` KEV UPD	8.9	7.8	0.8892	2013-06-12
`CVE-2020-15069` KEV	8.9	9.8	0.8257	2020-06-29
`CVE-2013-0641` KEV UPD	8.8	7.8	0.8796	2013-02-14
`CVE-2022-37055` KEV	8.8	9.8	0.8048	2022-08-28
`CVE-2023-41064` KEV	8.7	7.8	0.8535	2023-09-07
`CVE-2006-2492` KEV	8.5	8.8	0.7906	2006-05-20
`CVE-2010-2572` KEV UPD	8.0	7.8	0.7472	2010-11-10
`CVE-2022-37434`	7.5	9.8	0.9254	2022-08-05
`CVE-2019-16724`	7.1	9.8	0.8573	2019-09-24
`CVE-2020-8012`	7.0	9.8	0.8389	2020-02-18
`CVE-2017-15222`	6.9	9.8	0.8159	2017-10-24
`CVE-2019-12255`	6.8	9.8	0.8015	2019-08-09
`CVE-2020-11984`	6.7	9.8	0.7968	2020-08-07
`CVE-2010-5333`	6.6	9.8	0.7702	2019-09-13
`CVE-2009-0182` UPD	6.5	8.8	0.7902	2009-01-20
`CVE-2017-6862` KEV UPD	6.5	9.8	0.4311	2017-05-26
`CVE-2019-12518`	6.5	9.8	0.7484	2019-12-02