CWE · MITRE source
CWE-805Buffer Access with Incorrect Length Value
The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
When the length value exceeds the size of the destination, a buffer overflow could occur.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: mostly · 8 mapping(s) from 3 framework(s): ATT&CK 5 (mostly) · CAPEC 2 (partial) · ASVS 5.0 1 (mostly)
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2020-14509 | 7.0 | 9.8 | 0.0203 | 2020-09-16 |
CVE-2026-31607 UPD | 7.0 | 9.8 | 0.0031 | 2026-04-24 |
CVE-2026-8091 UPD | 7.0 | 9.8 | 0.0044 | 2026-05-07 |
CVE-2026-12087 | 7.0 | 9.1 | 0.0039 | 2026-06-15 |
CVE-2020-16101 | 5.5 | 7.5 | 0.0104 | 2020-09-15 |
CVE-2021-3581 | 5.5 | 7.0 | 0.0034 | 2021-10-05 |
CVE-2021-31885 | 5.5 | 7.5 | 0.0120 | 2021-11-09 |
CVE-2022-0519 | 5.5 | 7.1 | 0.0095 | 2022-02-08 |
CVE-2023-20049 | 5.5 | 8.6 | 0.0105 | 2023-03-09 |
CVE-2022-47375 | 5.5 | 7.5 | 0.0072 | 2023-12-12 |
CVE-2023-52557 | 5.5 | 7.5 | 0.0056 | 2024-03-01 |
CVE-2023-5396 | 5.5 | 7.4 | 0.0071 | 2024-04-17 |
CVE-2024-24851 | 5.5 | 7.5 | 0.0142 | 2024-05-28 |
CVE-2024-37305 | 5.5 | 8.2 | 0.0045 | 2024-06-17 |
CVE-2025-20169 | 5.5 | 7.7 | 0.0072 | 2025-02-05 |
CVE-2025-20170 | 5.5 | 7.7 | 0.0072 | 2025-02-05 |
CVE-2025-20174 | 5.5 | 7.7 | 0.0071 | 2025-02-05 |
CVE-2025-20175 | 5.5 | 7.7 | 0.0071 | 2025-02-05 |
CVE-2025-21591 | 5.5 | 7.4 | 0.0030 | 2025-04-09 |
CVE-2025-30651 | 5.5 | 7.5 | 0.0037 | 2025-04-09 |
CVE-2025-20191 UPD | 5.5 | 7.4 | 0.0020 | 2025-05-07 |
CVE-2025-20202 UPD | 5.5 | 7.4 | 0.0019 | 2025-05-07 |
CVE-2025-23318 UPD | 5.5 | 8.1 | 0.0064 | 2025-08-06 |
CVE-2025-23319 UPD | 5.5 | 8.1 | 0.0153 | 2025-08-06 |
CVE-2025-38743 UPD | 5.5 | 7.8 | 0.0014 | 2025-08-21 |