CWE · MITRE source
CWE-123Write-what-where Condition
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SI-16 | Memory Protection | SI | Write-what-where primitives are neutralized when the attacker cannot execute the memory they control. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2025-22225 KEV | 4.2 | 8.2 | 0.0998 | 2025-03-04 |
CVE-2024-42479 | 2.3 | 10.0 | 0.0568 | 2024-08-12 |
CVE-2015-8271 | 2.0 | 9.8 | 0.0118 | 2017-04-13 |
CVE-2014-5435 | 2.0 | 9.8 | 0.0143 | 2019-04-08 |
CVE-2021-38449 | 2.0 | 9.8 | 0.0027 | 2021-10-22 |
CVE-2022-38143 | 2.0 | 9.8 | 0.0072 | 2022-12-22 |
CVE-2025-69809 | 2.0 | 9.8 | 0.0007 | 2026-03-16 |
CVE-2022-41757 | 1.8 | 8.8 | 0.0047 | 2022-11-08 |
CVE-2024-36877 | 1.8 | 8.2 | 0.0344 | 2024-08-12 |
CVE-2025-9900 | 1.8 | 8.8 | 0.0004 | 2025-09-23 |
CVE-2025-62164 | 1.8 | 8.8 | 0.0019 | 2025-11-21 |
CVE-2020-2001 | 1.7 | 8.1 | 0.0152 | 2020-05-13 |
CVE-2020-7560 | 1.7 | 8.6 | 0.0042 | 2020-12-11 |
CVE-2024-2607 | 1.7 | 8.1 | 0.0145 | 2024-03-19 |
CVE-2024-44067 | 1.7 | 8.4 | 0.0005 | 2024-08-19 |
CVE-2017-6282 | 1.6 | 7.8 | 0.0001 | 2018-03-06 |
CVE-2018-12036 | 1.6 | 7.8 | 0.0018 | 2018-06-07 |
CVE-2018-16962 | 1.6 | 7.8 | 0.0013 | 2018-09-12 |
CVE-2018-3971 | 1.6 | 7.8 | 0.0002 | 2018-10-25 |
CVE-2020-16225 | 1.6 | 7.8 | 0.0021 | 2020-08-07 |
CVE-2021-42540 | 1.6 | 8.0 | 0.0022 | 2021-10-22 |
CVE-2022-40262 | 1.6 | 8.2 | 0.0006 | 2022-09-20 |
CVE-2022-35408 | 1.6 | 8.2 | 0.0008 | 2022-09-22 |
CVE-2021-45465 | 1.6 | 7.8 | 0.0004 | 2024-01-04 |
CVE-2024-20741 | 1.6 | 7.8 | 0.0015 | 2024-02-15 |