CWE · MITRE source
CWE-787Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SI-16 | Memory Protection | SI | Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2021-31755 KEV | 9.6 | 9.8 | 0.9396 | 2021-05-07 |
CVE-2021-20038 KEV | 9.6 | 9.8 | 0.9429 | 2021-12-08 |
CVE-2022-42475 KEV | 9.6 | 9.8 | 0.9398 | 2023-01-02 |
CVE-2023-34048 KEV | 9.6 | 9.8 | 0.9321 | 2023-10-25 |
CVE-2011-2462 KEV | 9.5 | 9.8 | 0.9152 | 2011-12-07 |
CVE-2015-3113 KEV | 9.5 | 9.8 | 0.9250 | 2015-06-23 |
CVE-2018-0171 KEV | 9.5 | 9.8 | 0.9267 | 2018-03-28 |
CVE-2019-5544 KEV | 9.5 | 9.8 | 0.9248 | 2019-12-06 |
CVE-2020-15999 KEV | 9.5 | 9.6 | 0.9291 | 2020-11-03 |
CVE-2021-35211 KEV | 9.5 | 9.0 | 0.9432 | 2021-07-14 |
CVE-2024-21762 KEV | 9.5 | 9.8 | 0.9268 | 2024-02-09 |
CVE-2018-0798 KEV | 9.4 | 8.8 | 0.9406 | 2018-01-10 |
CVE-2019-16928 KEV | 9.4 | 9.8 | 0.9002 | 2019-09-27 |
CVE-2019-11043 KEV | 9.4 | 8.7 | 0.9405 | 2019-10-28 |
CVE-2023-4863 KEV | 9.4 | 8.8 | 0.9408 | 2023-09-12 |
CVE-2025-0282 KEV | 9.4 | 9.0 | 0.9413 | 2025-01-08 |
CVE-2012-1889 KEV | 9.3 | 8.8 | 0.9312 | 2012-06-13 |
CVE-2013-3346 KEV | 9.3 | 9.8 | 0.8956 | 2013-08-30 |
CVE-2020-14871 KEV | 9.3 | 10.0 | 0.8887 | 2020-10-21 |
CVE-2021-21220 KEV | 9.3 | 8.8 | 0.9260 | 2021-04-26 |
CVE-2023-27997 KEV | 9.3 | 9.8 | 0.8890 | 2023-06-13 |
CVE-2008-2992 KEV | 9.2 | 7.8 | 0.9374 | 2008-11-04 |
CVE-2009-3953 KEV | 9.2 | 8.8 | 0.9051 | 2010-01-13 |
CVE-2010-3333 KEV | 9.2 | 7.8 | 0.9379 | 2010-11-10 |
CVE-2014-1761 KEV | 9.2 | 7.8 | 0.9334 | 2014-03-25 |