Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11292 vulnerabilities reference this CWE, most recent first.

GHSA-2CHJ-3CFX-VF64

Vulnerability from github – Published: 2022-05-17 02:19 – Updated: 2022-05-17 02:19
VLAI
Details

The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-04T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.",
  "id": "GHSA-2chj-3cfx-vf64",
  "modified": "2022-05-17T02:19:51Z",
  "published": "2022-05-17T02:19:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12454"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21813"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CJM-J72P-VJ2Q

Vulnerability from github – Published: 2023-11-16 12:30 – Updated: 2023-11-16 12:30
VLAI
Details

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-16T10:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-2cjm-j72p-vj2q",
  "modified": "2023-11-16T12:30:21Z",
  "published": "2023-11-16T12:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44339"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CMQ-337M-F9XF

Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2022-01-14 00:03
VLAI
Details

There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-03T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-2cmq-337m-f9xf",
  "modified": "2022-01-14T00:03:20Z",
  "published": "2022-01-04T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39974"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/11"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2CR6-32M2-CXHC

Vulnerability from github – Published: 2023-12-15 21:30 – Updated: 2023-12-15 21:30
VLAI
Details

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-15T21:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.",
  "id": "GHSA-2cr6-32m2-cxhc",
  "modified": "2023-12-15T21:30:29Z",
  "published": "2023-12-15T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4020"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/069Vm0000004b95IAA"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk/releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CVC-XJMV-G6CJ

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-24 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in mt7925_mac_write_txwi_80211 in order to avoid a possible oob access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:35Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()\n\nCheck frame length before accessing the mgmt fields in\nmt7925_mac_write_txwi_80211 in order to avoid a possible oob access.",
  "id": "GHSA-2cvc-xjmv-g6cj",
  "modified": "2026-04-24T21:31:57Z",
  "published": "2026-03-25T12:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23363"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22a6419a8b955df81082285543be3e61816c49b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2831a8c574545101e6d0df50785fccb16474eb3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3356464e50e1ee15ba3c324ef6cc5a475c2e96e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c41a9abd6ae31d130e8f332e7c8800c4c866234b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CVV-CF8Q-CG2W

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14
VLAI
Details

The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13687"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-14T06:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().",
  "id": "GHSA-2cvv-cf8q-cg2w",
  "modified": "2022-05-13T01:14:02Z",
  "published": "2022-05-13T01:14:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13687"
    },
    {
      "type": "WEB",
      "url": "https://github.com/the-tcpdump-group/tcpdump/commit/866c60236c41cea1e1654c8a071897292f64be49"
    },
    {
      "type": "WEB",
      "url": "https://github.com/the-tcpdump-group/tcpdump/commit/a1eefe986065846b6c69dbc09afd9fa1a02c4a3d"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHEA-2018:0705"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-23"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208221"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3971"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039307"
    },
    {
      "type": "WEB",
      "url": "http://www.tcpdump.org/tcpdump-changes.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CWJ-7VFC-5VFH

Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33
VLAI
Details

Microsoft Office Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T02:04:30Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Office Remote Code Execution Vulnerability",
  "id": "GHSA-2cwj-7vfc-5vfh",
  "modified": "2024-12-12T03:33:04Z",
  "published": "2024-12-12T03:33:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49065"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49065"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CWR-JG52-59WR

Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-10 21:32
VLAI
Details

Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T19:17:18Z",
    "severity": "MODERATE"
  },
  "details": "Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-2cwr-jg52-59wr",
  "modified": "2026-03-10T21:32:15Z",
  "published": "2026-03-10T21:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27216"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2F23-FGRF-4R2H

Vulnerability from github – Published: 2026-07-09 12:30 – Updated: 2026-07-09 12:30
VLAI
Details

Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.

This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-58304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-09T11:16:41Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.\n\nThis issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.",
  "id": "GHSA-2f23-fgrf-4r2h",
  "modified": "2026-07-09T12:30:28Z",
  "published": "2026-07-09T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58304"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Samsung/escargot/issues/1573"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Samsung/escargot/pull/1580"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2F2R-5V47-WCR9

Vulnerability from github – Published: 2024-06-21 12:31 – Updated: 2025-09-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dma-mapping: benchmark: fix node id validation

While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to:

BUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214) Read of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971 CPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: dump_stack_lvl (lib/dump_stack.c:117) kasan_report (mm/kasan/report.c:603) kasan_check_range (mm/kasan/generic.c:189) variable_test_bit (arch/x86/include/asm/bitops.h:227) [inline] arch_test_bit (arch/x86/include/asm/bitops.h:239) [inline] _test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline] node_state (include/linux/nodemask.h:423) [inline] map_benchmark_ioctl (kernel/dma/map_benchmark.c:214) full_proxy_unlocked_ioctl (fs/debugfs/file.c:333) __x64_sys_ioctl (fs/ioctl.c:890) do_syscall_64 (arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)

Compare node ids with sane bounds first. NUMA_NO_NODE is considered a special valid case meaning that benchmarking kthreads won't be bound to a cpuset of a given node.

Found by Linux Verification Center (linuxtesting.org).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-21T12:15:10Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: fix node id validation\n\nWhile validating node ids in map_benchmark_ioctl(), node_possible() may\nbe provided with invalid argument outside of [0,MAX_NUMNODES-1] range\nleading to:\n\nBUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nRead of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971\nCPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117)\nkasan_report (mm/kasan/report.c:603)\nkasan_check_range (mm/kasan/generic.c:189)\nvariable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]\narch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]\n_test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]\nnode_state (include/linux/nodemask.h:423) [inline]\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nCompare node ids with sane bounds first. NUMA_NO_NODE is considered a\nspecial valid case meaning that benchmarking kthreads won\u0027t be bound to a\ncpuset of a given node.\n\nFound by Linux Verification Center (linuxtesting.org).",
  "id": "GHSA-2f2r-5v47-wcr9",
  "modified": "2025-09-17T18:31:14Z",
  "published": "2024-06-21T12:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34777"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.