CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-4P3H-QRPG-H7HR
Vulnerability from github – Published: 2023-05-02 06:30 – Updated: 2024-04-04 03:45Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
{
"affected": [],
"aliases": [
"CVE-2022-40505"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-02T06:15:10Z",
"severity": "HIGH"
},
"details": "Information disclosure due to buffer over-read in Modem while parsing DNS hostname.",
"id": "GHSA-4p3h-qrpg-h7hr",
"modified": "2024-04-04T03:45:36Z",
"published": "2023-05-02T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40505"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4P49-PGHR-968W
Vulnerability from github – Published: 2026-03-24 21:31 – Updated: 2026-06-30 03:36A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
{
"affected": [],
"aliases": [
"CVE-2026-4371"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T21:16:29Z",
"severity": "HIGH"
},
"details": "A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird \u003c 149 and Thunderbird \u003c 140.9.",
"id": "GHSA-4p49-pghr-968w",
"modified": "2026-06-30T03:36:00Z",
"published": "2026-03-24T21:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4371"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4371.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451001"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-4371"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8850"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8315"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8290"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8289"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8288"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8286"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8285"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8284"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6917"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6342"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6188"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4P54-36PQ-7QRC
Vulnerability from github – Published: 2022-08-24 00:00 – Updated: 2022-08-27 00:00A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
{
"affected": [],
"aliases": [
"CVE-2020-35511"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-23T20:15:00Z",
"severity": "HIGH"
},
"details": "A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.",
"id": "GHSA-4p54-36pq-7qrc",
"modified": "2022-08-27T00:00:42Z",
"published": "2022-08-24T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35511"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5300"
},
{
"type": "WEB",
"url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4PPF-RV9C-6QJQ
Vulnerability from github – Published: 2023-01-05 18:30 – Updated: 2023-01-12 00:30A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-4433"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-05T18:15:00Z",
"severity": "MODERATE"
},
"details": "A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.",
"id": "GHSA-4ppf-rv9c-6qjq",
"modified": "2023-01-12T00:30:19Z",
"published": "2023-01-05T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4433"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-103709"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4PPR-X3RG-CCJ6
Vulnerability from github – Published: 2023-08-08 12:30 – Updated: 2024-04-04 06:37Information disclosure in Network Services due to buffer over-read while the device receives DNS response.
{
"affected": [],
"aliases": [
"CVE-2023-21625"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T10:15:13Z",
"severity": "HIGH"
},
"details": "Information disclosure in Network Services due to buffer over-read while the device receives DNS response.",
"id": "GHSA-4ppr-x3rg-ccj6",
"modified": "2024-04-04T06:37:57Z",
"published": "2023-08-08T12:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21625"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4Q33-WJ3R-P79Q
Vulnerability from github – Published: 2024-01-02 06:30 – Updated: 2024-01-02 06:30Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.
{
"affected": [],
"aliases": [
"CVE-2023-43512"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-02T06:15:13Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.",
"id": "GHSA-4q33-wj3r-p79q",
"modified": "2024-01-02T06:30:31Z",
"published": "2024-01-02T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43512"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4Q5Q-CFPQ-3H3J
Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33Transient DOS may occur while parsing extended IE in beacon.
{
"affected": [],
"aliases": [
"CVE-2025-21435"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-07T11:15:51Z",
"severity": "HIGH"
},
"details": "Transient DOS may occur while parsing extended IE in beacon.",
"id": "GHSA-4q5q-cfpq-3h3j",
"modified": "2025-04-07T12:33:18Z",
"published": "2025-04-07T12:33:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21435"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4RMV-M7CX-WVG4
Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.
{
"affected": [],
"aliases": [
"CVE-2025-21428"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-07T11:15:50Z",
"severity": "HIGH"
},
"details": "Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.",
"id": "GHSA-4rmv-m7cx-wvg4",
"modified": "2025-04-07T12:33:18Z",
"published": "2025-04-07T12:33:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21428"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VV2-435C-33CH
Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:02Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
{
"affected": [],
"aliases": [
"CVE-2023-22385"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-03T06:15:21Z",
"severity": "CRITICAL"
},
"details": "Memory Corruption in Data Modem while making a MO call or MT VOLTE call.",
"id": "GHSA-4vv2-435c-33ch",
"modified": "2024-04-04T08:02:16Z",
"published": "2023-10-03T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22385"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4X46-H598-64QR
Vulnerability from github – Published: 2026-06-30 15:30 – Updated: 2026-06-30 15:30A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.
{
"affected": [],
"aliases": [
"CVE-2026-58013"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T13:19:17Z",
"severity": "MODERATE"
},
"details": "A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.",
"id": "GHSA-4x46-h598-64qr",
"modified": "2026-06-30T15:30:45Z",
"published": "2026-06-30T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58013"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-58013"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492248"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3925"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.