CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-5292-QC6P-VF38
Vulnerability from github – Published: 2026-06-25 15:31 – Updated: 2026-06-25 15:31An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.
{
"affected": [],
"aliases": [
"CVE-2026-40210"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T13:16:39Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.",
"id": "GHSA-5292-qc6p-vf38",
"modified": "2026-06-25T15:31:59Z",
"published": "2026-06-25T15:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40210"
},
{
"type": "WEB",
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-54QP-W9CP-G8G3
Vulnerability from github – Published: 2025-04-03 15:31 – Updated: 2026-06-26 00:31A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2025-32053"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-03T14:15:44Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.",
"id": "GHSA-54qp-w9cp-g8g3",
"modified": "2026-06-26T00:31:59Z",
"published": "2025-04-03T15:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32053"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4440"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4508"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4560"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7436"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:8292"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-32053"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357070"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/426"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-5536-R29G-PV75
Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30Windows Graphics Component Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38250"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T17:15:30Z",
"severity": "HIGH"
},
"details": "Windows Graphics Component Elevation of Privilege Vulnerability",
"id": "GHSA-5536-r29g-pv75",
"modified": "2024-09-10T18:30:46Z",
"published": "2024-09-10T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38250"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5587-5JWR-XC28
Vulnerability from github – Published: 2025-05-06 09:31 – Updated: 2025-05-06 09:31Transient DOS while parsing per STA profile in ML IE.
{
"affected": [],
"aliases": [
"CVE-2025-21459"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-06T09:15:23Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing per STA profile in ML IE.",
"id": "GHSA-5587-5jwr-xc28",
"modified": "2025-05-06T09:31:34Z",
"published": "2025-05-06T09:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21459"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-56QJ-6G3M-JPHJ
Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-08 06:30In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
{
"affected": [],
"aliases": [
"CVE-2022-42781"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-06T07:15:00Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.",
"id": "GHSA-56qj-6g3m-jphj",
"modified": "2022-12-08T06:30:30Z",
"published": "2022-12-06T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42781"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5796-PG6J-M9RR
Vulnerability from github – Published: 2023-09-05 09:30 – Updated: 2024-04-04 07:28Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.
{
"affected": [],
"aliases": [
"CVE-2023-33015"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-05T07:15:14Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.",
"id": "GHSA-5796-pg6j-m9rr",
"modified": "2024-04-04T07:28:31Z",
"published": "2023-09-05T09:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33015"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57CP-G26V-M46Q
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-47971"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:15:37Z",
"severity": "HIGH"
},
"details": "Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.",
"id": "GHSA-57cp-g26v-m46q",
"modified": "2025-07-08T18:31:44Z",
"published": "2025-07-08T18:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47971"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47971"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57PM-66VJ-3HH7
Vulnerability from github – Published: 2022-09-13 00:00 – Updated: 2022-09-16 00:00Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
{
"affected": [],
"aliases": [
"CVE-2022-3178"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-12T17:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.",
"id": "GHSA-57pm-66vj-3hh7",
"modified": "2022-09-16T00:00:40Z",
"published": "2022-09-13T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3178"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57Q2-HVR9-9W4C
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-08 00:00A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421)
{
"affected": [],
"aliases": [
"CVE-2021-34325"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421)",
"id": "GHSA-57q2-hvr9-9w4c",
"modified": "2022-10-08T00:00:18Z",
"published": "2022-05-24T19:07:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34325"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-863"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-59P6-HQ92-2JP7
Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
{
"affected": [],
"aliases": [
"CVE-2025-21434"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-07T11:15:51Z",
"severity": "HIGH"
},
"details": "Transient DOS may occur while parsing EHT operation IE or EHT capability IE.",
"id": "GHSA-59p6-hq92-2jp7",
"modified": "2025-04-07T12:33:18Z",
"published": "2025-04-07T12:33:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21434"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.