Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

854 vulnerabilities reference this CWE, most recent first.

GHSA-CFCV-VWXF-FG7X

Vulnerability from github – Published: 2023-07-14 09:30 – Updated: 2025-11-04 00:30
VLAI
Details

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-14T07:15:08Z",
    "severity": "MODERATE"
  },
  "details": "iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file",
  "id": "GHSA-cfcv-vwxf-fg7x",
  "modified": "2025-11-04T00:30:38Z",
  "published": "2023-07-14T09:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3649"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19164"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2023-22.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CFFX-CF3X-MR9H

Vulnerability from github – Published: 2024-02-06 06:30 – Updated: 2024-02-06 06:30
VLAI
Details

Transient DOS while parse fils IE with length equal to 1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-06T06:16:03Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while parse fils IE with length equal to 1.",
  "id": "GHSA-cffx-cf3x-mr9h",
  "modified": "2024-02-06T06:30:32Z",
  "published": "2024-02-06T06:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43536"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CM2M-F7GC-HV64

Vulnerability from github – Published: 2024-04-04 15:30 – Updated: 2024-07-14 21:30
VLAI
Details

A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-04T14:15:10Z",
    "severity": "HIGH"
  },
  "details": "A heap-based buffer over-read vulnerability was found in the X.org server\u0027s ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker\u0027s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.",
  "id": "GHSA-cm2m-f7gc-hv64",
  "modified": "2024-07-14T21:30:37Z",
  "published": "2024-04-04T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31082"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-31082"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271999"
    },
    {
      "type": "WEB",
      "url": "https://lists.x.org/archives/xorg-announce/2024-April/003497.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/04/03/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/04/12/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP75-95Q9-G954

Vulnerability from github – Published: 2026-01-07 12:31 – Updated: 2026-01-07 12:31
VLAI
Details

Transient DOS while parsing video packets received from the video firmware.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-07T12:17:02Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS while parsing video packets received from the video firmware.",
  "id": "GHSA-cp75-95q9-g954",
  "modified": "2026-01-07T12:31:23Z",
  "published": "2026-01-07T12:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47330"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQ94-7HFR-HGR8

Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30
VLAI
Details

Information disclosure when Video engine escape input data is less than expected minimum size.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-24T16:15:35Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure when Video engine escape input data is less than expected minimum size.",
  "id": "GHSA-cq94-7hfr-hgr8",
  "modified": "2025-09-24T18:30:30Z",
  "published": "2025-09-24T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27036"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CRJ7-7VC6-G6G3

Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31
VLAI
Details

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer. This issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:

[ protocols bgp ... disable-4byte-as ]

Established BGP sessions can be checked by executing:

show bgp neighbor | match "4 byte AS"

This issue affects:

Junos OS: 

  • all versions before 22.4R3-S8,
  • 23.2 versions before 23.2R2-S5,
  • 23.4 versions before 23.4R2-S6,
  • 24.2 versions before 24.2R2-S2,
  • 24.4 versions before 24.4R2;

Junos OS Evolved: 

  • all versions before 22.4R3-S8-EVO,
  • 23.2 versions before 23.2R2-S5-EVO,
  • 23.4 versions before 23.4R2-S6-EVO,
  • 24.2 versions before 24.2R2-S2-EVO,
  • 24.4 versions before 24.4R2-EVO.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-15T21:16:03Z",
    "severity": "HIGH"
  },
  "details": "A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.\nThis issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:\n\n[ protocols bgp ...\u00a0disable-4byte-as\u00a0]\n\n\nEstablished BGP sessions can be checked by executing:\n\nshow bgp neighbor \u003cIP address\u003e | match \"4 byte AS\"\n\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S5,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S2,\n  *  24.4 versions before 24.4R2;\n\n\nJunos OS Evolved:\u00a0\n\n  *  all versions before 22.4R3-S8-EVO,\n  *  23.2 versions before 23.2R2-S5-EVO,\n  *  23.4 versions before 23.4R2-S6-EVO,\n  *  24.2 versions before 24.2R2-S2-EVO,\n  *  24.4 versions before 24.4R2-EVO.",
  "id": "GHSA-crj7-7vc6-g6g3",
  "modified": "2026-01-15T21:31:47Z",
  "published": "2026-01-15T21:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60003"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA103166"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CV8X-5CWW-P4PF

Vulnerability from github – Published: 2024-01-02 06:30 – Updated: 2024-01-02 06:30
VLAI
Details

Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-02T06:15:12Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.",
  "id": "GHSA-cv8x-5cww-p4pf",
  "modified": "2024-01-02T06:30:31Z",
  "published": "2024-01-02T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33116"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CVQV-3452-5Q34

Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26
VLAI
Details

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-13T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message",
  "id": "GHSA-cvqv-3452-5q34",
  "modified": "2024-04-04T03:26:52Z",
  "published": "2023-04-13T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25747"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CW34-GW9H-RXC6

Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30
VLAI
Details

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28900"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T17:15:48Z",
    "severity": "MODERATE"
  },
  "details": "Windows Remote Access Connection Manager Information Disclosure Vulnerability",
  "id": "GHSA-cw34-gw9h-rxc6",
  "modified": "2024-04-09T18:30:26Z",
  "published": "2024-04-09T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28900"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28900"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWPG-8775-J56V

Vulnerability from github – Published: 2024-02-21 00:31 – Updated: 2025-02-12 18:31
VLAI
Details

In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-20T22:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).",
  "id": "GHSA-cwpg-8775-j56v",
  "modified": "2025-02-12T18:31:27Z",
  "published": "2024-02-21T00:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6936"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/pull/6949"
    },
    {
      "type": "WEB",
      "url": "https://www.wolfssl.com/docs/security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.