CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
853 vulnerabilities reference this CWE, most recent first.
GHSA-H89F-5H94-VMJ5
Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:03Transient DOS in WLAN Firmware while parsing a NAN management frame.
{
"affected": [],
"aliases": [
"CVE-2023-33026"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-03T06:15:26Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while parsing a NAN management frame.",
"id": "GHSA-h89f-5h94-vmj5",
"modified": "2024-04-04T08:03:37Z",
"published": "2023-10-03T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33026"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H8WX-JCWQ-G3CP
Vulnerability from github – Published: 2026-04-28 21:36 – Updated: 2026-07-14 15:31The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.
These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.
{
"affected": [],
"aliases": [
"CVE-2026-6238"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-28T19:37:47Z",
"severity": "MODERATE"
},
"details": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.",
"id": "GHSA-h8wx-jcwq-g3cp",
"modified": "2026-07-14T15:31:55Z",
"published": "2026-04-28T21:36:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6238"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34069"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-H95Q-46MC-6G3W
Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
{
"affected": [],
"aliases": [
"CVE-2022-40503"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-13T07:15:00Z",
"severity": "HIGH"
},
"details": "Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.",
"id": "GHSA-h95q-46mc-6g3w",
"modified": "2024-04-04T03:26:01Z",
"published": "2023-04-13T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40503"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H9WV-R3FW-4XHH
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
{
"affected": [],
"aliases": [
"CVE-2022-40512"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.",
"id": "GHSA-h9wv-r3fw-4xhh",
"modified": "2023-02-21T18:30:18Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40512"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HCP4-644R-Q8XR
Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2024-04-04 05:26An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-23571"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-06T15:15:11Z",
"severity": "HIGH"
},
"details": "An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.",
"id": "GHSA-hcp4-644r-q8xr",
"modified": "2024-04-04T05:26:55Z",
"published": "2023-07-06T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23571"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1696"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HFH3-PR7Q-FRPW
Vulnerability from github – Published: 2026-04-06 18:33 – Updated: 2026-04-06 18:33Memory Corruption when retrieving output buffer with insufficient size validation.
{
"affected": [],
"aliases": [
"CVE-2026-21371"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-06T16:16:29Z",
"severity": "HIGH"
},
"details": "Memory Corruption when retrieving output buffer with insufficient size validation.",
"id": "GHSA-hfh3-pr7q-frpw",
"modified": "2026-04-06T18:33:06Z",
"published": "2026-04-06T18:33:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21371"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HH45-W5QF-PXVX
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30Information disclosure in modem due to buffer over read in dns client due to missing length check
{
"affected": [],
"aliases": [
"CVE-2022-25732"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "HIGH"
},
"details": "Information disclosure in modem due to buffer over read in dns client due to missing length check",
"id": "GHSA-hh45-w5qf-pxvx",
"modified": "2023-02-21T18:30:18Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25732"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HJ4C-9FP7-4VRH
Vulnerability from github – Published: 2023-11-14 18:30 – Updated: 2023-11-14 18:30Information disclosure in WLAN HAL when reception status handler is called.
{
"affected": [],
"aliases": [
"CVE-2023-28568"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T06:15:09Z",
"severity": "MODERATE"
},
"details": "Information disclosure in WLAN HAL when reception status handler is called.",
"id": "GHSA-hj4c-9fp7-4vrh",
"modified": "2023-11-14T18:30:26Z",
"published": "2023-11-14T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28568"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HJHM-8JGQ-5FRF
Vulnerability from github – Published: 2026-03-02 18:31 – Updated: 2026-03-02 18:31Memory Corruption when adding user-supplied data without checking available buffer space.
{
"affected": [],
"aliases": [
"CVE-2025-59600"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-02T17:16:28Z",
"severity": "HIGH"
},
"details": "Memory Corruption when adding user-supplied data without checking available buffer space.",
"id": "GHSA-hjhm-8jgq-5frf",
"modified": "2026-03-02T18:31:45Z",
"published": "2026-03-02T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59600"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPGW-5J39-3F7C
Vulnerability from github – Published: 2024-06-03 12:30 – Updated: 2024-06-03 12:30Information disclosure in Video while parsing mp2 clip with invalid section length.
{
"affected": [],
"aliases": [
"CVE-2023-43555"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-03T10:15:11Z",
"severity": "HIGH"
},
"details": "Information disclosure in Video while parsing mp2 clip with invalid section length.",
"id": "GHSA-hpgw-5j39-3f7c",
"modified": "2024-06-03T12:30:38Z",
"published": "2024-06-03T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43555"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.