Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

853 vulnerabilities reference this CWE, most recent first.

GHSA-HPPC-G8H3-XHP3

Vulnerability from github – Published: 2026-04-22 21:00 – Updated: 2026-04-27 16:29
VLAI
Summary
rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer
Details

The FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "openssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.9.24"
            },
            {
              "fixed": "0.10.78"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126",
      "CWE-130"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T21:00:57Z",
    "nvd_published_at": "2026-04-24T18:16:29Z",
    "severity": "HIGH"
  },
  "details": "The FFI trampolines behind `SslContextBuilder::set_psk_client_callback`, `set_psk_server_callback`, `set_cookie_generate_cb`,  and `set_stateless_cookie_generate_cb` forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the `\u0026mut [u8]` that was handed to the closure. This can lead to buffer overflows and other unintended consequences.",
  "id": "GHSA-hppc-g8h3-xhp3",
  "modified": "2026-04-27T16:29:44Z",
  "published": "2026-04-22T21:00:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41898"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-openssl/rust-openssl/pull/2607"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-openssl/rust-openssl/commit/1d109020d98fff2fb2e45c39a373af3dff99b24c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rust-openssl/rust-openssl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer"
}

GHSA-HVG8-7678-V53J

Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30
VLAI
Details

Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45548"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T11:15:09Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.",
  "id": "GHSA-hvg8-7678-v53j",
  "modified": "2025-01-06T12:30:33Z",
  "published": "2025-01-06T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45548"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVR6-7X95-4JGJ

Vulnerability from github – Published: 2026-04-06 18:33 – Updated: 2026-04-06 18:33
VLAI
Details

Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-06T16:16:31Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.",
  "id": "GHSA-hvr6-7x95-4jgj",
  "modified": "2026-04-06T18:33:07Z",
  "published": "2026-04-06T18:33:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21381"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWHF-72F8-CRGH

Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30
VLAI
Details

Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23366"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T11:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.",
  "id": "GHSA-hwhf-72f8-crgh",
  "modified": "2025-01-06T12:30:32Z",
  "published": "2025-01-06T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23366"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HXHP-8773-V9F8

Vulnerability from github – Published: 2023-05-02 09:30 – Updated: 2024-04-04 03:45
VLAI
Details

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-02T08:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.",
  "id": "GHSA-hxhp-8773-v9f8",
  "modified": "2024-04-04T03:45:57Z",
  "published": "2023-05-02T09:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33273"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HXQC-XV34-842X

Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:03
VLAI
Details

Transient DOS in WLAN Firmware while parsing rsn ies.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-03T06:15:26Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS in WLAN Firmware while parsing rsn ies.",
  "id": "GHSA-hxqc-xv34-842x",
  "modified": "2024-04-04T08:03:51Z",
  "published": "2023-10-03T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33027"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2M8-JXHW-9X9R

Vulnerability from github – Published: 2026-05-04 18:30 – Updated: 2026-05-04 18:30
VLAI
Details

Transient DOS when processing target power rate tables during channel configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T17:16:20Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS when processing target power rate tables during channel configuration.",
  "id": "GHSA-j2m8-jxhw-9x9r",
  "modified": "2026-05-04T18:30:29Z",
  "published": "2026-05-04T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47401"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3R9-X7XR-WVFG

Vulnerability from github – Published: 2026-02-02 18:31 – Updated: 2026-02-02 18:31
VLAI
Details

Transient DOS when processing a received frame with an excessively large authentication information element.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47402"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T16:16:19Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS when processing a received frame with an excessively large authentication information element.",
  "id": "GHSA-j3r9-x7xr-wvfg",
  "modified": "2026-02-02T18:31:32Z",
  "published": "2026-02-02T18:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47402"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J4C6-9Q52-52Q7

Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30
VLAI
Details

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-24T16:15:34Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.",
  "id": "GHSA-j4c6-9q52-52q7",
  "modified": "2025-09-24T18:30:30Z",
  "published": "2025-09-24T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21487"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J56R-VG47-F726

Vulnerability from github – Published: 2025-10-09 06:30 – Updated: 2025-10-09 06:30
VLAI
Details

Transient DOS while processing IOCTL call for image encoding.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-09T04:16:41Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS while processing IOCTL call for image encoding.",
  "id": "GHSA-j56r-vg47-f726",
  "modified": "2025-10-09T06:30:24Z",
  "published": "2025-10-09T06:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27049"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.