CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11291 vulnerabilities reference this CWE, most recent first.
GHSA-XP23-94CQ-8M5G
Vulnerability from github – Published: 2025-05-23 15:31 – Updated: 2025-05-23 15:31A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2022-31812"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-23T15:15:21Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SiPass integrated (All versions \u003c V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.",
"id": "GHSA-xp23-94cq-8m5g",
"modified": "2025-05-23T15:31:16Z",
"published": "2025-05-23T15:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31812"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-041082.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XP2V-6M36-VC7M
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.
{
"affected": [],
"aliases": [
"CVE-2018-5855"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-06T19:29:00Z",
"severity": "CRITICAL"
},
"details": "While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.",
"id": "GHSA-xp2v-6m36-vc7m",
"modified": "2022-05-13T01:52:56Z",
"published": "2022-05-13T01:52:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5855"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-07-01"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=61f4a467177afc23bdc1944ec61e52bed156c104"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107770"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP2W-QR8J-R6P4
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp
Users can set damos_quota_goal->nid with arbitrary value for node_memcg_{used,free}_bp. But DAMON core is using those for NODE-DATA() without a validation of the value. This can result in out of bounds memory access. The issue can actually triggered using DAMON user-space tool (damo), like below.
$ sudo mkdir /sys/fs/cgroup/foo
$ sudo ./damo start --damos_action stat --damos_quota_interval 1s \
--damos_quota_goal node_memcg_used_bp 50% -1 /foo
$ sudo dmseg
[...]
[ 524.181426] Unable to handle kernel paging request at virtual address 0000000000002c00
Fix this issue by adding the validation of the given node id. If an invalid node id is given, it returns 0% for used memory ratio, and 100% for free memory ratio.
{
"affected": [],
"aliases": [
"CVE-2026-46067"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: validate damos_quota_goal-\u003enid for node_memcg_{used,free}_bp\n\nUsers can set damos_quota_goal-\u003enid with arbitrary value for\nnode_memcg_{used,free}_bp. But DAMON core is using those for NODE-DATA()\nwithout a validation of the value. This can result in out of bounds\nmemory access. The issue can actually triggered using DAMON user-space\ntool (damo), like below.\n\n $ sudo mkdir /sys/fs/cgroup/foo\n $ sudo ./damo start --damos_action stat --damos_quota_interval 1s \\\n --damos_quota_goal node_memcg_used_bp 50% -1 /foo\n $ sudo dmseg\n [...]\n [ 524.181426] Unable to handle kernel paging request at virtual address 0000000000002c00\n\nFix this issue by adding the validation of the given node id. If an\ninvalid node id is given, it returns 0% for used memory ratio, and 100%\nfor free memory ratio.",
"id": "GHSA-xp2w-qr8j-r6p4",
"modified": "2026-06-24T18:32:29Z",
"published": "2026-05-27T15:33:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46067"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a34dac6482e53e2c76944f25b1489b9b7da3a6e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da10db73ada26345244ea5dc52f974692bd05f66"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP3H-FH9Q-XM26
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2018-15932"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-12T18:29:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-xp3h-fh9q-xm26",
"modified": "2022-05-13T01:28:07Z",
"published": "2022-05-13T01:28:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15932"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"type": "WEB",
"url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105439"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041809"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XP4R-M764-37WJ
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2020-9716"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-19T15:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-xp4r-m764-37wj",
"modified": "2022-05-24T17:26:11Z",
"published": "2022-05-24T17:26:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9716"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-48.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XP4V-39JP-M5F4
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.
{
"affected": [],
"aliases": [
"CVE-2018-14790"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-01T13:29:00Z",
"severity": "CRITICAL"
},
"details": "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.",
"id": "GHSA-xp4v-39jp-m5f4",
"modified": "2022-05-13T01:34:28Z",
"published": "2022-05-13T01:34:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14790"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105408"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP6X-8HGV-X5W5
Vulnerability from github – Published: 2023-12-13 09:30 – Updated: 2025-08-18 12:31A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
{
"affected": [],
"aliases": [
"CVE-2023-6377"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-13T07:15:30Z",
"severity": "HIGH"
},
"details": "A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.",
"id": "GHSA-xp6x-8hgv-x5w5",
"modified": "2025-08-18T12:31:17Z",
"published": "2023-12-13T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6377"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5576"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240125-0003"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-30"
},
{
"type": "WEB",
"url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253291"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-6377"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13998"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2996"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2995"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2170"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2169"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0020"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0018"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0017"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0016"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0015"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0014"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0010"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0009"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0006"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7886"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP8W-7PR3-W557
Vulnerability from github – Published: 2022-02-26 00:00 – Updated: 2022-03-17 00:05The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2022-21209"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-25T19:15:00Z",
"severity": "HIGH"
},
"details": "The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.",
"id": "GHSA-xp8w-7pr3-w557",
"modified": "2022-03-17T00:05:10Z",
"published": "2022-02-26T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21209"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-435"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-436"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-439"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP9F-JWGV-V2WJ
Vulnerability from github – Published: 2024-06-13 21:30 – Updated: 2024-07-11 15:30In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-29781"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-13T21:15:52Z",
"severity": "HIGH"
},
"details": "In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-xp9f-jwgv-v2wj",
"modified": "2024-07-11T15:30:42Z",
"published": "2024-06-13T21:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29781"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XPFJ-6CXG-MXRR
Vulnerability from github – Published: 2023-11-16 15:30 – Updated: 2023-11-16 15:30Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-44332"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-16T15:15:09Z",
"severity": "MODERATE"
},
"details": "Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-xpfj-6cxg-mxrr",
"modified": "2023-11-16T15:30:20Z",
"published": "2023-11-16T15:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44332"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-56.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.