Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11291 vulnerabilities reference this CWE, most recent first.

GHSA-PGCP-C398-67PQ

Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52
VLAI
Details

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-03T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.",
  "id": "GHSA-pgcp-c398-67pq",
  "modified": "2022-05-13T01:52:40Z",
  "published": "2022-05-13T01:52:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4283"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT208937"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGCR-3MV5-2297

Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32
VLAI
Details

Information disclosure while handling SA query action frame.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-01T15:15:13Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure while handling SA query action frame.",
  "id": "GHSA-pgcr-3mv5-2297",
  "modified": "2024-07-01T15:32:42Z",
  "published": "2024-07-01T15:32:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21458"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGG7-G5F4-6C8V

Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31
VLAI
Details

Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T19:15:19Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access.",
  "id": "GHSA-pgg7-g5f4-6c8v",
  "modified": "2023-11-14T21:31:01Z",
  "published": "2023-11-14T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25756"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231221-0008"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGGH-8R27-X766

Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34
VLAI
Details

Transient DOS in WLAN Firmware while processing frames with missing header fields.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T08:15:12Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS in WLAN Firmware while processing frames with missing header fields.",
  "id": "GHSA-pggh-8r27-x766",
  "modified": "2024-04-04T04:34:47Z",
  "published": "2023-06-06T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21659"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGH9-CMJH-P9CW

Vulnerability from github – Published: 2026-01-29 21:30 – Updated: 2026-02-03 18:30
VLAI
Details

An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-63650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-29T20:16:08Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.",
  "id": "GHSA-pgh9-cmjh-p9cw",
  "modified": "2026-02-03T18:30:31Z",
  "published": "2026-01-29T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63650"
    },
    {
      "type": "WEB",
      "url": "https://github.com/monkey/monkey/issues/426"
    },
    {
      "type": "WEB",
      "url": "https://github.com/archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGHJ-QV6P-RGX5

Vulnerability from github – Published: 2022-10-14 19:00 – Updated: 2025-05-14 15:31
VLAI
Details

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-14T16:15:00Z",
    "severity": "LOW"
  },
  "details": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.",
  "id": "GHSA-pghj-qv6p-rgx5",
  "modified": "2025-05-14T15:31:31Z",
  "published": "2022-10-14T19:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41603"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/10"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGHP-3J6X-2496

Vulnerability from github – Published: 2023-06-28 18:30 – Updated: 2024-04-04 05:14
VLAI
Details

In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783910References: N/A

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-28T18:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783910References: N/A",
  "id": "GHSA-pghp-3j6x-2496",
  "modified": "2024-04-04T05:14:41Z",
  "published": "2023-06-28T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21154"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2023-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGJ3-5W38-PG9M

Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:55
VLAI
Details

The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-16098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-11T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.",
  "id": "GHSA-pgj3-5w38-pg9m",
  "modified": "2024-04-04T01:55:12Z",
  "published": "2022-05-24T16:55:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16098"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Barakat/CVE-2019-16098"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGJJ-GQ5V-P74W

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-10-08 00:00
VLAI
Details

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27606"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-09T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.",
  "id": "GHSA-pgjj-gq5v-p74w",
  "modified": "2022-10-08T00:00:21Z",
  "published": "2022-05-24T19:04:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27606"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3020104"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Oct/29"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGMJ-MWV3-4C9W

Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53
VLAI
Details

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-20T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
  "id": "GHSA-pgmj-mwv3-4c9w",
  "modified": "2022-05-14T00:53:22Z",
  "published": "2022-05-14T00:53:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5024"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104699"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.