CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11291 vulnerabilities reference this CWE, most recent first.
GHSA-PGCP-C398-67PQ
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.
{
"affected": [],
"aliases": [
"CVE-2018-4283"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-03T18:29:00Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6.",
"id": "GHSA-pgcp-c398-67pq",
"modified": "2022-05-13T01:52:40Z",
"published": "2022-05-13T01:52:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4283"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT208937"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PGCR-3MV5-2297
Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32Information disclosure while handling SA query action frame.
{
"affected": [],
"aliases": [
"CVE-2024-21458"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T15:15:13Z",
"severity": "MODERATE"
},
"details": "Information disclosure while handling SA query action frame.",
"id": "GHSA-pgcr-3mv5-2297",
"modified": "2024-07-01T15:32:42Z",
"published": "2024-07-01T15:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21458"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PGG7-G5F4-6C8V
Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
{
"affected": [],
"aliases": [
"CVE-2023-25756"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T19:15:19Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access.",
"id": "GHSA-pgg7-g5f4-6c8v",
"modified": "2023-11-14T21:31:01Z",
"published": "2023-11-14T21:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25756"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231221-0008"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PGGH-8R27-X766
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34Transient DOS in WLAN Firmware while processing frames with missing header fields.
{
"affected": [],
"aliases": [
"CVE-2023-21659"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while processing frames with missing header fields.",
"id": "GHSA-pggh-8r27-x766",
"modified": "2024-04-04T04:34:47Z",
"published": "2023-06-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21659"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PGH9-CMJH-P9CW
Vulnerability from github – Published: 2026-01-29 21:30 – Updated: 2026-02-03 18:30An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
{
"affected": [],
"aliases": [
"CVE-2025-63650"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-29T20:16:08Z",
"severity": "HIGH"
},
"details": "An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.",
"id": "GHSA-pgh9-cmjh-p9cw",
"modified": "2026-02-03T18:30:31Z",
"published": "2026-01-29T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63650"
},
{
"type": "WEB",
"url": "https://github.com/monkey/monkey/issues/426"
},
{
"type": "WEB",
"url": "https://github.com/archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PGHJ-QV6P-RGX5
Vulnerability from github – Published: 2022-10-14 19:00 – Updated: 2025-05-14 15:31The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
{
"affected": [],
"aliases": [
"CVE-2022-41603"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T16:15:00Z",
"severity": "LOW"
},
"details": "The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.",
"id": "GHSA-pghj-qv6p-rgx5",
"modified": "2025-05-14T15:31:31Z",
"published": "2022-10-14T19:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41603"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/10"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PGHP-3J6X-2496
Vulnerability from github – Published: 2023-06-28 18:30 – Updated: 2024-04-04 05:14In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783910References: N/A
{
"affected": [],
"aliases": [
"CVE-2023-21154"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-28T18:15:13Z",
"severity": "MODERATE"
},
"details": "In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783910References: N/A",
"id": "GHSA-pghp-3j6x-2496",
"modified": "2024-04-04T05:14:41Z",
"published": "2023-06-28T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21154"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2023-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PGJ3-5W38-PG9M
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:55The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
{
"affected": [],
"aliases": [
"CVE-2019-16098"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-11T17:15:00Z",
"severity": "HIGH"
},
"details": "The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.",
"id": "GHSA-pgj3-5w38-pg9m",
"modified": "2024-04-04T01:55:12Z",
"published": "2022-05-24T16:55:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16098"
},
{
"type": "WEB",
"url": "https://github.com/Barakat/CVE-2019-16098"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PGJJ-GQ5V-P74W
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-10-08 00:00SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
{
"affected": [],
"aliases": [
"CVE-2021-27606"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T14:15:00Z",
"severity": "HIGH"
},
"details": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.",
"id": "GHSA-pgjj-gq5v-p74w",
"modified": "2022-10-08T00:00:21Z",
"published": "2022-05-24T19:04:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27606"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Oct/29"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PGMJ-MWV3-4C9W
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2018-5024"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-pgmj-mwv3-4c9w",
"modified": "2022-05-14T00:53:22Z",
"published": "2022-05-14T00:53:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5024"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104699"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.