CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11273 vulnerabilities reference this CWE, most recent first.
GHSA-QCW5-7WMM-6MRC
Vulnerability from github – Published: 2025-03-11 18:32 – Updated: 2025-03-11 18:32Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
{
"affected": [],
"aliases": [
"CVE-2025-24988"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T17:16:35Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.",
"id": "GHSA-qcw5-7wmm-6mrc",
"modified": "2025-03-11T18:32:18Z",
"published": "2025-03-11T18:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24988"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24988"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QCXF-H8PF-75PG
Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2025-04-20 03:35Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.
{
"affected": [],
"aliases": [
"CVE-2017-3032"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-12T14:59:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.",
"id": "GHSA-qcxf-h8pf-75pg",
"modified": "2025-04-20T03:35:55Z",
"published": "2022-05-17T02:32:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3032"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97554"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-257"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCXJ-HHQ3-PCRC
Vulnerability from github – Published: 2022-12-21 15:30 – Updated: 2022-12-21 15:30In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A
{
"affected": [],
"aliases": [
"CVE-2022-20606"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-16T16:15:00Z",
"severity": "MODERATE"
},
"details": "In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A",
"id": "GHSA-qcxj-hhq3-pcrc",
"modified": "2022-12-21T15:30:18Z",
"published": "2022-12-21T15:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20606"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF29-287H-JJ52
Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2022-09-17 00:00Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-38403"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-16T18:15:00Z",
"severity": "HIGH"
},
"details": "Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-qf29-287h-jj52",
"modified": "2022-09-17T00:00:32Z",
"published": "2022-09-17T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38403"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/incopy/apsb22-53.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF2X-CQ7R-8263
Vulnerability from github – Published: 2024-08-07 03:31 – Updated: 2024-08-07 03:31Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
{
"affected": [],
"aliases": [
"CVE-2024-34625"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-07T02:15:38Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.",
"id": "GHSA-qf2x-cq7r-8263",
"modified": "2024-08-07T03:31:28Z",
"published": "2024-08-07T03:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34625"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF6F-9FQ8-X522
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
{
"affected": [],
"aliases": [
"CVE-2021-0009"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-11T13:15:00Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.",
"id": "GHSA-qf6f-9fq8-x522",
"modified": "2022-05-24T19:10:43Z",
"published": "2022-05-24T19:10:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0009"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210827-0009"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00479.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QF6X-7G55-4WGC
Vulnerability from github – Published: 2023-02-14 00:30 – Updated: 2023-02-22 21:30Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.
{
"affected": [],
"aliases": [
"CVE-2023-0817"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-13T22:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.",
"id": "GHSA-qf6x-7g55-4wgc",
"modified": "2023-02-22T21:30:39Z",
"published": "2023-02-14T00:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0817"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF78-3CFM-29PM
Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential oob read in nilfs_btree_check_delete()
The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries.
This does not usually happen because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen if the b-tree root node read from a device is configured that way, so fix this potential issue by adding a check for that case.
{
"affected": [],
"aliases": [
"CVE-2024-47757"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T13:15:05Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential oob read in nilfs_btree_check_delete()\n\nThe function nilfs_btree_check_delete(), which checks whether degeneration\nto direct mapping occurs before deleting a b-tree entry, causes memory\naccess outside the block buffer when retrieving the maximum key if the\nroot node has no entries.\n\nThis does not usually happen because b-tree mappings with 0 child nodes\nare never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen\nif the b-tree root node read from a device is configured that way, so fix\nthis potential issue by adding a check for that case.",
"id": "GHSA-qf78-3cfm-29pm",
"modified": "2025-11-04T00:31:39Z",
"published": "2024-10-21T15:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47757"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/257f9e5185eb6de83377caea686c306e22e871f2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a33e967b681e088a125b979975c93e3453e686cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8abfda768b9f33630cfbc4af6c4214f1e5681b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4cbcc64bb31e67e02940ce060cc77f7180564cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4f8554996e8ada3be872dfb8f60e93bcf15fb27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d20674f31626e0596ae4c1d9401dfb6739b81b58"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed76d381dae125b81d09934e365391a656249da8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f3a9859767c7aea758976f5523903d247e585129"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF7G-43GQ-8R8V
Vulnerability from github – Published: 2023-07-12 18:30 – Updated: 2024-04-04 06:04Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-29310"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-12T16:15:12Z",
"severity": "MODERATE"
},
"details": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-qf7g-43gq-8r8v",
"modified": "2024-04-04T06:04:36Z",
"published": "2023-07-12T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29310"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF7P-2HMJ-48MQ
Vulnerability from github – Published: 2024-11-15 21:30 – Updated: 2025-03-31 21:32An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.
{
"affected": [],
"aliases": [
"CVE-2024-24453"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-15T20:15:19Z",
"severity": "HIGH"
},
"details": "An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.",
"id": "GHSA-qf7p-2hmj-48mq",
"modified": "2025-03-31T21:32:43Z",
"published": "2024-11-15T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24453"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04780en_us\u0026docLocale=en_US"
},
{
"type": "WEB",
"url": "http://athonet.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.