Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11273 vulnerabilities reference this CWE, most recent first.

GHSA-QCW5-7WMM-6MRC

Vulnerability from github – Published: 2025-03-11 18:32 – Updated: 2025-03-11 18:32
VLAI
Details

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T17:16:35Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.",
  "id": "GHSA-qcw5-7wmm-6mrc",
  "modified": "2025-03-11T18:32:18Z",
  "published": "2025-03-11T18:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24988"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCXF-H8PF-75PG

Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2025-04-20 03:35
VLAI
Details

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-3032"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-12T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.",
  "id": "GHSA-qcxf-h8pf-75pg",
  "modified": "2025-04-20T03:35:55Z",
  "published": "2022-05-17T02:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3032"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97554"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038228"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-257"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCXJ-HHQ3-PCRC

Vulnerability from github – Published: 2022-12-21 15:30 – Updated: 2022-12-21 15:30
VLAI
Details

In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20606"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-16T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A",
  "id": "GHSA-qcxj-hhq3-pcrc",
  "modified": "2022-12-21T15:30:18Z",
  "published": "2022-12-21T15:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20606"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF29-287H-JJ52

Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2022-09-17 00:00
VLAI
Details

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-16T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-qf29-287h-jj52",
  "modified": "2022-09-17T00:00:32Z",
  "published": "2022-09-17T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38403"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/incopy/apsb22-53.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF2X-CQ7R-8263

Vulnerability from github – Published: 2024-08-07 03:31 – Updated: 2024-08-07 03:31
VLAI
Details

Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-07T02:15:38Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.",
  "id": "GHSA-qf2x-cq7r-8263",
  "modified": "2024-08-07T03:31:28Z",
  "published": "2024-08-07T03:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34625"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF6F-9FQ8-X522

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-11T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.",
  "id": "GHSA-qf6f-9fq8-x522",
  "modified": "2022-05-24T19:10:43Z",
  "published": "2022-05-24T19:10:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0009"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210827-0009"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00479.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QF6X-7G55-4WGC

Vulnerability from github – Published: 2023-02-14 00:30 – Updated: 2023-02-22 21:30
VLAI
Details

Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-13T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.",
  "id": "GHSA-qf6x-7g55-4wgc",
  "modified": "2023-02-22T21:30:39Z",
  "published": "2023-02-14T00:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0817"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF78-3CFM-29PM

Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential oob read in nilfs_btree_check_delete()

The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries.

This does not usually happen because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself. However, it can happen if the b-tree root node read from a device is configured that way, so fix this potential issue by adding a check for that case.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T13:15:05Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential oob read in nilfs_btree_check_delete()\n\nThe function nilfs_btree_check_delete(), which checks whether degeneration\nto direct mapping occurs before deleting a b-tree entry, causes memory\naccess outside the block buffer when retrieving the maximum key if the\nroot node has no entries.\n\nThis does not usually happen because b-tree mappings with 0 child nodes\nare never created by mkfs.nilfs2 or nilfs2 itself.  However, it can happen\nif the b-tree root node read from a device is configured that way, so fix\nthis potential issue by adding a check for that case.",
  "id": "GHSA-qf78-3cfm-29pm",
  "modified": "2025-11-04T00:31:39Z",
  "published": "2024-10-21T15:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47757"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/257f9e5185eb6de83377caea686c306e22e871f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a33e967b681e088a125b979975c93e3453e686cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8abfda768b9f33630cfbc4af6c4214f1e5681b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4cbcc64bb31e67e02940ce060cc77f7180564cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4f8554996e8ada3be872dfb8f60e93bcf15fb27"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d20674f31626e0596ae4c1d9401dfb6739b81b58"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed76d381dae125b81d09934e365391a656249da8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3a9859767c7aea758976f5523903d247e585129"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF7G-43GQ-8R8V

Vulnerability from github – Published: 2023-07-12 18:30 – Updated: 2024-04-04 06:04
VLAI
Details

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-12T16:15:12Z",
    "severity": "MODERATE"
  },
  "details": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-qf7g-43gq-8r8v",
  "modified": "2024-04-04T06:04:36Z",
  "published": "2023-07-12T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29310"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF7P-2HMJ-48MQ

Vulnerability from github – Published: 2024-11-15 21:30 – Updated: 2025-03-31 21:32
VLAI
Details

An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-15T20:15:19Z",
    "severity": "HIGH"
  },
  "details": "An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.",
  "id": "GHSA-qf7p-2hmj-48mq",
  "modified": "2025-03-31T21:32:43Z",
  "published": "2024-11-15T21:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24453"
    },
    {
      "type": "WEB",
      "url": "https://cellularsecurity.org/ransacked"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04780en_us\u0026docLocale=en_US"
    },
    {
      "type": "WEB",
      "url": "http://athonet.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.