CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-5GM8-RJRV-Q6HJ
Vulnerability from github – Published: 2024-10-07 15:31 – Updated: 2024-10-07 15:31Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.
{
"affected": [],
"aliases": [
"CVE-2024-33049"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-07T13:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.",
"id": "GHSA-5gm8-rjrv-q6hj",
"modified": "2024-10-07T15:31:39Z",
"published": "2024-10-07T15:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33049"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5JM2-28HH-8J9G
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-62467"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:15:58Z",
"severity": "HIGH"
},
"details": "Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-5jm2-28hh-8j9g",
"modified": "2025-12-09T18:30:46Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62467"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5M6G-JV3X-7V6X
Vulnerability from github – Published: 2026-04-06 18:33 – Updated: 2026-04-06 18:33Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
{
"affected": [],
"aliases": [
"CVE-2026-21378"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-06T16:16:30Z",
"severity": "HIGH"
},
"details": "Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.",
"id": "GHSA-5m6g-jv3x-7v6x",
"modified": "2026-04-06T18:33:07Z",
"published": "2026-04-06T18:33:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21378"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5P64-6FH9-J56J
Vulnerability from github – Published: 2024-09-02 12:30 – Updated: 2024-09-02 12:30Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
{
"affected": [],
"aliases": [
"CVE-2024-23359"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-02T12:15:14Z",
"severity": "HIGH"
},
"details": "Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.",
"id": "GHSA-5p64-6fh9-j56j",
"modified": "2024-09-02T12:30:44Z",
"published": "2024-09-02T12:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23359"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-5PF5-5XPH-XFRF
Vulnerability from github – Published: 2026-01-07 12:31 – Updated: 2026-01-07 12:31Information disclosure while processing a firmware event.
{
"affected": [],
"aliases": [
"CVE-2025-47331"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-07T12:17:02Z",
"severity": "MODERATE"
},
"details": "Information disclosure while processing a firmware event.",
"id": "GHSA-5pf5-5xph-xfrf",
"modified": "2026-01-07T12:31:23Z",
"published": "2026-01-07T12:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47331"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-5QP4-G8F2-222M
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31Windows Remote Access Connection Manager Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30039"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:17:11Z",
"severity": "MODERATE"
},
"details": "Windows Remote Access Connection Manager Information Disclosure Vulnerability",
"id": "GHSA-5qp4-g8f2-222m",
"modified": "2024-05-14T18:31:04Z",
"published": "2024-05-14T18:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30039"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30039"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5VHQ-WV6W-VJ48
Vulnerability from github – Published: 2022-08-18 00:00 – Updated: 2026-02-25 15:31Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217.
{
"affected": [],
"aliases": [
"CVE-2022-2845"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-17T15:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217.",
"id": "GHSA-5vhq-wv6w-vj48",
"modified": "2026-02-25T15:31:35Z",
"published": "2022-08-18T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2845"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5WM9-V2RG-4WX7
Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32Transient DOS while loading the TA ELF file.
{
"affected": [],
"aliases": [
"CVE-2024-21462"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T15:15:14Z",
"severity": "HIGH"
},
"details": "Transient DOS while loading the TA ELF file.",
"id": "GHSA-5wm9-v2rg-4wx7",
"modified": "2024-07-01T15:32:43Z",
"published": "2024-07-01T15:32:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21462"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-63F6-CJXM-WF36
Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-06-11 18:30Windows Remote Access Connection Manager Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30069"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T17:15:53Z",
"severity": "MODERATE"
},
"details": "Windows Remote Access Connection Manager Information Disclosure Vulnerability",
"id": "GHSA-63f6-cjxm-wf36",
"modified": "2024-06-11T18:30:48Z",
"published": "2024-06-11T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30069"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30069"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-642H-GGVV-J2C4
Vulnerability from github – Published: 2025-09-08 15:37 – Updated: 2025-09-08 15:37A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read.
Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
This issue affects EOL ASP.NET 6.0.0 <= 6.0.36 as represented in this CVE, as well as 8.0.0 <= 8.0.11 & <= 9.0.0 as represented in CVE-2025-21176.
Additionally, if you've deployed self-contained applications https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.
NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
{
"affected": [],
"aliases": [
"CVE-2025-36855"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-08T14:15:34Z",
"severity": "HIGH"
},
"details": "A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll\u00a0due to buffer over-read.\n\n Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.\n\n This issue affects EOL ASP.NET 6.0.0 \u003c= 6.0.36 as represented in this CVE, as well as 8.0.0 \u003c= 8.0.11 \u0026 \u003c= 9.0.0 as represented in\u00a0CVE-2025-21176.\n\n \n\n Additionally, if you\u0027ve deployed self-contained applications https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd \u00a0targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n NOTE:\u00a0This CVE affects only End Of Life (EOL)\u00a0software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.",
"id": "GHSA-642h-ggvv-j2c4",
"modified": "2025-09-08T15:37:44Z",
"published": "2025-09-08T15:37:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36855"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
},
{
"type": "WEB",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21176"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.