Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

855 vulnerabilities reference this CWE, most recent first.

GHSA-MP23-5V8J-RG6J

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-55036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:18:14Z",
    "severity": "HIGH"
  },
  "details": "Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-mp23-5v8j-rg6j",
  "modified": "2026-07-14T18:32:33Z",
  "published": "2026-07-14T18:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55036"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQQF-4P7R-RF89

Vulnerability from github – Published: 2024-04-04 15:30 – Updated: 2025-08-04 21:30
VLAI
Details

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-04T14:15:10Z",
    "severity": "HIGH"
  },
  "details": "A heap-based buffer over-read vulnerability was found in the X.org server\u0027s ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker\u0027s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.",
  "id": "GHSA-mqqf-4p7r-rf89",
  "modified": "2025-08-04T21:30:37Z",
  "published": "2024-04-04T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31080"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P73U4DAAWLFZAPD75GLXTGMSTTQWW5AP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBLQJIAXEDMEGRGZMSH7CWUJHSVKUWLV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TF7FZXOKHIKPZXYIMSQXKVH7WITKV3V"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271997"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-31080"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:12751"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9122"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9093"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3343"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3261"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3258"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2616"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2080"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2042"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2041"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2040"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2039"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2038"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2037"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2036"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1785"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/04/03/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/04/12/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MRR6-W84F-5XH8

Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33
VLAI
Details

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T11:15:51Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.",
  "id": "GHSA-mrr6-w84f-5xh8",
  "modified": "2025-04-07T12:33:18Z",
  "published": "2025-04-07T12:33:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21429"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P46C-QGR8-XVH2

Vulnerability from github – Published: 2023-11-14 18:30 – Updated: 2023-11-14 18:30
VLAI
Details

Information disclosure in IOE Firmware while handling WMI command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-07T06:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure in IOE Firmware while handling WMI command.",
  "id": "GHSA-p46c-qgr8-xvh2",
  "modified": "2023-11-14T18:30:26Z",
  "published": "2023-11-14T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28563"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P54G-G6XW-2JM9

Vulnerability from github – Published: 2023-09-05 09:30 – Updated: 2024-04-04 07:27
VLAI
Details

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21667"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-05T07:15:13Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.",
  "id": "GHSA-p54g-g6xw-2jm9",
  "modified": "2024-04-04T07:27:17Z",
  "published": "2023-09-05T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21667"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P58X-Q89P-WXFC

Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-15 18:30
VLAI
Details

Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33309"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.",
  "id": "GHSA-p58x-q89p-wxfc",
  "modified": "2023-03-15T18:30:24Z",
  "published": "2023-03-10T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33309"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P762-67Q5-3HRQ

Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30
VLAI
Details

Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45546"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T11:15:09Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.",
  "id": "GHSA-p762-67q5-3hrq",
  "modified": "2025-01-06T12:30:33Z",
  "published": "2025-01-06T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45546"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P7H3-2RM6-R8VF

Vulnerability from github – Published: 2026-04-06 18:33 – Updated: 2026-04-06 18:33
VLAI
Details

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21373"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-06T16:16:29Z",
    "severity": "HIGH"
  },
  "details": "Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.",
  "id": "GHSA-p7h3-2rm6-r8vf",
  "modified": "2026-04-06T18:33:06Z",
  "published": "2026-04-06T18:33:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21373"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8MR-7VFX-25Q5

Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31
VLAI
Details

Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-03T06:15:25Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.",
  "id": "GHSA-p8mr-7vfx-25q5",
  "modified": "2025-06-03T06:31:14Z",
  "published": "2025-06-03T06:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53019"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8R2-H85Q-CMCR

Vulnerability from github – Published: 2025-02-13 18:32 – Updated: 2025-02-13 18:32
VLAI
Details

A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-13T16:15:43Z",
    "severity": "HIGH"
  },
  "details": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.",
  "id": "GHSA-p8r2-h85q-cmcr",
  "modified": "2025-02-13T18:32:33Z",
  "published": "2025-02-13T18:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12011"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.