CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-Q4H3-G8J4-9FV9
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-53796"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:15:49Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-q4h3-g8j4-9fv9",
"modified": "2025-09-09T18:31:19Z",
"published": "2025-09-09T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53796"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53796"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q5HC-GPJW-FPVP
Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-07 18:30In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
{
"affected": [],
"aliases": [
"CVE-2022-39132"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-06T07:15:00Z",
"severity": "MODERATE"
},
"details": "In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.",
"id": "GHSA-q5hc-gpjw-fpvp",
"modified": "2022-12-07T18:30:28Z",
"published": "2022-12-06T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39132"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q78V-HQCG-VC32
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-49659"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:15:48Z",
"severity": "HIGH"
},
"details": "Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-q78v-hqcg-vc32",
"modified": "2025-07-08T18:31:46Z",
"published": "2025-07-08T18:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49659"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49659"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QC53-6PCV-3Q2P
Vulnerability from github – Published: 2025-05-15 18:31 – Updated: 2025-05-19 21:30An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2024-52878"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-15T16:15:32Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_\u003eSetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read.",
"id": "GHSA-qc53-6pcv-3q2p",
"modified": "2025-05-19T21:30:31Z",
"published": "2025-05-15T18:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52878"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge/sa-2024016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCVH-FFQ5-55F3
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34Transient DOS while parsing WLAN beacon or probe-response frame.
{
"affected": [],
"aliases": [
"CVE-2023-21661"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing WLAN beacon or probe-response frame.",
"id": "GHSA-qcvh-ffq5-55f3",
"modified": "2024-04-04T04:34:53Z",
"published": "2023-06-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21661"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF6X-7G55-4WGC
Vulnerability from github – Published: 2023-02-14 00:30 – Updated: 2023-02-22 21:30Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.
{
"affected": [],
"aliases": [
"CVE-2023-0817"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-13T22:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.",
"id": "GHSA-qf6x-7g55-4wgc",
"modified": "2023-02-22T21:30:39Z",
"published": "2023-02-14T00:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0817"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGVH-3GR3-J9PH
Vulnerability from github – Published: 2024-10-07 15:31 – Updated: 2024-10-07 15:31Transient DOS while parsing ESP IE from beacon/probe response frame.
{
"affected": [],
"aliases": [
"CVE-2024-33070"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-07T13:15:13Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing ESP IE from beacon/probe response frame.",
"id": "GHSA-qgvh-3gr3-j9ph",
"modified": "2024-10-07T15:31:39Z",
"published": "2024-10-07T15:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33070"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QJXR-J6GG-GH78
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
{
"affected": [],
"aliases": [
"CVE-2024-33012"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:49Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.",
"id": "GHSA-qjxr-j6gg-gh78",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33012"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QM6R-3HVM-2J6C
Vulnerability from github – Published: 2022-06-25 00:01 – Updated: 2022-06-25 00:01Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.
{
"affected": [],
"aliases": [
"CVE-2022-32141"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-24T08:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.",
"id": "GHSA-qm6r-3hvm-2j6c",
"modified": "2022-06-25T00:01:01Z",
"published": "2022-06-25T00:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32141"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QM7W-CJMV-J299
Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31Information disclosure may occur while processing goodbye RTCP packet from network.
{
"affected": [],
"aliases": [
"CVE-2024-53021"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T06:15:25Z",
"severity": "HIGH"
},
"details": "Information disclosure may occur while processing goodbye RTCP packet from network.",
"id": "GHSA-qm7w-cjmv-j299",
"modified": "2025-06-03T06:31:14Z",
"published": "2025-06-03T06:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53021"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.