Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

855 vulnerabilities reference this CWE, most recent first.

GHSA-Q4H3-G8J4-9FV9

Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31
VLAI
Details

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53796"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-09T17:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
  "id": "GHSA-q4h3-g8j4-9fv9",
  "modified": "2025-09-09T18:31:19Z",
  "published": "2025-09-09T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53796"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53796"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5HC-GPJW-FPVP

Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-07 18:30
VLAI
Details

In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-06T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.",
  "id": "GHSA-q5hc-gpjw-fpvp",
  "modified": "2022-12-07T18:30:28Z",
  "published": "2022-12-06T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39132"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q78V-HQCG-VC32

Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI
Details

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T17:15:48Z",
    "severity": "HIGH"
  },
  "details": "Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-q78v-hqcg-vc32",
  "modified": "2025-07-08T18:31:46Z",
  "published": "2025-07-08T18:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49659"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49659"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QC53-6PCV-3Q2P

Vulnerability from github – Published: 2025-05-15 18:31 – Updated: 2025-05-19 21:30
VLAI
Details

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-15T16:15:32Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_\u003eSetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read.",
  "id": "GHSA-qc53-6pcv-3q2p",
  "modified": "2025-05-19T21:30:31Z",
  "published": "2025-05-15T18:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52878"
    },
    {
      "type": "WEB",
      "url": "https://www.insyde.com/security-pledge"
    },
    {
      "type": "WEB",
      "url": "https://www.insyde.com/security-pledge/sa-2024016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCVH-FFQ5-55F3

Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34
VLAI
Details

Transient DOS while parsing WLAN beacon or probe-response frame.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T08:15:12Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while parsing WLAN beacon or probe-response frame.",
  "id": "GHSA-qcvh-ffq5-55f3",
  "modified": "2024-04-04T04:34:53Z",
  "published": "2023-06-06T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21661"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF6X-7G55-4WGC

Vulnerability from github – Published: 2023-02-14 00:30 – Updated: 2023-02-22 21:30
VLAI
Details

Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-13T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.",
  "id": "GHSA-qf6x-7g55-4wgc",
  "modified": "2023-02-22T21:30:39Z",
  "published": "2023-02-14T00:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0817"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QGVH-3GR3-J9PH

Vulnerability from github – Published: 2024-10-07 15:31 – Updated: 2024-10-07 15:31
VLAI
Details

Transient DOS while parsing ESP IE from beacon/probe response frame.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-07T13:15:13Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while parsing ESP IE from beacon/probe response frame.",
  "id": "GHSA-qgvh-3gr3-j9ph",
  "modified": "2024-10-07T15:31:39Z",
  "published": "2024-10-07T15:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33070"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJXR-J6GG-GH78

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30
VLAI
Details

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T15:15:49Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.",
  "id": "GHSA-qjxr-j6gg-gh78",
  "modified": "2024-08-05T15:30:53Z",
  "published": "2024-08-05T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33012"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM6R-3HVM-2J6C

Vulnerability from github – Published: 2022-06-25 00:01 – Updated: 2022-06-25 00:01
VLAI
Details

Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-24T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.",
  "id": "GHSA-qm6r-3hvm-2j6c",
  "modified": "2022-06-25T00:01:01Z",
  "published": "2022-06-25T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32141"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM7W-CJMV-J299

Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31
VLAI
Details

Information disclosure may occur while processing goodbye RTCP packet from network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-03T06:15:25Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure may occur while processing goodbye RTCP packet from network.",
  "id": "GHSA-qm7w-cjmv-j299",
  "modified": "2025-06-03T06:31:14Z",
  "published": "2025-06-03T06:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53021"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.