CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
853 vulnerabilities reference this CWE, most recent first.
GHSA-XQF7-FRVW-5523
Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-07 21:30In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
{
"affected": [],
"aliases": [
"CVE-2022-42774"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-06T07:15:00Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.",
"id": "GHSA-xqf7-frvw-5523",
"modified": "2022-12-07T21:30:30Z",
"published": "2022-12-06T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42774"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XR89-HQHP-26M9
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:27When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
{
"affected": [],
"aliases": [
"CVE-2019-11036"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-03T20:29:00Z",
"severity": "CRITICAL"
},
"details": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.",
"id": "GHSA-xr89-hqhp-26m9",
"modified": "2024-04-04T00:27:06Z",
"published": "2022-05-24T16:45:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11036"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4009-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3566-2"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190517-0003"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=77950"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108177"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XRPV-R5RQ-CXJP
Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30Transient DOS while parsing the EPTM test control message to get the test pattern.
{
"affected": [],
"aliases": [
"CVE-2025-47318"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T16:15:37Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing the EPTM test control message to get the test pattern.",
"id": "GHSA-xrpv-r5rq-cxjp",
"modified": "2025-09-24T18:30:30Z",
"published": "2025-09-24T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47318"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.