CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11273 vulnerabilities reference this CWE, most recent first.
GHSA-Q6M3-MCR7-QWWQ
Vulnerability from github – Published: 2026-04-15 21:30 – Updated: 2026-04-16 12:31Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-6308"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-15T20:16:40Z",
"severity": "HIGH"
},
"details": "Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-q6m3-mcr7-qwwq",
"modified": "2026-04-16T12:31:40Z",
"published": "2026-04-15T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6308"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/497412658"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q6V4-384R-2XP2
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory.
{
"affected": [],
"aliases": [
"CVE-2020-29608"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-02T18:15:00Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory.",
"id": "GHSA-q6v4-384r-2xp2",
"modified": "2022-05-24T17:46:11Z",
"published": "2022-05-24T17:46:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29608"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212003"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212005"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212009"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212011"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212147"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q6V4-GG2W-F97V
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Windows Remote Access Connection Manager Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-26207"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:38Z",
"severity": "MODERATE"
},
"details": "Windows Remote Access Connection Manager Information Disclosure Vulnerability",
"id": "GHSA-q6v4-gg2w-f97v",
"modified": "2024-04-09T18:30:25Z",
"published": "2024-04-09T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26207"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26207"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6XJ-CCV4-MG5M
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2013-0767"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-01-13T20:55:00Z",
"severity": "HIGH"
},
"details": "The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.",
"id": "GHSA-q6xj-ccv4-mg5m",
"modified": "2022-05-13T01:24:17Z",
"published": "2022-05-13T01:24:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0767"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812161"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16171"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/57195"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1681-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1681-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1681-4"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q6XX-4PMR-M3M4
Vulnerability from github – Published: 2023-02-07 21:30 – Updated: 2023-02-15 21:30Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2023-0698"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-07T21:15:00Z",
"severity": "HIGH"
},
"details": "Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-q6xx-4pmr-m3m4",
"modified": "2023-02-15T21:30:27Z",
"published": "2023-02-07T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0698"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1403573"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202309-17"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q72M-4J33-X7XW
Vulnerability from github – Published: 2022-07-19 00:00 – Updated: 2022-07-26 00:01Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.
{
"affected": [],
"aliases": [
"CVE-2022-34029"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-18T21:15:00Z",
"severity": "CRITICAL"
},
"details": "Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.",
"id": "GHSA-q72m-4j33-x7xw",
"modified": "2022-07-26T00:01:09Z",
"published": "2022-07-19T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34029"
},
{
"type": "WEB",
"url": "https://github.com/nginx/njs/issues/506"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q734-4V77-QQRR
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-58717"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:15:52Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-q734-4v77-qqrr",
"modified": "2025-10-14T18:30:32Z",
"published": "2025-10-14T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58717"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58717"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q74R-2MGJ-GMF6
Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-29 21:30In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-247564044References: N/A
{
"affected": [],
"aliases": [
"CVE-2023-21059"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-24T20:15:00Z",
"severity": "HIGH"
},
"details": "In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-247564044References: N/A",
"id": "GHSA-q74r-2mgj-gmf6",
"modified": "2023-03-29T21:30:22Z",
"published": "2023-03-24T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21059"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2023-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q74V-RXG6-M2W6
Vulnerability from github – Published: 2026-03-25 03:31 – Updated: 2026-06-30 03:36The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.
{
"affected": [],
"aliases": [
"CVE-2026-28859"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T01:17:10Z",
"severity": "MODERATE"
},
"details": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.",
"id": "GHSA-q74v-rxg6-m2w6",
"modified": "2026-06-30T03:36:00Z",
"published": "2026-03-25T03:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126800"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126799"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126798"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126797"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126794"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126792"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28859.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-28859"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9692"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22136"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19535"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19206"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q75Q-WF9J-XQJF
Vulnerability from github – Published: 2024-03-12 12:30 – Updated: 2024-05-14 18:30A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service.
{
"affected": [],
"aliases": [
"CVE-2024-22040"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-12T11:15:48Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions \u003c IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions \u003c V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions \u003c V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions \u003c MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions \u003c V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions \u003c V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread.\nThis could allow an unauthenticated remote attacker to crash the network service.",
"id": "GHSA-q75q-wf9j-xqjf",
"modified": "2024-05-14T18:30:34Z",
"published": "2024-03-12T12:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22040"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.