CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-2QX5-723M-Q6MC
Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-07 18:30In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
{
"affected": [],
"aliases": [
"CVE-2022-42757"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-06T07:15:00Z",
"severity": "LOW"
},
"details": "In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.",
"id": "GHSA-2qx5-723m-q6mc",
"modified": "2022-12-07T18:30:27Z",
"published": "2022-12-06T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42757"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2RW9-G27F-PPP3
Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 18:31Windows Hyper-V Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38127"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T18:15:14Z",
"severity": "HIGH"
},
"details": "Windows Hyper-V Elevation of Privilege Vulnerability",
"id": "GHSA-2rw9-g27f-ppp3",
"modified": "2024-08-13T18:31:16Z",
"published": "2024-08-13T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38127"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38127"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2WW8-PJ73-GX5X
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Information disclosure while handling beacon probe frame during scan entry generation in client side.
{
"affected": [],
"aliases": [
"CVE-2024-21467"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:45Z",
"severity": "MODERATE"
},
"details": "Information disclosure while handling beacon probe frame during scan entry generation in client side.",
"id": "GHSA-2ww8-pj73-gx5x",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21467"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2XV6-3VP8-PP7J
Vulnerability from github – Published: 2024-09-02 12:30 – Updated: 2024-09-02 12:30Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
{
"affected": [],
"aliases": [
"CVE-2024-23358"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-02T12:15:14Z",
"severity": "HIGH"
},
"details": "Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.",
"id": "GHSA-2xv6-3vp8-pp7j",
"modified": "2024-09-02T12:30:44Z",
"published": "2024-09-02T12:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23358"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-32X5-WJVF-4C65
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-50445"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:48Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-32x5-wjvf-4c65",
"modified": "2026-07-14T18:32:24Z",
"published": "2026-07-14T18:32:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50445"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50445"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-33M7-2R3H-JGFX
Vulnerability from github – Published: 2025-03-11 18:32 – Updated: 2025-03-11 18:32Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2025-24992"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T17:16:35Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.",
"id": "GHSA-33m7-2r3h-jgfx",
"modified": "2025-03-11T18:32:18Z",
"published": "2025-03-11T18:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24992"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24992"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-35QW-H594-MG3J
Vulnerability from github – Published: 2024-05-06 15:30 – Updated: 2024-05-06 15:30Information disclosure while parsing dts header atom in Video.
{
"affected": [],
"aliases": [
"CVE-2023-43527"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-06T15:15:20Z",
"severity": "MODERATE"
},
"details": "Information disclosure while parsing dts header atom in Video.",
"id": "GHSA-35qw-h594-mg3j",
"modified": "2024-05-06T15:30:39Z",
"published": "2024-05-06T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43527"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-35WH-Q52W-78VQ
Vulnerability from github – Published: 2023-08-08 18:30 – Updated: 2024-04-04 06:42Microsoft Message Queuing Denial of Service Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-38172"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T18:15:22Z",
"severity": "HIGH"
},
"details": "Microsoft Message Queuing Denial of Service Vulnerability",
"id": "GHSA-35wh-q52w-78vq",
"modified": "2024-04-04T06:42:41Z",
"published": "2023-08-08T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38172"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38172"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-367P-MRPH-MGH2
Vulnerability from github – Published: 2023-09-05 09:30 – Updated: 2024-04-04 07:26Information disclosure in Automotive multimedia due to buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2022-33220"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-05T07:15:11Z",
"severity": "MODERATE"
},
"details": "Information disclosure in Automotive multimedia due to buffer over-read.",
"id": "GHSA-367p-mrph-mgh2",
"modified": "2024-04-04T07:26:30Z",
"published": "2023-09-05T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33220"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-36W4-5GPX-JW2F
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
{
"affected": [],
"aliases": [
"CVE-2024-33025"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:52Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.",
"id": "GHSA-36w4-5gpx-jw2f",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33025"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.