CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-3P6C-7QJR-35X9
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input.
The auto-detect form of argon2_verify passes encoded_len - 1 as the length argument to memchr without checking that encoded_len is non-zero. When the encoded string is empty, the size_t subtraction underflows to SIZE_MAX and memchr scans adjacent heap memory looking for a '$' separator byte.
A caller that invokes argon2_verify against a stored hash that may legitimately be empty (for example a placeholder row or a NULL column materialised as an empty string) reads out-of-bounds heap memory, which can crash the process or leak the position of an adjacent '$' byte into subsequent parsing.
{
"affected": [],
"aliases": [
"CVE-2026-8463"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T14:18:17Z",
"severity": "MODERATE"
},
"details": "Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input.\n\nThe auto-detect form of argon2_verify passes encoded_len - 1 as the length argument to memchr without checking that encoded_len is non-zero. When the encoded string is empty, the size_t subtraction underflows to SIZE_MAX and memchr scans adjacent heap memory looking for a \u0027$\u0027 separator byte.\n\nA caller that invokes argon2_verify against a stored hash that may legitimately be empty (for example a placeholder row or a NULL column materialised as an empty string) reads out-of-bounds heap memory, which can crash the process or leak the position of an adjacent \u0027$\u0027 byte into subsequent parsing.",
"id": "GHSA-3p6c-7qjr-35x9",
"modified": "2026-05-13T18:30:53Z",
"published": "2026-05-13T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8463"
},
{
"type": "WEB",
"url": "https://github.com/Leont/crypt-argon2/commit/92eac03ce63d541e0ead7ea5a89b9b67ce0c0e64.patch"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/LEONT/Crypt-Argon2-0.031/changes"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/13/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3R23-64C4-MJ87
Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2025-11-03 21:31NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2024-7347"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T15:15:31Z",
"severity": "MODERATE"
},
"details": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-3r23-64c4-mj87",
"modified": "2025-11-03T21:31:11Z",
"published": "2024-08-14T15:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7347"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00017.html"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000140529"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/08/14/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3W7X-X254-3Q76
Vulnerability from github – Published: 2025-02-03 18:30 – Updated: 2025-02-03 18:30Information disclosure while processing information on firmware image during core initialization.
{
"affected": [],
"aliases": [
"CVE-2024-38414"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-03T17:15:17Z",
"severity": "MODERATE"
},
"details": "Information disclosure while processing information on firmware image during core initialization.",
"id": "GHSA-3w7x-x254-3q76",
"modified": "2025-02-03T18:30:41Z",
"published": "2025-02-03T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38414"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3WH9-2FG7-9H5G
Vulnerability from github – Published: 2024-02-06 06:30 – Updated: 2024-02-06 06:30Information disclosure in Audio while accessing AVCS services from ADSP payload.
{
"affected": [],
"aliases": [
"CVE-2023-33065"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T06:15:59Z",
"severity": "MODERATE"
},
"details": "Information disclosure in Audio while accessing AVCS services from ADSP payload.",
"id": "GHSA-3wh9-2fg7-9h5g",
"modified": "2024-02-06T06:30:31Z",
"published": "2024-02-06T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33065"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3X8C-G2GJ-P9RG
Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
{
"affected": [],
"aliases": [
"CVE-2025-21427"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T13:15:29Z",
"severity": "HIGH"
},
"details": "Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.",
"id": "GHSA-3x8c-g2gj-p9rg",
"modified": "2025-07-08T15:32:02Z",
"published": "2025-07-08T15:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21427"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3XHR-VWCX-8P3C
Vulnerability from github – Published: 2024-02-06 06:30 – Updated: 2024-02-06 06:30Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.
{
"affected": [],
"aliases": [
"CVE-2023-43533"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T06:16:02Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.",
"id": "GHSA-3xhr-vwcx-8p3c",
"modified": "2024-02-06T06:30:32Z",
"published": "2024-02-06T06:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43533"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3XPQ-VC4J-PFJ2
Vulnerability from github – Published: 2023-11-14 21:30 – Updated: 2023-11-14 21:30Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.
{
"affected": [],
"aliases": [
"CVE-2023-33061"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T06:15:11Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.",
"id": "GHSA-3xpq-vc4j-pfj2",
"modified": "2023-11-14T21:30:53Z",
"published": "2023-11-14T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33061"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-42CV-6JJ9-78P6
Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-07 18:30In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
{
"affected": [],
"aliases": [
"CVE-2022-39130"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-06T07:15:00Z",
"severity": "MODERATE"
},
"details": "In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.",
"id": "GHSA-42cv-6jj9-78p6",
"modified": "2022-12-07T18:30:28Z",
"published": "2022-12-06T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39130"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46P9-G8F2-QJ87
Vulnerability from github – Published: 2024-10-07 15:31 – Updated: 2024-10-07 15:31Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.
{
"affected": [],
"aliases": [
"CVE-2024-33071"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-07T13:15:13Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.",
"id": "GHSA-46p9-g8f2-qj87",
"modified": "2024-10-07T15:31:39Z",
"published": "2024-10-07T15:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33071"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46PM-C965-776X
Vulnerability from github – Published: 2026-04-21 00:32 – Updated: 2026-04-24 21:31Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.
{
"affected": [],
"aliases": [
"CVE-2026-0930"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-20T22:16:23Z",
"severity": "LOW"
},
"details": "Potential read out of bounds case with wolfSSHd on\u00a0Windows while handling a terminal resize request. An authenticated user could\u00a0trigger the out of bounds read after establishing a connection which would\u00a0leak the adjacent stack memory to the pseudo-console output.",
"id": "GHSA-46pm-c965-776x",
"modified": "2026-04-24T21:31:57Z",
"published": "2026-04-21T00:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0930"
},
{
"type": "WEB",
"url": "https://github.com/wolfssl/wolfssh/pull/846"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.