CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-6676-HP85-XV79
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2025-49684"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:15:53Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.",
"id": "GHSA-6676-hp85-xv79",
"modified": "2025-07-08T18:31:47Z",
"published": "2025-07-08T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49684"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49684"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-67HM-7R83-G47J
Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-18 18:32A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) that lacks a properly secured DACL, allowing unprivileged users to interact with the driver and, as a result, the kernel. This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts.
{
"affected": [],
"aliases": [
"CVE-2025-63602"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T16:15:45Z",
"severity": "HIGH"
},
"details": "A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) that lacks a properly secured DACL, allowing unprivileged users to interact with the driver and, as a result, the kernel. This can result in local privilege escalation, information disclosure, denial of service, and other unspecified impacts.",
"id": "GHSA-67hm-7r83-g47j",
"modified": "2025-11-18T18:32:52Z",
"published": "2025-11-18T18:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63602"
},
{
"type": "WEB",
"url": "https://dreadsec.co/p/cve-2025-63602-hijacking-system-calls-with-a-popular-crypto-miner.html"
},
{
"type": "WEB",
"url": "https://www.awesomeminer.com/download"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6CVR-WMR3-636F
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
{
"affected": [],
"aliases": [
"CVE-2024-23353"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:46Z",
"severity": "HIGH"
},
"details": "Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.",
"id": "GHSA-6cvr-wmr3-636f",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23353"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6HJ5-4CV5-F46X
Vulnerability from github – Published: 2026-05-27 00:31 – Updated: 2026-07-15 15:32A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-5260"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T22:16:44Z",
"severity": "HIGH"
},
"details": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.",
"id": "GHSA-6hj5-4cv5-f46x",
"modified": "2026-07-15T15:32:42Z",
"published": "2026-05-27T00:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5260"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13274"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20611"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20612"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20613"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26319"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26409"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30004"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30850"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:32962"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33125"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-5260"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
},
{
"type": "WEB",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6MHG-89X7-JMRG
Vulnerability from github – Published: 2023-11-09 00:33 – Updated: 2023-11-09 00:33A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
{
"affected": [],
"aliases": [
"CVE-2023-43568"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-08T22:15:09Z",
"severity": "MODERATE"
},
"details": "A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.",
"id": "GHSA-6mhg-89x7-jmrg",
"modified": "2023-11-09T00:33:56Z",
"published": "2023-11-09T00:33:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43568"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6PGV-MJMC-G3JW
Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
{
"affected": [],
"aliases": [
"CVE-2023-33098"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-05T03:15:14Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing WPA IES, when it is passed with length more than expected size.",
"id": "GHSA-6pgv-mjmc-g3jw",
"modified": "2023-12-05T03:30:22Z",
"published": "2023-12-05T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33098"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6QPJ-WHQ8-WR7J
Vulnerability from github – Published: 2026-01-20 21:31 – Updated: 2026-01-21 18:30A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.
{
"affected": [],
"aliases": [
"CVE-2025-66692"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-20T21:16:04Z",
"severity": "HIGH"
},
"details": "A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GHSA-6qpj-whq8-wr7j",
"modified": "2026-01-21T18:30:28Z",
"published": "2026-01-20T21:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66692"
},
{
"type": "WEB",
"url": "https://github.com/trustwallet/wallet-core/commit/5668c67"
},
{
"type": "WEB",
"url": "https://gist.github.com/inkman97/b791189338f73b758c31a7db3cd50c2d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6RW9-XP67-2FP9
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.
{
"affected": [],
"aliases": [
"CVE-2022-33229"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "HIGH"
},
"details": "Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.",
"id": "GHSA-6rw9-xp67-2fp9",
"modified": "2023-02-21T18:30:23Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33229"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6V2V-JGG9-H79W
Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-29 15:30A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.
{
"affected": [],
"aliases": [
"CVE-2026-5772"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-09T22:16:36Z",
"severity": "LOW"
},
"details": "A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash.",
"id": "GHSA-6v2v-jgg9-h79w",
"modified": "2026-04-29T15:30:34Z",
"published": "2026-04-10T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5772"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/10119"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6V47-MJ2X-W4RG
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-34336"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T18:17:07Z",
"severity": "HIGH"
},
"details": "Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.",
"id": "GHSA-6v47-mj2x-w4rg",
"modified": "2026-05-12T18:30:42Z",
"published": "2026-05-12T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34336"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34336"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.