CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
852 vulnerabilities reference this CWE, most recent first.
GHSA-GQ42-GVVC-M5HV
Vulnerability from github – Published: 2024-05-06 15:30 – Updated: 2024-05-06 15:30Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.
{
"affected": [],
"aliases": [
"CVE-2023-43528"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-06T15:15:20Z",
"severity": "MODERATE"
},
"details": "Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.",
"id": "GHSA-gq42-gvvc-m5hv",
"modified": "2024-05-06T15:30:39Z",
"published": "2024-05-06T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43528"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GR5M-FJ76-2RH6
Vulnerability from github – Published: 2026-01-07 12:31 – Updated: 2026-01-07 12:31Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
{
"affected": [],
"aliases": [
"CVE-2025-47395"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-07T12:17:05Z",
"severity": "MODERATE"
},
"details": "Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.",
"id": "GHSA-gr5m-fj76-2rh6",
"modified": "2026-01-07T12:31:24Z",
"published": "2026-01-07T12:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47395"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GW89-822V-8V8G
Vulnerability from github – Published: 2025-07-28 03:31 – Updated: 2025-07-28 15:54Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references.
Original Description
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0.10.0"
},
{
"fixed": "0.10.55"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-28T15:54:34Z",
"nvd_published_at": "2025-07-28T03:15:23Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references.\n\n### Original Description\nThe openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.",
"id": "GHSA-gw89-822v-8v8g",
"modified": "2025-07-28T15:54:34Z",
"published": "2025-07-28T03:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53159"
},
{
"type": "WEB",
"url": "https://github.com/sfackler/rust-openssl/issues/1965"
},
{
"type": "WEB",
"url": "https://crates.io/crates/openssl"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0044.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read",
"withdrawn": "2025-07-28T15:54:34Z"
}
GHSA-GW8V-4JM5-5FGC
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-08 00:00A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199)
{
"affected": [],
"aliases": [
"CVE-2021-34304"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199)",
"id": "GHSA-gw8v-4jm5-5fgc",
"modified": "2022-10-08T00:00:18Z",
"published": "2022-05-24T19:07:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34304"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-874"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GXRF-WGPM-VJ98
Vulnerability from github – Published: 2024-06-03 12:30 – Updated: 2024-06-03 12:30Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
{
"affected": [],
"aliases": [
"CVE-2024-23363"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-03T10:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.",
"id": "GHSA-gxrf-wgpm-vj98",
"modified": "2024-06-03T12:30:38Z",
"published": "2024-06-03T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23363"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H234-9WHQ-HX7F
Vulnerability from github – Published: 2024-02-06 06:30 – Updated: 2024-02-06 06:30Transient DOS in Audio when invoking callback function of ASM driver.
{
"affected": [],
"aliases": [
"CVE-2023-33064"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T06:15:59Z",
"severity": "MODERATE"
},
"details": "Transient DOS in Audio when invoking callback function of ASM driver.",
"id": "GHSA-h234-9whq-hx7f",
"modified": "2024-02-06T06:30:31Z",
"published": "2024-02-06T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33064"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H3FQ-3F4X-HMFH
Vulnerability from github – Published: 2023-01-05 18:30 – Updated: 2023-01-11 21:30A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-4435"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-05T18:15:00Z",
"severity": "MODERATE"
},
"details": "A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.",
"id": "GHSA-h3fq-3f4x-hmfh",
"modified": "2023-01-11T21:30:39Z",
"published": "2023-01-05T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4435"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-103709"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H5CX-4FH7-XQ44
Vulnerability from github – Published: 2026-05-01 18:31 – Updated: 2026-05-01 18:31AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, &data[1], payload_length) reads up to 8 bytes past the end of the data buffer.
{
"affected": [],
"aliases": [
"CVE-2026-37532"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T17:16:22Z",
"severity": "HIGH"
},
"details": "AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, \u0026data[1], payload_length) reads up to 8 bytes past the end of the data buffer.",
"id": "GHSA-h5cx-4fh7-xq44",
"modified": "2026-05-01T18:31:24Z",
"published": "2026-05-01T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37532"
},
{
"type": "WEB",
"url": "https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level"
},
{
"type": "WEB",
"url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H5MW-2RHW-PHQC
Vulnerability from github – Published: 2024-02-13 18:38 – Updated: 2024-02-13 18:38Windows Kernel Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-21340"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T18:15:49Z",
"severity": "MODERATE"
},
"details": "Windows Kernel Information Disclosure Vulnerability",
"id": "GHSA-h5mw-2rhw-phqc",
"modified": "2024-02-13T18:38:23Z",
"published": "2024-02-13T18:38:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21340"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21340"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H89F-5H94-VMJ5
Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:03Transient DOS in WLAN Firmware while parsing a NAN management frame.
{
"affected": [],
"aliases": [
"CVE-2023-33026"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-03T06:15:26Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while parsing a NAN management frame.",
"id": "GHSA-h89f-5h94-vmj5",
"modified": "2024-04-04T08:03:37Z",
"published": "2023-10-03T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33026"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.