Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

852 vulnerabilities reference this CWE, most recent first.

GHSA-GQ42-GVVC-M5HV

Vulnerability from github – Published: 2024-05-06 15:30 – Updated: 2024-05-06 15:30
VLAI
Details

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-06T15:15:20Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.",
  "id": "GHSA-gq42-gvvc-m5hv",
  "modified": "2024-05-06T15:30:39Z",
  "published": "2024-05-06T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43528"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR5M-FJ76-2RH6

Vulnerability from github – Published: 2026-01-07 12:31 – Updated: 2026-01-07 12:31
VLAI
Details

Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-07T12:17:05Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.",
  "id": "GHSA-gr5m-fj76-2rh6",
  "modified": "2026-01-07T12:31:24Z",
  "published": "2026-01-07T12:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47395"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GW89-822V-8V8G

Vulnerability from github – Published: 2025-07-28 03:31 – Updated: 2025-07-28 15:54
VLAI
Summary
Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references.

Original Description

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "openssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.10.0"
            },
            {
              "fixed": "0.10.55"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-28T15:54:34Z",
    "nvd_published_at": "2025-07-28T03:15:23Z",
    "severity": "MODERATE"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references.\n\n### Original Description\nThe openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.",
  "id": "GHSA-gw89-822v-8v8g",
  "modified": "2025-07-28T15:54:34Z",
  "published": "2025-07-28T03:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53159"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sfackler/rust-openssl/issues/1965"
    },
    {
      "type": "WEB",
      "url": "https://crates.io/crates/openssl"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2023-0044.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read",
  "withdrawn": "2025-07-28T15:54:34Z"
}

GHSA-GW8V-4JM5-5FGC

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-08 00:00
VLAI
Details

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-13T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199)",
  "id": "GHSA-gw8v-4jm5-5fgc",
  "modified": "2022-10-08T00:00:18Z",
  "published": "2022-05-24T19:07:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34304"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-874"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXRF-WGPM-VJ98

Vulnerability from github – Published: 2024-06-03 12:30 – Updated: 2024-06-03 12:30
VLAI
Details

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-03T10:15:12Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.",
  "id": "GHSA-gxrf-wgpm-vj98",
  "modified": "2024-06-03T12:30:38Z",
  "published": "2024-06-03T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23363"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H234-9WHQ-HX7F

Vulnerability from github – Published: 2024-02-06 06:30 – Updated: 2024-02-06 06:30
VLAI
Details

Transient DOS in Audio when invoking callback function of ASM driver.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33064"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-06T06:15:59Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS in Audio when invoking callback function of ASM driver.",
  "id": "GHSA-h234-9whq-hx7f",
  "modified": "2024-02-06T06:30:31Z",
  "published": "2024-02-06T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33064"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H3FQ-3F4X-HMFH

Vulnerability from github – Published: 2023-01-05 18:30 – Updated: 2023-01-11 21:30
VLAI
Details

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4435"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-05T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.",
  "id": "GHSA-h3fq-3f4x-hmfh",
  "modified": "2023-01-11T21:30:39Z",
  "published": "2023-01-05T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4435"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-103709"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5CX-4FH7-XQ44

Vulnerability from github – Published: 2026-05-01 18:31 – Updated: 2026-05-01 18:31
VLAI
Details

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, &data[1], payload_length) reads up to 8 bytes past the end of the data buffer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-37532"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-01T17:16:22Z",
    "severity": "HIGH"
  },
  "details": "AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, \u0026data[1], payload_length) reads up to 8 bytes past the end of the data buffer.",
  "id": "GHSA-h5cx-4fh7-xq44",
  "modified": "2026-05-01T18:31:24Z",
  "published": "2026-05-01T18:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37532"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H5MW-2RHW-PHQC

Vulnerability from github – Published: 2024-02-13 18:38 – Updated: 2024-02-13 18:38
VLAI
Details

Windows Kernel Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-13T18:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Windows Kernel Information Disclosure Vulnerability",
  "id": "GHSA-h5mw-2rhw-phqc",
  "modified": "2024-02-13T18:38:23Z",
  "published": "2024-02-13T18:38:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21340"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21340"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H89F-5H94-VMJ5

Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:03
VLAI
Details

Transient DOS in WLAN Firmware while parsing a NAN management frame.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-03T06:15:26Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS in WLAN Firmware while parsing a NAN management frame.",
  "id": "GHSA-h89f-5h94-vmj5",
  "modified": "2024-04-04T08:03:37Z",
  "published": "2023-10-03T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33026"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.