Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

852 vulnerabilities reference this CWE, most recent first.

GHSA-H8WX-JCWQ-G3CP

Vulnerability from github – Published: 2026-04-28 21:36 – Updated: 2026-07-14 15:31
VLAI
Details

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.

These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-28T19:37:47Z",
    "severity": "MODERATE"
  },
  "details": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver.  Further, they have been deprecated since version 2.34 and should not be used by any new applications.  Applications should consider porting away from these interfaces since they may be removed in future versions.",
  "id": "GHSA-h8wx-jcwq-g3cp",
  "modified": "2026-07-14T15:31:55Z",
  "published": "2026-04-28T21:36:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6238"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H95Q-46MC-6G3W

Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26
VLAI
Details

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-13T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.",
  "id": "GHSA-h95q-46mc-6g3w",
  "modified": "2024-04-04T03:26:01Z",
  "published": "2023-04-13T09:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40503"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H9WV-R3FW-4XHH

Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30
VLAI
Details

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-12T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.",
  "id": "GHSA-h9wv-r3fw-4xhh",
  "modified": "2023-02-21T18:30:18Z",
  "published": "2023-02-12T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40512"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HCP4-644R-Q8XR

Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2024-04-04 05:26
VLAI
Details

An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-06T15:15:11Z",
    "severity": "HIGH"
  },
  "details": "An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.",
  "id": "GHSA-hcp4-644r-q8xr",
  "modified": "2024-04-04T05:26:55Z",
  "published": "2023-07-06T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23571"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1696"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HFH3-PR7Q-FRPW

Vulnerability from github – Published: 2026-04-06 18:33 – Updated: 2026-04-06 18:33
VLAI
Details

Memory Corruption when retrieving output buffer with insufficient size validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-06T16:16:29Z",
    "severity": "HIGH"
  },
  "details": "Memory Corruption when retrieving output buffer with insufficient size validation.",
  "id": "GHSA-hfh3-pr7q-frpw",
  "modified": "2026-04-06T18:33:06Z",
  "published": "2026-04-06T18:33:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21371"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HH45-W5QF-PXVX

Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30
VLAI
Details

Information disclosure in modem due to buffer over read in dns client due to missing length check

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-12T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure in modem due to buffer over read in dns client due to missing length check",
  "id": "GHSA-hh45-w5qf-pxvx",
  "modified": "2023-02-21T18:30:18Z",
  "published": "2023-02-12T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25732"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJ4C-9FP7-4VRH

Vulnerability from github – Published: 2023-11-14 18:30 – Updated: 2023-11-14 18:30
VLAI
Details

Information disclosure in WLAN HAL when reception status handler is called.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28568"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-07T06:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure in WLAN HAL when reception status handler is called.",
  "id": "GHSA-hj4c-9fp7-4vrh",
  "modified": "2023-11-14T18:30:26Z",
  "published": "2023-11-14T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28568"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJHM-8JGQ-5FRF

Vulnerability from github – Published: 2026-03-02 18:31 – Updated: 2026-03-02 18:31
VLAI
Details

Memory Corruption when adding user-supplied data without checking available buffer space.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-02T17:16:28Z",
    "severity": "HIGH"
  },
  "details": "Memory Corruption when adding user-supplied data without checking available buffer space.",
  "id": "GHSA-hjhm-8jgq-5frf",
  "modified": "2026-03-02T18:31:45Z",
  "published": "2026-03-02T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59600"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HPGW-5J39-3F7C

Vulnerability from github – Published: 2024-06-03 12:30 – Updated: 2024-06-03 12:30
VLAI
Details

Information disclosure in Video while parsing mp2 clip with invalid section length.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-03T10:15:11Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure in Video while parsing mp2 clip with invalid section length.",
  "id": "GHSA-hpgw-5j39-3f7c",
  "modified": "2024-06-03T12:30:38Z",
  "published": "2024-06-03T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43555"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HPPC-G8H3-XHP3

Vulnerability from github – Published: 2026-04-22 21:00 – Updated: 2026-04-27 16:29
VLAI
Summary
rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer
Details

The FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "openssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.9.24"
            },
            {
              "fixed": "0.10.78"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126",
      "CWE-130"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T21:00:57Z",
    "nvd_published_at": "2026-04-24T18:16:29Z",
    "severity": "HIGH"
  },
  "details": "The FFI trampolines behind `SslContextBuilder::set_psk_client_callback`, `set_psk_server_callback`, `set_cookie_generate_cb`,  and `set_stateless_cookie_generate_cb` forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the `\u0026mut [u8]` that was handed to the closure. This can lead to buffer overflows and other unintended consequences.",
  "id": "GHSA-hppc-g8h3-xhp3",
  "modified": "2026-04-27T16:29:44Z",
  "published": "2026-04-22T21:00:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41898"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-openssl/rust-openssl/pull/2607"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-openssl/rust-openssl/commit/1d109020d98fff2fb2e45c39a373af3dff99b24c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rust-openssl/rust-openssl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.