CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
852 vulnerabilities reference this CWE, most recent first.
GHSA-H8WX-JCWQ-G3CP
Vulnerability from github – Published: 2026-04-28 21:36 – Updated: 2026-07-14 15:31The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.
These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.
{
"affected": [],
"aliases": [
"CVE-2026-6238"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-28T19:37:47Z",
"severity": "MODERATE"
},
"details": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.",
"id": "GHSA-h8wx-jcwq-g3cp",
"modified": "2026-07-14T15:31:55Z",
"published": "2026-04-28T21:36:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6238"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34069"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-H95Q-46MC-6G3W
Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
{
"affected": [],
"aliases": [
"CVE-2022-40503"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-13T07:15:00Z",
"severity": "HIGH"
},
"details": "Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.",
"id": "GHSA-h95q-46mc-6g3w",
"modified": "2024-04-04T03:26:01Z",
"published": "2023-04-13T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40503"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H9WV-R3FW-4XHH
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
{
"affected": [],
"aliases": [
"CVE-2022-40512"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.",
"id": "GHSA-h9wv-r3fw-4xhh",
"modified": "2023-02-21T18:30:18Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40512"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HCP4-644R-Q8XR
Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2024-04-04 05:26An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-23571"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-06T15:15:11Z",
"severity": "HIGH"
},
"details": "An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.",
"id": "GHSA-hcp4-644r-q8xr",
"modified": "2024-04-04T05:26:55Z",
"published": "2023-07-06T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23571"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1696"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HFH3-PR7Q-FRPW
Vulnerability from github – Published: 2026-04-06 18:33 – Updated: 2026-04-06 18:33Memory Corruption when retrieving output buffer with insufficient size validation.
{
"affected": [],
"aliases": [
"CVE-2026-21371"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-06T16:16:29Z",
"severity": "HIGH"
},
"details": "Memory Corruption when retrieving output buffer with insufficient size validation.",
"id": "GHSA-hfh3-pr7q-frpw",
"modified": "2026-04-06T18:33:06Z",
"published": "2026-04-06T18:33:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21371"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HH45-W5QF-PXVX
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30Information disclosure in modem due to buffer over read in dns client due to missing length check
{
"affected": [],
"aliases": [
"CVE-2022-25732"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "HIGH"
},
"details": "Information disclosure in modem due to buffer over read in dns client due to missing length check",
"id": "GHSA-hh45-w5qf-pxvx",
"modified": "2023-02-21T18:30:18Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25732"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HJ4C-9FP7-4VRH
Vulnerability from github – Published: 2023-11-14 18:30 – Updated: 2023-11-14 18:30Information disclosure in WLAN HAL when reception status handler is called.
{
"affected": [],
"aliases": [
"CVE-2023-28568"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T06:15:09Z",
"severity": "MODERATE"
},
"details": "Information disclosure in WLAN HAL when reception status handler is called.",
"id": "GHSA-hj4c-9fp7-4vrh",
"modified": "2023-11-14T18:30:26Z",
"published": "2023-11-14T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28568"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HJHM-8JGQ-5FRF
Vulnerability from github – Published: 2026-03-02 18:31 – Updated: 2026-03-02 18:31Memory Corruption when adding user-supplied data without checking available buffer space.
{
"affected": [],
"aliases": [
"CVE-2025-59600"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-02T17:16:28Z",
"severity": "HIGH"
},
"details": "Memory Corruption when adding user-supplied data without checking available buffer space.",
"id": "GHSA-hjhm-8jgq-5frf",
"modified": "2026-03-02T18:31:45Z",
"published": "2026-03-02T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59600"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPGW-5J39-3F7C
Vulnerability from github – Published: 2024-06-03 12:30 – Updated: 2024-06-03 12:30Information disclosure in Video while parsing mp2 clip with invalid section length.
{
"affected": [],
"aliases": [
"CVE-2023-43555"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-03T10:15:11Z",
"severity": "HIGH"
},
"details": "Information disclosure in Video while parsing mp2 clip with invalid section length.",
"id": "GHSA-hpgw-5j39-3f7c",
"modified": "2024-06-03T12:30:38Z",
"published": "2024-06-03T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43555"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-HPPC-G8H3-XHP3
Vulnerability from github – Published: 2026-04-22 21:00 – Updated: 2026-04-27 16:29The FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.24"
},
{
"fixed": "0.10.78"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41898"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T21:00:57Z",
"nvd_published_at": "2026-04-24T18:16:29Z",
"severity": "HIGH"
},
"details": "The FFI trampolines behind `SslContextBuilder::set_psk_client_callback`, `set_psk_server_callback`, `set_cookie_generate_cb`, and `set_stateless_cookie_generate_cb` forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the `\u0026mut [u8]` that was handed to the closure. This can lead to buffer overflows and other unintended consequences.",
"id": "GHSA-hppc-g8h3-xhp3",
"modified": "2026-04-27T16:29:44Z",
"published": "2026-04-22T21:00:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41898"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/pull/2607"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/commit/1d109020d98fff2fb2e45c39a373af3dff99b24c"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-openssl/rust-openssl"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.