CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
852 vulnerabilities reference this CWE, most recent first.
GHSA-J5HH-F9RM-FX9X
Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-16 18:30Transient DOS due to buffer over-read in WLAN while sending a packet to device.
{
"affected": [],
"aliases": [
"CVE-2022-40535"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T21:15:00Z",
"severity": "HIGH"
},
"details": "Transient DOS due to buffer over-read in WLAN while sending a packet to device.",
"id": "GHSA-j5hh-f9rm-fx9x",
"modified": "2023-03-16T18:30:29Z",
"published": "2023-03-10T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40535"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J5R8-F5XJ-3H83
Vulnerability from github – Published: 2024-03-04 12:31 – Updated: 2024-03-04 12:31Transient DOS while processing channel information for speaker protection v2 module in ADSP.
{
"affected": [],
"aliases": [
"CVE-2023-33090"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-04T11:15:10Z",
"severity": "MODERATE"
},
"details": "Transient DOS while processing channel information for speaker protection v2 module in ADSP.",
"id": "GHSA-j5r8-f5xj-3h83",
"modified": "2024-03-04T12:31:10Z",
"published": "2024-03-04T12:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33090"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J6JJ-54CR-3F4V
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-47973"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:15:37Z",
"severity": "HIGH"
},
"details": "Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.",
"id": "GHSA-j6jj-54cr-3f4v",
"modified": "2025-07-08T18:31:44Z",
"published": "2025-07-08T18:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47973"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47973"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J7MC-P6QR-W5W5
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-62473"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:15:59Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-j7mc-p6qr-w5w5",
"modified": "2025-12-09T18:30:46Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62473"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62473"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JC9X-PXC5-CQ7F
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-21203"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T18:15:45Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-jc9x-pxc5-cq7f",
"modified": "2025-04-08T18:34:44Z",
"published": "2025-04-08T18:34:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21203"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21203"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JCJW-FRM7-94F5
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-9843"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T17:15:11Z",
"severity": "MODERATE"
},
"details": "A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.",
"id": "GHSA-jcjw-frm7-94f5",
"modified": "2024-11-12T18:30:57Z",
"published": "2024-11-12T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9843"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JF35-V6MP-XVP9
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
{
"affected": [],
"aliases": [
"CVE-2024-33018"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:50Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.",
"id": "GHSA-jf35-v6mp-xvp9",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33018"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGM2-W45W-592C
Vulnerability from github – Published: 2023-11-09 00:33 – Updated: 2023-11-09 00:33A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
{
"affected": [],
"aliases": [
"CVE-2023-43572"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-08T23:15:08Z",
"severity": "MODERATE"
},
"details": "A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.\n\n",
"id": "GHSA-jgm2-w45w-592c",
"modified": "2023-11-09T00:33:56Z",
"published": "2023-11-09T00:33:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43572"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JHF3-VV63-C68V
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2025-55325"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:15:45Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.",
"id": "GHSA-jhf3-vv63-c68v",
"modified": "2025-10-14T18:30:30Z",
"published": "2025-10-14T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55325"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55325"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JJ76-44FX-5G9W
Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
{
"affected": [],
"aliases": [
"CVE-2024-45558"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T11:15:10Z",
"severity": "HIGH"
},
"details": "Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.",
"id": "GHSA-jj76-44fx-5g9w",
"modified": "2025-01-06T12:30:33Z",
"published": "2025-01-06T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45558"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.