CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
852 vulnerabilities reference this CWE, most recent first.
GHSA-P46C-QGR8-XVH2
Vulnerability from github – Published: 2023-11-14 18:30 – Updated: 2023-11-14 18:30Information disclosure in IOE Firmware while handling WMI command.
{
"affected": [],
"aliases": [
"CVE-2023-28563"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T06:15:09Z",
"severity": "MODERATE"
},
"details": "Information disclosure in IOE Firmware while handling WMI command.",
"id": "GHSA-p46c-qgr8-xvh2",
"modified": "2023-11-14T18:30:26Z",
"published": "2023-11-14T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28563"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P54G-G6XW-2JM9
Vulnerability from github – Published: 2023-09-05 09:30 – Updated: 2024-04-04 07:27Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.
{
"affected": [],
"aliases": [
"CVE-2023-21667"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-05T07:15:13Z",
"severity": "MODERATE"
},
"details": "Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.",
"id": "GHSA-p54g-g6xw-2jm9",
"modified": "2024-04-04T07:27:17Z",
"published": "2023-09-05T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21667"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P58X-Q89P-WXFC
Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-15 18:30Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
{
"affected": [],
"aliases": [
"CVE-2022-33309"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T21:15:00Z",
"severity": "HIGH"
},
"details": "Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.",
"id": "GHSA-p58x-q89p-wxfc",
"modified": "2023-03-15T18:30:24Z",
"published": "2023-03-10T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33309"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P762-67Q5-3HRQ
Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
{
"affected": [],
"aliases": [
"CVE-2024-45546"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T11:15:09Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.",
"id": "GHSA-p762-67q5-3hrq",
"modified": "2025-01-06T12:30:33Z",
"published": "2025-01-06T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45546"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P7H3-2RM6-R8VF
Vulnerability from github – Published: 2026-04-06 18:33 – Updated: 2026-04-06 18:33Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
{
"affected": [],
"aliases": [
"CVE-2026-21373"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-06T16:16:29Z",
"severity": "HIGH"
},
"details": "Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.",
"id": "GHSA-p7h3-2rm6-r8vf",
"modified": "2026-04-06T18:33:06Z",
"published": "2026-04-06T18:33:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21373"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P8MR-7VFX-25Q5
Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
{
"affected": [],
"aliases": [
"CVE-2024-53019"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T06:15:25Z",
"severity": "HIGH"
},
"details": "Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.",
"id": "GHSA-p8mr-7vfx-25q5",
"modified": "2025-06-03T06:31:14Z",
"published": "2025-06-03T06:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53019"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P8R2-H85Q-CMCR
Vulnerability from github – Published: 2025-02-13 18:32 – Updated: 2025-02-13 18:32A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.
{
"affected": [],
"aliases": [
"CVE-2024-12011"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-13T16:15:43Z",
"severity": "HIGH"
},
"details": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.",
"id": "GHSA-p8r2-h85q-cmcr",
"modified": "2025-02-13T18:32:33Z",
"published": "2025-02-13T18:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12011"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PCG2-VHM9-HHQC
Vulnerability from github – Published: 2022-05-11 00:01 – Updated: 2022-05-17 00:01Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
{
"affected": [],
"aliases": [
"CVE-2022-1629"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-10T14:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution",
"id": "GHSA-pcg2-vhm9-hhqc",
"modified": "2022-05-17T00:01:25Z",
"published": "2022-05-11T00:01:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1629"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PFR5-Q6HV-M7F4
Vulnerability from github – Published: 2023-01-05 18:30 – Updated: 2023-01-12 00:30A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-4432"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-05T18:15:00Z",
"severity": "MODERATE"
},
"details": "A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.",
"id": "GHSA-pfr5-q6hv-m7f4",
"modified": "2023-01-12T00:30:19Z",
"published": "2023-01-05T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4432"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-103709"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PFR9-2P92-QRHQ
Vulnerability from github – Published: 2024-10-09 14:34 – Updated: 2026-05-20 00:56The heap-buffer-overflow is triggered in the strlen() function when handling the c_chars_to_str function in the dbn crate. This vulnerability occurs because the CStr::from_ptr() function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated.
If the chars array does not contain a null byte (\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.22.0"
},
"package": {
"ecosystem": "crates.io",
"name": "dbn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.22.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-09T14:34:24Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The `heap-buffer-overflow` is triggered in the `strlen()` function when handling the `c_chars_to_str` function in the dbn crate. This vulnerability occurs because the `CStr::from_ptr()` function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated.\n\nIf the chars array does not contain a null byte (\\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.",
"id": "GHSA-pfr9-2p92-qrhq",
"modified": "2026-05-20T00:56:56Z",
"published": "2024-10-09T14:34:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/databento/dbn/issues/67"
},
{
"type": "WEB",
"url": "https://github.com/databento/dbn/commit/339efb90fdb980920a5e8829008abc1114f4bfdd"
},
{
"type": "PACKAGE",
"url": "https://github.com/databento/dbn"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0377.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.