CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
852 vulnerabilities reference this CWE, most recent first.
GHSA-PGCR-3MV5-2297
Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32Information disclosure while handling SA query action frame.
{
"affected": [],
"aliases": [
"CVE-2024-21458"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T15:15:13Z",
"severity": "MODERATE"
},
"details": "Information disclosure while handling SA query action frame.",
"id": "GHSA-pgcr-3mv5-2297",
"modified": "2024-07-01T15:32:42Z",
"published": "2024-07-01T15:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21458"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PGGH-8R27-X766
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34Transient DOS in WLAN Firmware while processing frames with missing header fields.
{
"affected": [],
"aliases": [
"CVE-2023-21659"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while processing frames with missing header fields.",
"id": "GHSA-pggh-8r27-x766",
"modified": "2024-04-04T04:34:47Z",
"published": "2023-06-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21659"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ8H-CMGW-7XPG
Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
{
"affected": [],
"aliases": [
"CVE-2023-33081"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-05T03:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.",
"id": "GHSA-pj8h-cmgw-7xpg",
"modified": "2023-12-05T03:30:22Z",
"published": "2023-12-05T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33081"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PM69-RQJ8-F5FQ
Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2024-11596"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-21T11:15:33Z",
"severity": "MODERATE"
},
"details": "ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-pm69-rqj8-f5fq",
"modified": "2025-05-07T18:30:41Z",
"published": "2025-05-07T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11596"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20214"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2024-15.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PP2Q-FPVV-VR5H
Vulnerability from github – Published: 2026-07-08 18:31 – Updated: 2026-07-08 18:31An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path
{
"affected": [],
"aliases": [
"CVE-2026-50813"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-08T18:16:32Z",
"severity": "MODERATE"
},
"details": "An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path",
"id": "GHSA-pp2q-fpvv-vr5h",
"modified": "2026-07-08T18:31:38Z",
"published": "2026-07-08T18:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50813"
},
{
"type": "WEB",
"url": "https://github.com/sqlite/sqlite/commit/c597ed79d1bd03f57198d10d1f431adda293cf2e"
},
{
"type": "WEB",
"url": "https://gist.github.com/junius-sec/f8acb66bafb80134c8e1a1c8c7c9f4f4"
},
{
"type": "WEB",
"url": "https://sqlite.org/src/info/869a51ae84df"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PP7H-53GX-MX7R
Vulnerability from github – Published: 2020-09-02 15:26 – Updated: 2022-05-26 20:43A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.0"
]
},
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8244"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": true,
"github_reviewed_at": "2020-09-02T15:26:05Z",
"nvd_published_at": "2020-08-30T15:15:00Z",
"severity": "MODERATE"
},
"details": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.",
"id": "GHSA-pp7h-53gx-mx7r",
"modified": "2022-05-26T20:43:51Z",
"published": "2020-09-02T15:26:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8244"
},
{
"type": "WEB",
"url": "https://github.com/rvagg/bl/commit/8a8c13c880e2bef519133ea43e0e9b78b5d0c91e"
},
{
"type": "WEB",
"url": "https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190"
},
{
"type": "WEB",
"url": "https://github.com/rvagg/bl/commit/dacc4ac7d5fcd6201bcf26fbd886951be9537466"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/966347"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Remote Memory Exposure in bl"
}
GHSA-PPQH-F364-PRQ3
Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-08 06:30In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
{
"affected": [],
"aliases": [
"CVE-2022-42780"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-06T07:15:00Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.",
"id": "GHSA-ppqh-f364-prq3",
"modified": "2022-12-08T06:30:30Z",
"published": "2022-12-06T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42780"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQ3F-467X-F7V6
Vulnerability from github – Published: 2024-09-02 12:30 – Updated: 2024-09-02 12:30Transient DOS while handling PS event when Program Service name length offset value is set to 255.
{
"affected": [],
"aliases": [
"CVE-2024-33043"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-02T12:15:16Z",
"severity": "MODERATE"
},
"details": "Transient DOS while handling PS event when Program Service name length offset value is set to 255.",
"id": "GHSA-pq3f-467x-f7v6",
"modified": "2024-09-02T12:30:45Z",
"published": "2024-09-02T12:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33043"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PV26-XP92-C6P8
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Transient DOS while parsing the received TID-to-link mapping action frame.
{
"affected": [],
"aliases": [
"CVE-2024-33019"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:50Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing the received TID-to-link mapping action frame.",
"id": "GHSA-pv26-xp92-c6p8",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33019"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PWWX-GM9F-WFWX
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-08 00:00A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198)
{
"affected": [],
"aliases": [
"CVE-2021-34303"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198)",
"id": "GHSA-pwwx-gm9f-wfwx",
"modified": "2022-10-08T00:00:18Z",
"published": "2022-05-24T19:07:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34303"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-848"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.