Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

852 vulnerabilities reference this CWE, most recent first.

GHSA-P46C-QGR8-XVH2

Vulnerability from github – Published: 2023-11-14 18:30 – Updated: 2023-11-14 18:30
VLAI
Details

Information disclosure in IOE Firmware while handling WMI command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-07T06:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure in IOE Firmware while handling WMI command.",
  "id": "GHSA-p46c-qgr8-xvh2",
  "modified": "2023-11-14T18:30:26Z",
  "published": "2023-11-14T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28563"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P54G-G6XW-2JM9

Vulnerability from github – Published: 2023-09-05 09:30 – Updated: 2024-04-04 07:27
VLAI
Details

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21667"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-05T07:15:13Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.",
  "id": "GHSA-p54g-g6xw-2jm9",
  "modified": "2024-04-04T07:27:17Z",
  "published": "2023-09-05T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21667"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P58X-Q89P-WXFC

Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-15 18:30
VLAI
Details

Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33309"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.",
  "id": "GHSA-p58x-q89p-wxfc",
  "modified": "2023-03-15T18:30:24Z",
  "published": "2023-03-10T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33309"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P762-67Q5-3HRQ

Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30
VLAI
Details

Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45546"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T11:15:09Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.",
  "id": "GHSA-p762-67q5-3hrq",
  "modified": "2025-01-06T12:30:33Z",
  "published": "2025-01-06T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45546"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P7H3-2RM6-R8VF

Vulnerability from github – Published: 2026-04-06 18:33 – Updated: 2026-04-06 18:33
VLAI
Details

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21373"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-06T16:16:29Z",
    "severity": "HIGH"
  },
  "details": "Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.",
  "id": "GHSA-p7h3-2rm6-r8vf",
  "modified": "2026-04-06T18:33:06Z",
  "published": "2026-04-06T18:33:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21373"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8MR-7VFX-25Q5

Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31
VLAI
Details

Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-03T06:15:25Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.",
  "id": "GHSA-p8mr-7vfx-25q5",
  "modified": "2025-06-03T06:31:14Z",
  "published": "2025-06-03T06:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53019"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8R2-H85Q-CMCR

Vulnerability from github – Published: 2025-02-13 18:32 – Updated: 2025-02-13 18:32
VLAI
Details

A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-13T16:15:43Z",
    "severity": "HIGH"
  },
  "details": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.",
  "id": "GHSA-p8r2-h85q-cmcr",
  "modified": "2025-02-13T18:32:33Z",
  "published": "2025-02-13T18:32:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12011"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCG2-VHM9-HHQC

Vulnerability from github – Published: 2022-05-11 00:01 – Updated: 2022-05-17 00:01
VLAI
Details

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1629"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-10T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution",
  "id": "GHSA-pcg2-vhm9-hhqc",
  "modified": "2022-05-17T00:01:25Z",
  "published": "2022-05-11T00:01:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1629"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-32"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-16"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFR5-Q6HV-M7F4

Vulnerability from github – Published: 2023-01-05 18:30 – Updated: 2023-01-12 00:30
VLAI
Details

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-05T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.",
  "id": "GHSA-pfr5-q6hv-m7f4",
  "modified": "2023-01-12T00:30:19Z",
  "published": "2023-01-05T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4432"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-103709"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFR9-2P92-QRHQ

Vulnerability from github – Published: 2024-10-09 14:34 – Updated: 2026-05-20 00:56
VLAI
Summary
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Details

The heap-buffer-overflow is triggered in the strlen() function when handling the c_chars_to_str function in the dbn crate. This vulnerability occurs because the CStr::from_ptr() function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated.

If the chars array does not contain a null byte (\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.22.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "dbn"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.22.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-09T14:34:24Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The `heap-buffer-overflow` is triggered in the `strlen()` function when handling the `c_chars_to_str` function in the dbn crate. This vulnerability occurs because the `CStr::from_ptr()` function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated.\n\nIf the chars array does not contain a null byte (\\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.",
  "id": "GHSA-pfr9-2p92-qrhq",
  "modified": "2026-05-20T00:56:56Z",
  "published": "2024-10-09T14:34:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/databento/dbn/issues/67"
    },
    {
      "type": "WEB",
      "url": "https://github.com/databento/dbn/commit/339efb90fdb980920a5e8829008abc1114f4bfdd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/databento/dbn"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0377.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.