CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11292 vulnerabilities reference this CWE, most recent first.
GHSA-W829-6HPW-FRJF
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2025-05-30 21:30In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2019-15903"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-04T06:15:00Z",
"severity": "HIGH"
},
"details": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"id": "GHSA-w829-6hpw-frjf",
"modified": "2025-05-30T21:30:53Z",
"published": "2022-05-24T16:55:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903"
},
{
"type": "WEB",
"url": "https://github.com/libexpat/libexpat/issues/317"
},
{
"type": "WEB",
"url": "https://github.com/libexpat/libexpat/issues/342"
},
{
"type": "WEB",
"url": "https://github.com/libexpat/libexpat/pull/318"
},
{
"type": "WEB",
"url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3210"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190926-0004"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210785"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210788"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210789"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210790"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210793"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210794"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210795"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4132-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4132-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4165-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4202-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4335-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4530"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4549"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4571"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2021-11"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3237"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3756"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Dec/17"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Dec/21"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Nov/1"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Nov/24"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Oct/29"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/30"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/37"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201911-08"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Dec/23"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Dec/27"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Dec/30"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W82G-FR7X-R9M9
Vulnerability from github – Published: 2022-04-29 02:57 – Updated: 2022-04-29 02:57isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.
{
"affected": [],
"aliases": [
"CVE-2004-0221"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-05-04T04:00:00Z",
"severity": "MODERATE"
},
"details": "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.",
"id": "GHSA-w82g-fr7x-r9m9",
"modified": "2022-04-29T02:57:21Z",
"published": "2022-04-29T02:57:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0221"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15630"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=108008530028019\u0026w=2"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/524497"
},
{
"type": "WEB",
"url": "http://www.openbsd.org/errata.html"
},
{
"type": "WEB",
"url": "http://www.rapid7.com/advisories/R7-0018.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/9907"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/alerts/2004/Mar/1009468.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W82J-QRR8-455X
Vulnerability from github – Published: 2024-10-30 00:31 – Updated: 2025-02-03 18:30A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2024-8589"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-29T22:15:06Z",
"severity": "HIGH"
},
"details": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.",
"id": "GHSA-w82j-qrr8-455x",
"modified": "2025-02-03T18:30:38Z",
"published": "2024-10-30T00:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8589"
},
{
"type": "WEB",
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W834-9CG6-CM69
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2018-10393"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-26T05:29:00Z",
"severity": "HIGH"
},
"details": "bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.",
"id": "GHSA-w834-9cg6-cm69",
"modified": "2022-05-13T01:04:44Z",
"published": "2022-05-13T01:04:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10393"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3703"
},
{
"type": "WEB",
"url": "https://gitlab.xiph.org/xiph/vorbis/issues/2334"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-36"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W83M-85F8-627V
Vulnerability from github – Published: 2024-01-23 03:31 – Updated: 2024-01-23 03:31An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.
{
"affected": [],
"aliases": [
"CVE-2023-39197"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-23T03:15:11Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.",
"id": "GHSA-w83m-85f8-627v",
"modified": "2024-01-23T03:31:08Z",
"published": "2024-01-23T03:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39197"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-39197"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218342"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W83P-H4QQ-PGHQ
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
{
"affected": [],
"aliases": [
"CVE-2019-8201"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-17T21:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",
"id": "GHSA-w83p-h4qq-pghq",
"modified": "2022-05-24T16:59:22Z",
"published": "2022-05-24T16:59:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8201"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W83R-JFJ6-6XH8
Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2024-04-03 18:30Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22934.
{
"affected": [],
"aliases": [
"CVE-2024-27346"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T17:15:55Z",
"severity": "LOW"
},
"details": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22934.",
"id": "GHSA-w83r-jfj6-6xh8",
"modified": "2024-04-03T18:30:43Z",
"published": "2024-04-03T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27346"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-226"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W87F-MR23-WRP9
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-26669"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T18:15:50Z",
"severity": "HIGH"
},
"details": "Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-w87f-mr23-wrp9",
"modified": "2025-04-08T18:34:47Z",
"published": "2025-04-08T18:34:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26669"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26669"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W894-FH9C-R36P
Vulnerability from github – Published: 2025-09-24 15:31 – Updated: 2025-09-24 15:31NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-23248"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T14:15:46Z",
"severity": "LOW"
},
"details": "NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.",
"id": "GHSA-w894-fh9c-r36p",
"modified": "2025-09-24T15:31:13Z",
"published": "2025-09-24T15:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23248"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5661"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23248"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-W8F6-VCFX-23XP
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-04-20 03:40In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
{
"affected": [],
"aliases": [
"CVE-2017-11147"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-10T14:29:00Z",
"severity": "CRITICAL"
},
"details": "In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.",
"id": "GHSA-w8f6-vcfx-23xp",
"modified": "2025-04-20T03:40:31Z",
"published": "2022-05-13T01:42:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11147"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=73773"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180112-0001"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2017-12"
},
{
"type": "WEB",
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5246580a85f031e1a3b8064edbaa55c1643a451"
},
{
"type": "WEB",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=e5246580a85f031e1a3b8064edbaa55c1643a451"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/07/10/6"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-7.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99607"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.