CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11292 vulnerabilities reference this CWE, most recent first.
GHSA-W8R8-W5W4-4W4V
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2025-10-22 03:30The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
{
"affected": [],
"aliases": [
"CVE-2014-0160"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-04-07T22:55:00Z",
"severity": "HIGH"
},
"details": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.",
"id": "GHSA-w8r8-w5w4-4w4v",
"modified": "2025-10-22T03:30:38Z",
"published": "2022-05-13T01:14:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0160"
},
{
"type": "WEB",
"url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
},
{
"type": "WEB",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160"
},
{
"type": "WEB",
"url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html"
},
{
"type": "WEB",
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
},
{
"type": "WEB",
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html"
},
{
"type": "WEB",
"url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html"
},
{
"type": "WEB",
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay\u0026spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result\u0026javax.portlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vignette.cachetoken"
},
{
"type": "WEB",
"url": "https://gist.github.com/chapmajs/10473815"
},
{
"type": "WEB",
"url": "https://filezilla-project.org/versions.php?type=server"
},
{
"type": "WEB",
"url": "https://code.google.com/p/mod-spdy/issues/detail?id=85"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
},
{
"type": "WEB",
"url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2014-0165.html"
},
{
"type": "WEB",
"url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog"
},
{
"type": "WEB",
"url": "http://cogentdatahub.com/ReleaseNotes.html"
},
{
"type": "WEB",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01"
},
{
"type": "WEB",
"url": "http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3"
},
{
"type": "WEB",
"url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3"
},
{
"type": "WEB",
"url": "http://heartbleed.com"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139722163017074\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139757726426985\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139757819327350\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139757919027752\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139758572430452\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139765756720506\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139774054614965\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139774703817488\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139808058921905\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139817685517037\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139817727317190\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139817782017443\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139824923705461\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139824993005633\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139833395230364\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139835815211508\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139835844111589\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139836085512508\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139842151128341\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139843768401936\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139869720529462\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139869891830365\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139889113431619\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139889295732144\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139905202427693\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139905243827825\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139905295427946\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139905351928096\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139905405728262\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139905458328378\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139905653828999\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139905868529690\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140015787404650\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140075368411126\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140724451518351\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141287864628122\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"type": "WEB",
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1"
},
{
"type": "WEB",
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0376.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0377.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0378.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0396.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/109"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/173"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/190"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/90"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/91"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57347"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57483"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57721"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57836"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57966"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57968"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59139"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59243"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59347"
},
{
"type": "WEB",
"url": "http://support.citrix.com/article/CTX140605"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
},
{
"type": "WEB",
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"type": "WEB",
"url": "http://www.blackberry.com/btsc/KB35882"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-2896"
},
{
"type": "WEB",
"url": "http://www.exploit-db.com/exploits/32745"
},
{
"type": "WEB",
"url": "http://www.exploit-db.com/exploits/32764"
},
{
"type": "WEB",
"url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
},
{
"type": "WEB",
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release"
},
{
"type": "WEB",
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases"
},
{
"type": "WEB",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release"
},
{
"type": "WEB",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"
},
{
"type": "WEB",
"url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/720951"
},
{
"type": "WEB",
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"type": "WEB",
"url": "http://www.openssl.org/news/secadv_20140407.txt"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/66690"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030026"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030074"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030077"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030078"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030079"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030080"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030081"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030082"
},
{
"type": "WEB",
"url": "http://www.splunk.com/view/SP-CAAAMB3"
},
{
"type": "WEB",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160512_00"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2165-1"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/ncas/alerts/TA14-098A"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"type": "WEB",
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W8VJ-MR98-9J85
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-24 18:32In the Linux kernel, the following vulnerability has been resolved:
erofs: fix inline data read failure for ztailpacking pclusters
Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O chains. Otherwise, z_erofs_decompress_pcluster() may assume they are already valid and then trigger a NULL pointer dereference.
It is somewhat hard to reproduce because the inline data is in the same block as the tail of the compressed indexes, which are usually read just before. However, it may still happen if a fatal signal arrives while read_mapping_folio() is running, as shown below:
erofs: (device dm-1): z_erofs_pcluster_begin: failed to get inline data -4 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
...
pc : z_erofs_decompress_queue+0x4c8/0xa14 lr : z_erofs_decompress_queue+0x160/0xa14 sp : ffffffc08b3eb3a0 x29: ffffffc08b3eb570 x28: ffffffc08b3eb418 x27: 0000000000001000 x26: ffffff8086ebdbb8 x25: ffffff8086ebdbb8 x24: 0000000000000001 x23: 0000000000000008 x22: 00000000fffffffb x21: dead000000000700 x20: 00000000000015e7 x19: ffffff808babb400 x18: ffffffc089edc098 x17: 00000000c006287d x16: 00000000c006287d x15: 0000000000000004 x14: ffffff80ba8f8000 x13: 0000000000000004 x12: 00000006589a77c9 x11: 0000000000000015 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000020 x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: z_erofs_decompress_queue+0x4c8/0xa14 z_erofs_runqueue+0x908/0x97c z_erofs_read_folio+0x128/0x228 filemap_read_folio+0x68/0x128 filemap_get_pages+0x44c/0x8b4 filemap_read+0x12c/0x5b8 generic_file_read_iter+0x4c/0x15c do_iter_readv_writev+0x188/0x1e0 vfs_iter_read+0xac/0x1a4 backing_file_read_iter+0x170/0x34c ovl_read_iter+0xf0/0x140 vfs_read+0x28c/0x344 ksys_read+0x80/0xf0 __arm64_sys_read+0x24/0x34 invoke_syscall+0x60/0x114 el0_svc_common+0x88/0xe4 do_el0_svc+0x24/0x30 el0_svc+0x40/0xa8 el0t_64_sync_handler+0x70/0xbc el0t_64_sync+0x1bc/0x1c0
Fix this by reading the inline data before allocating and adding the pclusters to the I/O chains.
{
"affected": [],
"aliases": [
"CVE-2026-45943"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:10Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inline data read failure for ztailpacking pclusters\n\nCompressed folios for ztailpacking pclusters must be valid before adding\nthese pclusters to I/O chains. Otherwise, z_erofs_decompress_pcluster()\nmay assume they are already valid and then trigger a NULL pointer\ndereference.\n\nIt is somewhat hard to reproduce because the inline data is in the same\nblock as the tail of the compressed indexes, which are usually read just\nbefore. However, it may still happen if a fatal signal arrives while\nread_mapping_folio() is running, as shown below:\n\n erofs: (device dm-1): z_erofs_pcluster_begin: failed to get inline data -4\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n\n ...\n\n pc : z_erofs_decompress_queue+0x4c8/0xa14\n lr : z_erofs_decompress_queue+0x160/0xa14\n sp : ffffffc08b3eb3a0\n x29: ffffffc08b3eb570 x28: ffffffc08b3eb418 x27: 0000000000001000\n x26: ffffff8086ebdbb8 x25: ffffff8086ebdbb8 x24: 0000000000000001\n x23: 0000000000000008 x22: 00000000fffffffb x21: dead000000000700\n x20: 00000000000015e7 x19: ffffff808babb400 x18: ffffffc089edc098\n x17: 00000000c006287d x16: 00000000c006287d x15: 0000000000000004\n x14: ffffff80ba8f8000 x13: 0000000000000004 x12: 00000006589a77c9\n x11: 0000000000000015 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\n x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000020\n x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n z_erofs_decompress_queue+0x4c8/0xa14\n z_erofs_runqueue+0x908/0x97c\n z_erofs_read_folio+0x128/0x228\n filemap_read_folio+0x68/0x128\n filemap_get_pages+0x44c/0x8b4\n filemap_read+0x12c/0x5b8\n generic_file_read_iter+0x4c/0x15c\n do_iter_readv_writev+0x188/0x1e0\n vfs_iter_read+0xac/0x1a4\n backing_file_read_iter+0x170/0x34c\n ovl_read_iter+0xf0/0x140\n vfs_read+0x28c/0x344\n ksys_read+0x80/0xf0\n __arm64_sys_read+0x24/0x34\n invoke_syscall+0x60/0x114\n el0_svc_common+0x88/0xe4\n do_el0_svc+0x24/0x30\n el0_svc+0x40/0xa8\n el0t_64_sync_handler+0x70/0xbc\n el0t_64_sync+0x1bc/0x1c0\n\nFix this by reading the inline data before allocating and adding\nthe pclusters to the I/O chains.",
"id": "GHSA-w8vj-mr98-9j85",
"modified": "2026-06-24T18:32:29Z",
"published": "2026-05-27T15:33:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45943"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5de1aa0bf3a5db0b3cbf61959da5ac61250833ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/92088bd9aa2a7246bba8b9648fbc64edd173cf17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad07ea069f924465061cfee40ef2861bb99f4dd8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c134a40f86efb8d6b5a949ef70e06d5752209be5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W8VW-44WP-QV75
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.
{
"affected": [],
"aliases": [
"CVE-2023-21658"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.",
"id": "GHSA-w8vw-44wp-qv75",
"modified": "2024-04-04T04:34:43Z",
"published": "2023-06-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21658"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W8WM-VH7H-FVQW
Vulnerability from github – Published: 2022-04-19 00:00 – Updated: 2022-04-24 00:00Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_face() store_fc().
{
"affected": [],
"aliases": [
"CVE-2020-28608"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-129"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-18T17:15:00Z",
"severity": "HIGH"
},
"details": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser\u003cPMDEC\u003e::read_face() store_fc().",
"id": "GHSA-w8wm-vh7h-fvqw",
"modified": "2022-04-24T00:00:32Z",
"published": "2022-04-19T00:00:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28608"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-34"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W8WV-29F2-FHC6
Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2022-05-14 01:10Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
{
"affected": [],
"aliases": [
"CVE-2017-7776"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-15T12:31:00Z",
"severity": "HIGH"
},
"details": "Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.",
"id": "GHSA-w8wv-29f2-fhc6",
"modified": "2022-05-14T01:10:12Z",
"published": "2022-05-14T01:10:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7776"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W8XX-CJQJ-C9JQ
Vulnerability from github – Published: 2022-06-10 00:00 – Updated: 2022-06-17 00:01Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
{
"affected": [],
"aliases": [
"CVE-2022-28330"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-09T17:15:00Z",
"severity": "MODERATE"
},
"details": "Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.",
"id": "GHSA-w8xx-cjqj-c9jq",
"modified": "2022-06-17T00:01:28Z",
"published": "2022-06-10T00:00:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28330"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220624-0005"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/06/08/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W933-5675-HW56
Vulnerability from github – Published: 2025-03-06 06:30 – Updated: 2025-03-06 06:30Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.
{
"affected": [],
"aliases": [
"CVE-2025-20927"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-06T05:15:20Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.",
"id": "GHSA-w933-5675-hw56",
"modified": "2025-03-06T06:30:52Z",
"published": "2025-03-06T06:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20927"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W94H-5QPM-994V
Vulnerability from github – Published: 2026-07-15 15:33 – Updated: 2026-07-15 15:33When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.
Impact: This vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2026-60065"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T15:16:47Z",
"severity": "MODERATE"
},
"details": "When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker\u0027s control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.\n\nImpact:\nThis vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-w94h-5qpm-994v",
"modified": "2026-07-15T15:33:06Z",
"published": "2026-07-15T15:33:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-60065"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000162101"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W94P-XPG6-5729
Vulnerability from github – Published: 2022-10-15 12:01 – Updated: 2022-10-15 12:01Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-38440"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T20:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-w94p-xpg6-5729",
"modified": "2022-10-15T12:01:01Z",
"published": "2022-10-15T12:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38440"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/dimension/apsb22-57.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W94W-G7P4-F8MP
Vulnerability from github – Published: 2023-11-17 12:30 – Updated: 2023-11-17 12:30Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-47067"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-17T11:15:07Z",
"severity": "HIGH"
},
"details": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-w94w-g7p4-f8mp",
"modified": "2023-11-17T12:30:18Z",
"published": "2023-11-17T12:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47067"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.