CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11292 vulnerabilities reference this CWE, most recent first.
GHSA-W9XJ-RH5F-2G52
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
{
"affected": [],
"aliases": [
"CVE-2017-13010"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-14T06:29:00Z",
"severity": "CRITICAL"
},
"details": "The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().",
"id": "GHSA-w9xj-rh5f-2g52",
"modified": "2022-05-13T01:42:54Z",
"published": "2022-05-13T01:42:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13010"
},
{
"type": "WEB",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/877b66b398518d9501513e0860c9f3a8acc70892"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201709-23"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208221"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3971"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"type": "WEB",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WC22-RP5H-F6HW
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2025-04-20 03:41The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
{
"affected": [],
"aliases": [
"CVE-2017-9727"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-26T19:29:00Z",
"severity": "HIGH"
},
"details": "The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.",
"id": "GHSA-wc22-rp5h-f6hw",
"modified": "2025-04-20T03:41:28Z",
"published": "2022-05-13T01:48:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9727"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"type": "WEB",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=698056"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=937ccd17ac65935633b2ebc06cb7089b91e17e6b"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3986"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99999"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WC35-X492-36G5
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2019-8746"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-27T20:15:00Z",
"severity": "CRITICAL"
},
"details": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.",
"id": "GHSA-wc35-x492-36g5",
"modified": "2022-05-24T17:32:23Z",
"published": "2022-05-24T17:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8746"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210604"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210606"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210607"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210634"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210635"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210636"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210637"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210722"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WC68-RH2F-56M4
Vulnerability from github – Published: 2024-12-09 15:31 – Updated: 2024-12-10 18:31A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
{
"affected": [],
"aliases": [
"CVE-2024-54937"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-09T14:15:13Z",
"severity": "MODERATE"
},
"details": "A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.",
"id": "GHSA-wc68-rh2f-56m4",
"modified": "2024-12-10T18:31:06Z",
"published": "2024-12-09T15:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54937"
},
{
"type": "WEB",
"url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Directory%20listing%20-%20admin-assets.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WC8P-W4MH-CRRR
Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32INformation disclosure while handling Multi-link IE in beacon frame.
{
"affected": [],
"aliases": [
"CVE-2024-21457"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T15:15:13Z",
"severity": "MODERATE"
},
"details": "INformation disclosure while handling Multi-link IE in beacon frame.",
"id": "GHSA-wc8p-w4mh-crrr",
"modified": "2024-07-01T15:32:38Z",
"published": "2024-07-01T15:32:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21457"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WC94-3V5M-VX37
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2018-12779"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-wc94-3v5m-vx37",
"modified": "2022-05-14T00:53:03Z",
"published": "2022-05-14T00:53:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12779"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104699"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WC99-J389-7H87
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:44Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2019-7145"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-22T14:29:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-wc99-j389-7h87",
"modified": "2024-04-04T00:44:23Z",
"published": "2022-05-24T16:46:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7145"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-18.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-485"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108326"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WC9V-XVXC-2X5V
Vulnerability from github – Published: 2022-04-30 00:00 – Updated: 2022-05-12 00:01Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2022-1533"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-29T11:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution.",
"id": "GHSA-wc9v-xvxc-2x5v",
"modified": "2022-05-12T00:01:59Z",
"published": "2022-04-30T00:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1533"
},
{
"type": "WEB",
"url": "https://github.com/bfabiszewski/libmobi/commit/eafc415bc6067e72577f70d6dd5acbf057ce6e6f"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/cb574ce1-fbf7-42ea-9e6a-91e17adecdc3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WCCF-R8H3-9JC2
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
{
"affected": [],
"aliases": [
"CVE-2017-5848"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-09T15:59:00Z",
"severity": "HIGH"
},
"details": "The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.",
"id": "GHSA-wccf-r8h3-9jc2",
"modified": "2022-05-13T01:13:25Z",
"published": "2022-05-13T01:13:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5848"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"type": "WEB",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WCG7-3RC6-C7JG
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.
{
"affected": [],
"aliases": [
"CVE-2017-12957"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-18T21:29:00Z",
"severity": "MODERATE"
},
"details": "There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.",
"id": "GHSA-wcg7-3rc6-c7jg",
"modified": "2022-05-13T01:42:48Z",
"published": "2022-05-13T01:42:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12957"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482423"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.