Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11292 vulnerabilities reference this CWE, most recent first.

GHSA-WCGF-WPVR-W7FM

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-14T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.",
  "id": "GHSA-wcgf-wpvr-w7fm",
  "modified": "2022-05-13T01:22:40Z",
  "published": "2022-05-13T01:22:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6283"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sass/libsass/issues/2814"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WCRM-5QG4-797W

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38
VLAI
Details

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-12T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",
  "id": "GHSA-wcrm-5qg4-797w",
  "modified": "2022-05-24T17:38:54Z",
  "published": "2022-05-24T17:38:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21463"
    },
    {
      "type": "WEB",
      "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3002617"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WCWX-HJ42-4R58

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-29T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.",
  "id": "GHSA-wcwx-hj42-4r58",
  "modified": "2022-05-13T01:42:29Z",
  "published": "2022-05-13T01:42:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11728"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libming/libming/issues/82"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201904-24"
    },
    {
      "type": "WEB",
      "url": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_32.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WCXH-XXC8-V5J8

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:09
VLAI
Details

libsoup through 2.68.1 has a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-17266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-06T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "libsoup through 2.68.1 has a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message\u0027s length before proceeding with a memcpy.",
  "id": "GHSA-wcxh-xxc8-v5j8",
  "modified": "2024-04-04T02:09:12Z",
  "published": "2022-05-24T16:57:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17266"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/issues/173"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2019-17266"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4152-1"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1705054.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WF2M-3QF9-2465

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06
VLAI
Details

Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11250"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-19T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
  "id": "GHSA-wf2m-3qf9-2465",
  "modified": "2022-05-13T01:06:31Z",
  "published": "2022-05-13T01:06:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11250"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WF3W-6F2X-X7MG

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32
VLAI
Details

IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-4767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-28T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.",
  "id": "GHSA-wf3w-6f2x-x7mg",
  "modified": "2022-05-24T17:32:41Z",
  "published": "2022-05-24T17:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4767"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6356019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WF4C-F488-7HM7

Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-07 21:30
VLAI
Details

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32830"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-27T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information.",
  "id": "GHSA-wf4c-f488-7hm7",
  "modified": "2023-03-07T21:30:17Z",
  "published": "2023-02-27T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32830"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213342"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213346"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WF4G-P263-7Q4M

Vulnerability from github – Published: 2023-02-22 21:30 – Updated: 2023-03-03 06:30
VLAI
Details

Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-22T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.",
  "id": "GHSA-wf4g-p263-7q4m",
  "modified": "2023-03-03T06:30:19Z",
  "published": "2023-02-22T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33367"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWMZOYJKXWOEEUV7ZKW4BX772F5P2HL"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEG5FTVLVSO26TEEYKORM42WZ4LEHIJB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXJ4QSLSK4HLH5ZDMDC42F7XLWLFADRD"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WF54-4X66-PVVJ

Vulnerability from github – Published: 2022-12-21 18:30 – Updated: 2022-12-21 18:30
VLAI
Details

In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-16T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A",
  "id": "GHSA-wf54-4x66-pvvj",
  "modified": "2022-12-21T18:30:25Z",
  "published": "2022-12-21T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20604"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WF55-H8M9-9GX2

Vulnerability from github – Published: 2023-04-17 21:30 – Updated: 2024-04-04 03:31
VLAI
Details

A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-17T21:15:07Z",
    "severity": "HIGH"
  },
  "details": "A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.",
  "id": "GHSA-wf55-h8m9-9gx2",
  "modified": "2024-04-04T03:31:06Z",
  "published": "2023-04-17T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27906"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.