CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11292 vulnerabilities reference this CWE, most recent first.
GHSA-WCGF-WPVR-W7FM
Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
{
"affected": [],
"aliases": [
"CVE-2019-6283"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-14T22:29:00Z",
"severity": "MODERATE"
},
"details": "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.",
"id": "GHSA-wcgf-wpvr-w7fm",
"modified": "2022-05-13T01:22:40Z",
"published": "2022-05-13T01:22:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6283"
},
{
"type": "WEB",
"url": "https://github.com/sass/libsass/issues/2814"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WCRM-5QG4-797W
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
{
"affected": [],
"aliases": [
"CVE-2021-21463"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-12T15:15:00Z",
"severity": "HIGH"
},
"details": "SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.",
"id": "GHSA-wcrm-5qg4-797w",
"modified": "2022-05-24T17:38:54Z",
"published": "2022-05-24T17:38:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21463"
},
{
"type": "WEB",
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3002617"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-016"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WCWX-HJ42-4R58
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-11728"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-29T05:29:00Z",
"severity": "MODERATE"
},
"details": "A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.",
"id": "GHSA-wcwx-hj42-4r58",
"modified": "2022-05-13T01:42:29Z",
"published": "2022-05-13T01:42:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11728"
},
{
"type": "WEB",
"url": "https://github.com/libming/libming/issues/82"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201904-24"
},
{
"type": "WEB",
"url": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_32.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WCXH-XXC8-V5J8
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:09libsoup through 2.68.1 has a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
{
"affected": [],
"aliases": [
"CVE-2019-17266"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-06T22:15:00Z",
"severity": "CRITICAL"
},
"details": "libsoup through 2.68.1 has a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message\u0027s length before proceeding with a memcpy.",
"id": "GHSA-wcxh-xxc8-v5j8",
"modified": "2024-04-04T02:09:12Z",
"published": "2022-05-24T16:57:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17266"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941912"
},
{
"type": "WEB",
"url": "https://github.com/Kirin-say/Vulnerabilities/blob/master/CVE-2019-17266_POC.md"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/commit/88b7dff4467f4151afae244ea7d1223753cd05ab"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/commit/f8a54ac85eec2008c85393f331cdd251af8266ad"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/issues/173"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-17266"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4152-1"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1705054.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WF2M-3QF9-2465
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2017-11250"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-19T17:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-wf2m-3qf9-2465",
"modified": "2022-05-13T01:06:31Z",
"published": "2022-05-13T01:06:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11250"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WF3W-6F2X-X7MG
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.
{
"affected": [],
"aliases": [
"CVE-2020-4767"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-28T17:15:00Z",
"severity": "HIGH"
},
"details": "IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.",
"id": "GHSA-wf3w-6f2x-x7mg",
"modified": "2022-05-24T17:32:41Z",
"published": "2022-05-24T17:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4767"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188906"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6356019"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WF4C-F488-7HM7
Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-07 21:30An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information.
{
"affected": [],
"aliases": [
"CVE-2022-32830"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T20:15:00Z",
"severity": "HIGH"
},
"details": "An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information.",
"id": "GHSA-wf4c-f488-7hm7",
"modified": "2023-03-07T21:30:17Z",
"published": "2023-02-27T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32830"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213342"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213346"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WF4G-P263-7Q4M
Vulnerability from github – Published: 2023-02-22 21:30 – Updated: 2023-03-03 06:30Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
{
"affected": [],
"aliases": [
"CVE-2021-33367"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-22T21:15:00Z",
"severity": "MODERATE"
},
"details": "Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.",
"id": "GHSA-wf4g-p263-7q4m",
"modified": "2023-03-03T06:30:19Z",
"published": "2023-02-22T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33367"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWMZOYJKXWOEEUV7ZKW4BX772F5P2HL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEG5FTVLVSO26TEEYKORM42WZ4LEHIJB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXJ4QSLSK4HLH5ZDMDC42F7XLWLFADRD"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WF54-4X66-PVVJ
Vulnerability from github – Published: 2022-12-21 18:30 – Updated: 2022-12-21 18:30In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A
{
"affected": [],
"aliases": [
"CVE-2022-20604"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-16T16:15:00Z",
"severity": "MODERATE"
},
"details": "In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A",
"id": "GHSA-wf54-4x66-pvvj",
"modified": "2022-12-21T18:30:25Z",
"published": "2022-12-21T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20604"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WF55-H8M9-9GX2
Vulnerability from github – Published: 2023-04-17 21:30 – Updated: 2024-04-04 03:31A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.
{
"affected": [],
"aliases": [
"CVE-2023-27906"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-17T21:15:07Z",
"severity": "HIGH"
},
"details": "A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.",
"id": "GHSA-wf55-h8m9-9gx2",
"modified": "2024-04-04T03:31:06Z",
"published": "2023-04-17T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27906"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.