CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11273 vulnerabilities reference this CWE, most recent first.
GHSA-X7J9-3XC5-F64W
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur.
{
"affected": [],
"aliases": [
"CVE-2018-5864"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-06T19:29:00Z",
"severity": "MODERATE"
},
"details": "While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur.",
"id": "GHSA-x7j9-3xc5-f64w",
"modified": "2022-05-13T01:52:56Z",
"published": "2022-05-13T01:52:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5864"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-07-01"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9c042f7827e0d21e5b93c04b418bca0230de91dc"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X7MF-V6GH-VM4G
Vulnerability from github – Published: 2023-05-03 12:30 – Updated: 2024-02-16 18:31An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.
{
"affected": [],
"aliases": [
"CVE-2022-43681"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-03T12:16:30Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.",
"id": "GHSA-x7mf-v6gh-vm4g",
"modified": "2024-02-16T18:31:03Z",
"published": "2023-05-03T12:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43681"
},
{
"type": "WEB",
"url": "https://forescout.com"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5495"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X7MJ-R2CP-PV8C
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24495.
{
"affected": [],
"aliases": [
"CVE-2024-8843"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T21:15:22Z",
"severity": "LOW"
},
"details": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24495.",
"id": "GHSA-x7mj-r2cp-pv8c",
"modified": "2024-11-22T21:32:19Z",
"published": "2024-11-22T21:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8843"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1266"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X7MM-89J5-2MCW
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2018-5044"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-x7mm-89j5-2mcw",
"modified": "2022-05-14T00:53:23Z",
"published": "2022-05-14T00:53:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5044"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104699"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X7P4-8JJF-QCP4
Vulnerability from github – Published: 2026-05-05 18:33 – Updated: 2026-06-08 06:30A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom() and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
{
"affected": [],
"aliases": [
"CVE-2026-34000"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-05T16:16:11Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.",
"id": "GHSA-x7p4-8jjf-qcp4",
"modified": "2026-06-08T06:30:25Z",
"published": "2026-05-05T18:33:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34000"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451107"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-34000"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24341"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23496"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23255"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23254"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22424"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21742"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21741"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21718"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21716"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21715"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21712"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21699"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20590"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20576"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20575"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20563"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20561"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20560"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20558"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20557"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20555"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20547"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19342"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X7QQ-29VH-P459
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 06:30In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238177877
{
"affected": [],
"aliases": [
"CVE-2022-20471"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238177877",
"id": "GHSA-x7qq-29vh-p459",
"modified": "2022-12-15T06:30:30Z",
"published": "2022-12-13T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20471"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X7QW-3VF4-3WXW
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2011-3963"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-02-09T04:10:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"id": "GHSA-x7qw-3vf4-3wxw",
"modified": "2022-05-13T01:26:54Z",
"published": "2022-05-13T01:26:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3963"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14825"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=109094"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X7R4-5MQ3-7P72
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.
{
"affected": [],
"aliases": [
"CVE-2016-6906"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-15T14:59:00Z",
"severity": "MODERATE"
},
"details": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.",
"id": "GHSA-x7r4-5mq3-7p72",
"modified": "2022-05-17T00:27:22Z",
"published": "2022-05-17T00:27:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6906"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96503"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X7W5-522M-WP35
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 03:35Out of bounds read in Layout in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-13873"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:01Z",
"severity": "MODERATE"
},
"details": "Out of bounds read in Layout in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-x7w5-522m-wp35",
"modified": "2026-07-01T03:35:20Z",
"published": "2026-07-01T00:34:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13873"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/498085466"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X7WR-283H-5H2V
Vulnerability from github – Published: 2022-01-21 23:20 – Updated: 2024-10-08 12:36Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test.
- Vulnerability ID: OTF-014
- Vulnerability type: Out-of-bounds Read
- Threat level: Elevated
Description:
The desktop application was found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing.
Technical description:
Prerequisites:
- Onion address is known
- Public service or authentication is valid
- Desktop application is used
- History is displayed
The rendering of images found in OTF-001 (page 25) could be elevated to a Denial of Service, which requires only very few bytes to be sent as a path parameter to any of the Onionshare functions. Roughly 20 bytes lead to 2GB memory consumption and this can be triggered multiple times. To be abused, this vulnerability requires rendering in the history tab, so some user interaction is required. The issue is in the process of disclosure to the QT security mailing list. More details will be provided after a fixed QT build has been deployed.
Impact:
An adversary with knowledge of the Onion service address in public mode or with authentication in private mode can perform a Denial of Service attack, which quickly results in out-of-memory for the server. This requires the desktop application with rendered history, therefore the impact is only elevated.
Recommendation:
- Monitor for upstream fix
- Fix OTF-001 (page 25) as a workaround
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "onionshare-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-21688"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-19T18:27:26Z",
"nvd_published_at": "2022-01-18T22:15:00Z",
"severity": "HIGH"
},
"details": "Between September 26, 2021 and October 8, 2021, [Radically Open Security](https://www.radicallyopensecurity.com/) conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund\u0027s [Red Team lab](https://www.opentech.fund/labs/red-team-lab/). This is an issue from that penetration test.\n\n- Vulnerability ID: OTF-014\n- Vulnerability type: Out-of-bounds Read\n- Threat level: Elevated\n\n## Description:\n\nThe desktop application was found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing.\n\n## Technical description:\n\nPrerequisites:\n\n- Onion address is known\n- Public service or authentication is valid\n- Desktop application is used\n- History is displayed\n\nThe rendering of images found in OTF-001 (page 25) could be elevated to a Denial of Service, which requires only very few bytes to be sent as a path parameter to any of the Onionshare functions. Roughly 20 bytes lead to 2GB memory consumption and this can be triggered multiple times. To be abused, this vulnerability requires rendering in the history tab, so some user interaction is required. The issue is in the process of disclosure to the QT security mailing list. More details will be provided after a fixed QT build has been deployed.\n\n## Impact:\n\nAn adversary with knowledge of the Onion service address in public mode or with authentication in private mode can perform a Denial of Service attack, which quickly results in out-of-memory for the server. This requires the desktop application with rendered history, therefore the impact is only elevated.\n\n## Recommendation:\n\n- Monitor for upstream fix\n- Fix OTF-001 (page 25) as a workaround",
"id": "GHSA-x7wr-283h-5h2v",
"modified": "2024-10-08T12:36:21Z",
"published": "2022-01-21T23:20:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21688"
},
{
"type": "PACKAGE",
"url": "https://github.com/onionshare/onionshare"
},
{
"type": "WEB",
"url": "https://github.com/onionshare/onionshare/releases/tag/v2.5"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/onionshare-cli/PYSEC-2022-39.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Out-of-bounds Read in Onionshare"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.