Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11273 vulnerabilities reference this CWE, most recent first.

GHSA-XHC3-W35M-FP4Q

Vulnerability from github – Published: 2026-07-14 18:31 – Updated: 2026-07-14 18:31
VLAI
Details

A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T16:16:42Z",
    "severity": "HIGH"
  },
  "details": "A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request.",
  "id": "GHSA-xhc3-w35m-fp4q",
  "modified": "2026-07-14T18:31:54Z",
  "published": "2026-07-14T18:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53379"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-146"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHC7-32VM-6C85

Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26
VLAI
Details

Information disclosure in modem due to improper check of IP type while processing DNS server query

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25730"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-13T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure in modem due to improper check of IP type while processing DNS server query",
  "id": "GHSA-xhc7-32vm-6c85",
  "modified": "2024-04-04T03:26:59Z",
  "published": "2023-04-13T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25730"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHCG-FX4C-M8Q6

Vulnerability from github – Published: 2023-03-28 21:30 – Updated: 2023-03-28 21:30
VLAI
Details

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26352"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-28T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-xhcg-fx4c-m8q6",
  "modified": "2023-03-28T21:30:17Z",
  "published": "2023-03-28T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26352"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/dimension/apsb23-20.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHGX-HX6P-CQP4

Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-30 03:30
VLAI
Details

In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568245

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-24T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568245",
  "id": "GHSA-xhgx-hx6p-cqp4",
  "modified": "2023-03-30T03:30:38Z",
  "published": "2023-03-24T21:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20973"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2023-03-01"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2023-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHHW-J3H4-3X9R

Vulnerability from github – Published: 2025-04-29 15:31 – Updated: 2025-11-03 21:33
VLAI
Details

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-29T14:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 138, Firefox ESR \u003c 128.10, Firefox ESR \u003c 115.23, Thunderbird \u003c 138, and Thunderbird ESR \u003c 128.10.",
  "id": "GHSA-xhhw-j3h4-3x9r",
  "modified": "2025-11-03T21:33:41Z",
  "published": "2025-04-29T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4082"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1937097"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-28"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-29"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-30"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-31"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHMF-MMV2-4HHX

Vulnerability from github – Published: 2022-09-16 20:59 – Updated: 2022-09-16 20:59
VLAI
Summary
Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Details

Impact

When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic.

Patches

The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4.

Workarounds

The only way to avoid it is by parsing CVSS v2.0 vector strings that does not have all attributes defined (e.g. AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M).

References

N/A

CPE v2.3

As stated in SECURITY.md, the CPE v2.3 to refer to this Go module is cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*:*:*:*. The entry has already been requested to the NVD CPE dictionnary.

Exploit example

package main

import (
    "log"

    gocvss20 "github.com/pandatix/go-cvss/20"
)

func main() {
    _, err := gocvss20.ParseVector("AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M")
    if err != nil {
        log.Fatal(err)
    }
}

When ran, the following trace is returned.

panic: runtime error: index out of range [3] with length 3

goroutine 1 [running]:
github.com/pandatix/go-cvss/20.ParseVector({0x4aed6c?, 0x0?})
        /home/lucas/go/pkg/mod/github.com/pandatix/go-cvss@v0.2.0/20/cvss20.go:54 +0x578
main.main()
        /media/lucas/HDD-K/Documents/cve-2022-xxxxx/main.go:10 +0x25
exit status 2

For more information

If you have any questions or comments about this advisory: * Open an issue in pandatix/go-cvss * Email me at lucastesson@protonmail.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/pandatix/go-cvss"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.2.0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-16T20:59:43Z",
    "nvd_published_at": "2022-09-15T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nWhen a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic.\n\n### Patches\nThe problem is patched in tag `v0.4.0`, by the commit `d9d478ff0c13b8b09ace030db9262f3c2fe031f4`.\n\n### Workarounds\nThe only way to avoid it is by parsing CVSS v2.0 vector strings that does not have all attributes defined (e.g. `AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M`).\n\n### References\nN/A\n\n### CPE v2.3\nAs stated in [SECURITY.md](https://github.com/pandatix/go-cvss/blob/master/SECURITY.md), the CPE v2.3 to refer to this Go module is `cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*:*:*:*`.\nThe entry has already been requested to the NVD CPE dictionnary.\n\n### Exploit example\n```go\npackage main\n\nimport (\n\t\"log\"\n\n\tgocvss20 \"github.com/pandatix/go-cvss/20\"\n)\n\nfunc main() {\n\t_, err := gocvss20.ParseVector(\"AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M\")\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n}\n```\n\nWhen ran, the following trace is returned.\n```\npanic: runtime error: index out of range [3] with length 3\n\ngoroutine 1 [running]:\ngithub.com/pandatix/go-cvss/20.ParseVector({0x4aed6c?, 0x0?})\n        /home/lucas/go/pkg/mod/github.com/pandatix/go-cvss@v0.2.0/20/cvss20.go:54 +0x578\nmain.main()\n        /media/lucas/HDD-K/Documents/cve-2022-xxxxx/main.go:10 +0x25\nexit status 2\n```\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [pandatix/go-cvss](https://github.com/pandatix/go-cvss/issues)\n* Email me at [lucastesson@protonmail.com](mailto:lucastesson@protonmail.com)\n",
  "id": "GHSA-xhmf-mmv2-4hhx",
  "modified": "2022-09-16T20:59:43Z",
  "published": "2022-09-16T20:59:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39213"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pandatix/go-cvss/commit/d9d478ff0c13b8b09ace030db9262f3c2fe031f4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pandatix/go-cvss"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pandatix/go-cvss/blob/master/SECURITY.md"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-1002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function"
}

GHSA-XHMX-2VHP-F3PQ

Vulnerability from github – Published: 2022-07-14 00:00 – Updated: 2022-07-27 00:00
VLAI
Details

In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216825460References: Upstream kernel

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-13T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216825460References: Upstream kernel",
  "id": "GHSA-xhmx-2vhp-f3pq",
  "modified": "2022-07-27T00:00:47Z",
  "published": "2022-07-14T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20227"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2022-07-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHMX-JV3J-5WF8

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30
VLAI
Details

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T15:15:48Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.",
  "id": "GHSA-xhmx-jv3j-5wf8",
  "modified": "2024-08-05T15:30:53Z",
  "published": "2024-08-05T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33011"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHPJ-269V-VQ2Q

Vulnerability from github – Published: 2026-05-31 21:30 – Updated: 2026-06-01 21:30
VLAI
Details

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input.

In Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_hash() process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORT_BINARY pattern (an inline string whose length is encoded in the low bits of the tag), the resulting read is not bounded to precede the COPY tag's own offset and can run past the end of the input buffer. An attacker controlled COPY offset can land inside a previously decoded value rather than on a tag boundary, planting a byte that the decoder reads as a SHORT_BINARY tag and consuming up to 31 following bytes from the heap as a class name (OBJECT path) or hash key (HASH path).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8796"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-31T20:16:30Z",
    "severity": "HIGH"
  },
  "details": "Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input.\n\nIn Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_hash() process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORT_BINARY pattern (an inline string whose length is encoded in the low bits of the tag), the resulting read is not bounded to precede the COPY tag\u0027s own offset and can run past the end of the input buffer. An attacker controlled COPY offset can land inside a previously decoded value rather than on a tag boundary, planting a byte that the decoder reads as a SHORT_BINARY tag and consuming up to 31 following bytes from the heap as a class name (OBJECT path) or hash key (HASH path).",
  "id": "GHSA-xhpj-269v-vq2q",
  "modified": "2026-06-01T21:30:41Z",
  "published": "2026-05-31T21:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8796"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sereal/Sereal/commit/303a2c69cdba80bf37a3ff43461e0aa78198a7a3.patch"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/YVES/Sereal-Decoder-5.005/changes"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/01/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XHPJ-R5XJ-F4J3

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2026-02-20 21:31
VLAI
Details

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1148.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-14T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka \u0027Microsoft Graphics Component Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-1078, CVE-2019-1148.",
  "id": "GHSA-xhpj-r5xj-f4j3",
  "modified": "2026-02-20T21:31:09Z",
  "published": "2022-05-24T16:53:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1153"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1153"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154098/Microsoft-Font-Subsetting-DLL-FixSbitSubTableFormat1-Out-Of-Bounds-Read.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.