Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11292 vulnerabilities reference this CWE, most recent first.

GHSA-HJ69-C76V-86WR

Vulnerability from github – Published: 2020-04-01 16:36 – Updated: 2024-10-08 12:57
VLAI
Summary
Out-of-bounds Read in Pillow
Details

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Pillow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-04-01T16:15:16Z",
    "nvd_published_at": "2020-01-03T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "`libImaging/FliDecode.c` in Pillow before 6.2.2 has an FLI buffer overflow.",
  "id": "GHSA-hj69-c76v-86wr",
  "modified": "2024-10-08T12:57:35Z",
  "published": "2020-04-01T16:36:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5313"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-hj69-c76v-86wr"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-84.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/python-pillow/Pillow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P"
    },
    {
      "type": "WEB",
      "url": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4272-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4631"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Out-of-bounds Read in Pillow"
}

GHSA-HJ73-J422-CHPP

Vulnerability from github – Published: 2022-03-19 00:00 – Updated: 2022-03-26 00:00
VLAI
Details

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-18T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.",
  "id": "GHSA-hj73-j422-chpp",
  "modified": "2022-03-26T00:00:43Z",
  "published": "2022-03-19T00:00:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22664"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213183"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213190"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213191"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJ88-2X2H-C44H

Vulnerability from github – Published: 2024-03-22 12:30 – Updated: 2024-03-22 12:30
VLAI
Details

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-22T11:15:46Z",
    "severity": "HIGH"
  },
  "details": "Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.\nThese vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.",
  "id": "GHSA-hj88-2x2h-c44h",
  "modified": "2024-03-22T12:30:46Z",
  "published": "2024-03-22T12:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1848"
    },
    {
      "type": "WEB",
      "url": "https://www.3ds.com/vulnerability/advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJ8W-74CF-P23X

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28
VLAI
Details

In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-13305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-05T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.",
  "id": "GHSA-hj8w-74cf-p23x",
  "modified": "2022-05-13T01:28:55Z",
  "published": "2022-05-13T01:28:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13305"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJCJ-JFHG-V58H

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-hjcj-jfhg-v58h",
  "modified": "2022-05-24T17:30:45Z",
  "published": "2022-05-24T17:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6104"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-26"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJFX-C67V-5F9W

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28
VLAI
Details

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-20T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
  "id": "GHSA-hjfx-c67v-5f9w",
  "modified": "2022-05-13T01:28:13Z",
  "published": "2022-05-13T01:28:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12766"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
    },
    {
      "type": "WEB",
      "url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104699"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJGV-Q6M4-R3HP

Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-23 00:00
VLAI
Details

Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-14T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
  "id": "GHSA-hjgv-q6m4-r3hp",
  "modified": "2022-06-23T00:00:22Z",
  "published": "2022-06-15T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35071"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJH7-CXCM-CXCW

Vulnerability from github – Published: 2022-05-14 01:09 – Updated: 2022-05-14 01:09
VLAI
Details

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-15T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.",
  "id": "GHSA-hjh7-cxcm-cxcw",
  "modified": "2022-05-14T01:09:49Z",
  "published": "2022-05-14T01:09:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5520"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2019-0006.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-369"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJJ6-GQ2R-V84Q

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-11-15 12:00
VLAI
Details

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-14T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.",
  "id": "GHSA-hjj6-gq2r-v84q",
  "modified": "2022-11-15T12:00:18Z",
  "published": "2022-05-24T17:14:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11760"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-27"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211288"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211289"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211290"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211291"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211293"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211294"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211295"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4339-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4755"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJJV-JHC2-VVJG

Vulnerability from github – Published: 2022-05-14 01:37 – Updated: 2022-05-14 01:37
VLAI
Details

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18933"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-05T09:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330\" issue.",
  "id": "GHSA-hjjv-jhc2-vvjg",
  "modified": "2022-05-14T01:37:57Z",
  "published": "2022-05-14T01:37:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18933"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/02/2018/11/2018-11-02/index.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://yan-1-20.github.io/2018/11/02/2018/11/2018-11-02"
    },
    {
      "type": "WEB",
      "url": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.