Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11291 vulnerabilities reference this CWE, most recent first.

GHSA-HWRV-XJ84-453C

Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34
VLAI
Details

Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T18:15:55Z",
    "severity": "MODERATE"
  },
  "details": "Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-hwrv-xj84-453c",
  "modified": "2025-04-08T18:34:50Z",
  "published": "2025-04-08T18:34:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27201"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/animate/apsb25-31.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX26-XG26-JR99

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 18:14
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: venus: hfi_parser: refactor hfi packet parsing logic

words_count denotes the number of words in total payload, while data points to payload of various property within it. When words_count reaches last word, data can access memory beyond the total payload. This can lead to OOB access. With this patch, the utility api for handling individual properties now returns the size of data consumed. Accordingly remaining bytes are calculated before parsing the payload, thereby eliminates the OOB access possibilities.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23156"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T13:15:51Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: refactor hfi packet parsing logic\n\nwords_count denotes the number of words in total payload, while data\npoints to payload of various property within it. When words_count\nreaches last word, data can access memory beyond the total payload. This\ncan lead to OOB access. With this patch, the utility api for handling\nindividual properties now returns the size of data consumed. Accordingly\nremaining bytes are calculated before parsing the payload, thereby\neliminates the OOB access possibilities.",
  "id": "GHSA-hx26-xg26-jr99",
  "modified": "2025-11-05T18:14:25Z",
  "published": "2025-05-01T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23156"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05b07e52a0d08239147ba3460045855f4fb398de"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0beabe9b49190a02321b02792b29fc0f0e28b51f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f9a4bab7d83738963365372e4745854938eab2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d278c5548d840c4d85d445347b2a5c31b2ab3a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9edaaa8e3e15aab1ca413ab50556de1975bcb329"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a736c72d476d1c7ca7be5018f2614ee61168ad01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bb3fd8b7906a12dc2b61389abb742bf6542d97fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f195e94c7af921d99abd79f57026a218d191d2c7"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX4H-96RX-2GC2

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-13T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786",
  "id": "GHSA-hx4h-96rx-2gc2",
  "modified": "2022-05-24T17:47:13Z",
  "published": "2022-05-24T17:47:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0471"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2021-04-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HX56-J58P-68XV

Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53
VLAI
Details

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-20T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
  "id": "GHSA-hx56-j58p-68xv",
  "modified": "2022-05-14T00:53:19Z",
  "published": "2022-05-14T00:53:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12803"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104699"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041250"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX63-G2PC-CMHC

Vulnerability from github – Published: 2023-02-06 21:30 – Updated: 2023-02-12 00:30
VLAI
Details

In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-06T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236.",
  "id": "GHSA-hx63-g2pc-cmhc",
  "modified": "2023-02-12T00:30:24Z",
  "published": "2023-02-06T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32595"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/December-2022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX65-7CC8-9862

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2023-02-14 12:30
VLAI
Details

An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.",
  "id": "GHSA-hx65-7cc8-9862",
  "modified": "2023-02-14T12:30:25Z",
  "published": "2022-05-24T19:20:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43391"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.opendesign.com/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX6P-XPX3-JVVV

Vulnerability from github – Published: 2026-04-09 20:22 – Updated: 2026-04-24 21:03
VLAI
Summary
Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding
Details

Summary

Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds check. Specifically the number of code units were checked instead of the byte length, which is twice the size of the code units.

This vulnerability can cause the host to read beyond the end of a WebAssembly's linear memory in an attempt to transcode nonexistent bytes. In Wasmtime's default configuration this will read unmapped memory on a guard page, terminating the process with a segfault. Wasmtime can be configured, however, without guard pages which would mean that host memory beyond the end of linear memory may be read and interpreted as UTF-16.

A host segfault is a denial-of-service vulnerability in Wasmtime, and possibly being able to read beyond the end of linear memory is additionally a vulnerability. Note that reading beyond the end of linear memory requires nonstandard configuration of Wasmtime, specifically with guard pages disabled.

Impact

This is an out-of-bounds memory access. Any user running untrusted wasm components that use cross-component string passing (with UTF-16 source and latin1+utf16 destination encodings) is affected.

  • With guard pages: Denial of service. The host process crashes with SIGBUS/SIGSEGV.
  • Without guard pages: Potential information disclosure. The guest can read host memory beyond its linear memory allocation.

Patches

Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime. Workarounds

There is no workaround for this bug. Hosts are recommended to updated to a patched version of Wasmtime.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "24.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "25.0.0"
            },
            {
              "fixed": "36.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "37.0.0"
            },
            {
              "fixed": "42.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "43.0.0"
            },
            {
              "fixed": "43.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "43.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34941"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-09T20:22:08Z",
    "nvd_published_at": "2026-04-09T19:16:23Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nWasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds check. Specifically the number of code units were checked instead of the byte length, which is twice the size of the code units.\n\nThis vulnerability can cause the host to read beyond the end of a WebAssembly\u0027s linear memory in an attempt to transcode nonexistent bytes. In Wasmtime\u0027s default configuration this will read unmapped memory on a guard page, terminating the process with a segfault. Wasmtime can be configured, however, without guard pages which would mean that host memory beyond the end of linear memory may be read and interpreted as UTF-16.\n\nA host segfault is a denial-of-service vulnerability in Wasmtime, and possibly being able to read beyond the end of linear memory is additionally a vulnerability. Note that reading beyond the end of linear memory requires nonstandard configuration of Wasmtime, specifically with guard pages disabled.\n\n### Impact\n\nThis is an out-of-bounds memory access. Any user running untrusted wasm components that use cross-component string passing (with UTF-16 source and latin1+utf16 destination encodings) is affected.\n\n- With guard pages: Denial of service. The host process crashes with SIGBUS/SIGSEGV.\n- Without guard pages: Potential information disclosure. The guest can read host memory beyond its linear memory allocation.\n\nPatches\n\nWasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.\nWorkarounds\n\nThere is no workaround for this bug. Hosts are recommended to updated to a patched version of Wasmtime.",
  "id": "GHSA-hx6p-xpx3-jvvv",
  "modified": "2026-04-24T21:03:53Z",
  "published": "2026-04-09T20:22:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hx6p-xpx3-jvvv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34941"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bytecodealliance/wasmtime"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0093.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding"
}

GHSA-HX7H-2WVR-3Q4J

Vulnerability from github – Published: 2024-11-20 00:32 – Updated: 2024-11-22 21:32
VLAI
Details

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9456"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T23:15:04Z",
    "severity": "HIGH"
  },
  "details": "In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-hx7h-2wvr-3q4j",
  "modified": "2024-11-22T21:32:13Z",
  "published": "2024-11-20T00:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9456"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX7R-QWXV-W9J9

Vulnerability from github – Published: 2024-11-12 15:30 – Updated: 2025-11-03 21:31
VLAI
Details

The hda driver is vulnerable to a buffer over-read from a guest-controlled value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51565"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T15:15:11Z",
    "severity": "MODERATE"
  },
  "details": "The hda driver is vulnerable to a buffer over-read from a guest-controlled value.",
  "id": "GHSA-hx7r-qwxv-w9j9",
  "modified": "2025-11-03T21:31:36Z",
  "published": "2024-11-12T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51565"
    },
    {
      "type": "WEB",
      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250207-0008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX94-FMP2-8M32

Vulnerability from github – Published: 2022-12-21 21:30 – Updated: 2022-12-21 21:30
VLAI
Details

In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-16T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A",
  "id": "GHSA-hx94-fmp2-8m32",
  "modified": "2022-12-21T21:30:15Z",
  "published": "2022-12-21T21:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42543"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.