Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11289 vulnerabilities reference this CWE, most recent first.

GHSA-J2CG-2G7J-2GM8

Vulnerability from github – Published: 2024-12-12 12:31 – Updated: 2024-12-12 12:31
VLAI
Details

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T12:15:27Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read vulnerability in the M3U8 module\nImpact: Successful exploitation of this vulnerability may cause features to perform abnormally.",
  "id": "GHSA-j2cg-2g7j-2gm8",
  "modified": "2024-12-12T12:31:16Z",
  "published": "2024-12-12T12:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54116"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2CQ-23C8-HXRP

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-23T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.",
  "id": "GHSA-j2cq-23c8-hxrp",
  "modified": "2022-05-13T01:42:24Z",
  "published": "2022-05-13T01:42:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11542"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHEA-2018:0705"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-23"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208221"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3971"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99940"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039307"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2G7-WJ3P-J9C9

Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2026-05-12 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

sched: sch_cake: add bounds checks to host bulk flow fairness counts

Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access.

To avoid any such logic errors causing out of bounds memory accesses, this commit factors out all accesses to the per-host bulk flow counters to a series of helpers that perform bounds-checking before any increments and decrements. This also has the benefit of improving readability by moving the conditional checks for the flow mode into these helpers, instead of having them spread out throughout the code (which was the cause of the original logic error).

As part of this change, the flow quantum calculation is consolidated into a helper function, which means that the dithering applied to the ost load scaling is now applied both in the DRR rotation and when a sparse flow's quantum is first initiated. The only user-visible effect of this is that the maximum packet size that can be sent while a flow stays sparse will now vary with +/- one byte in some cases. This should not make a noticeable difference in practice, and thus it's not worth complicating the code to preserve the old behaviour.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-19T11:15:10Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
  "id": "GHSA-j2g7-wj3p-j9c9",
  "modified": "2026-05-12T15:30:43Z",
  "published": "2025-01-19T12:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21647"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-503939.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27202e2e8721c3b23831563c36ed5ac7818641ba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44fe1efb4961c1a5ccab16bb579dfc6b308ad58b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/737d4d91d35b5f7fa5bb442651472277318b0bfd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91bb18950b88f955838ec0c1d97f74d135756dc7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a777e06dfc72bed73c05dcb437d7c27ad5f90f3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1a1743aaa4906c41c426eda97e2e2586f79246d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bb0245fa72b783cb23a9949c5048781341e91423"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2H9-4H2F-9PQX

Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49
VLAI
Details

An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14584"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-24T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.",
  "id": "GHSA-j2h9-4h2f-9pqx",
  "modified": "2022-05-13T01:49:59Z",
  "published": "2022-05-13T01:49:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14584"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/298"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/304"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2JW-5CC3-RC76

Vulnerability from github – Published: 2025-09-23 18:30 – Updated: 2025-10-01 21:31
VLAI
Details

Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8410"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-23T18:15:41Z",
    "severity": "MODERATE"
  },
  "details": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.",
  "id": "GHSA-j2jw-5cc3-rc76",
  "modified": "2025-10-01T21:31:20Z",
  "published": "2025-09-23T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8410"
    },
    {
      "type": "WEB",
      "url": "https://www.rti.com/vulnerabilities/#cve-2025-8410"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-J2M8-JXHW-9X9R

Vulnerability from github – Published: 2026-05-04 18:30 – Updated: 2026-05-04 18:30
VLAI
Details

Transient DOS when processing target power rate tables during channel configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T17:16:20Z",
    "severity": "MODERATE"
  },
  "details": "Transient DOS when processing target power rate tables during channel configuration.",
  "id": "GHSA-j2m8-jxhw-9x9r",
  "modified": "2026-05-04T18:30:29Z",
  "published": "2026-05-04T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47401"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2MV-RJ6M-HQ85

Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2026-01-07 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

comedi: pcl812: Fix bit shift out of bounds

When checking for a supported IRQ number, the following test is used:

if ((1 << it->options[1]) & board->irq_bits) {

However, it->options[i] is an unchecked int value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring it->options[1] to be within bounds before proceeding with the original test. Valid it->options[1] values that select the IRQ will be in the range [1,15]. The value 0 explicitly disables the use of interrupts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38530"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-16T12:15:28Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl812: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 board-\u003eirq_bits) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds.  Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.  Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
  "id": "GHSA-j2mv-rj6m-hq85",
  "modified": "2026-01-07T21:31:38Z",
  "published": "2025-08-16T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38530"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0489c30d080f07cc7f09d04de723d8c2ccdb61ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16c173abee315953fd17a279352fec4a1faee862"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29ef03e5b84431171d6b77b822985b54bc44b793"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/374d9b3eb4b08407997ef1fce96119d31e0c0bc4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5bfa301e1e59a9b1a7b62a800b54852337c97416"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e470d8efd10725b189ca8951973a8425932398a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a27e27eee313fe1c450b6af1e80e64412546cab4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b14b076ce593f72585412fc7fd3747e03a5e3632"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2QQ-RW4V-JJX2

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-07T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "An error within the \"kodak_radc_load_raw()\" function (internal/dcraw_common.cpp) related to the \"buf\" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.",
  "id": "GHSA-j2qq-rw4v-jjx2",
  "modified": "2022-05-13T01:13:36Z",
  "published": "2022-05-13T01:13:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5802"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3065"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/79000"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3615-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2QX-G5MC-QFXP

Vulnerability from github – Published: 2022-05-14 00:52 – Updated: 2022-05-14 00:52
VLAI
Details

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-12T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
  "id": "GHSA-j2qx-g5mc-qfxp",
  "modified": "2022-05-14T00:52:56Z",
  "published": "2022-05-14T00:52:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15926"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105439"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041809"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2X2-PRPM-JC88

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-18756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-13T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.\u0027s PLC MAC1100 allows attackers to read the contents of any variable area.",
  "id": "GHSA-j2x2-prpm-jc88",
  "modified": "2022-05-24T19:11:03Z",
  "published": "2022-05-24T19:11:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18756"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ni9htMar3/vulnerability/blob/master/PLC/DCCE/DCCE%20MAC1100%20PLC_read.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.