CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11289 vulnerabilities reference this CWE, most recent first.
GHSA-J2CG-2G7J-2GM8
Vulnerability from github – Published: 2024-12-12 12:31 – Updated: 2024-12-12 12:31Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
{
"affected": [],
"aliases": [
"CVE-2024-54116"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T12:15:27Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read vulnerability in the M3U8 module\nImpact: Successful exploitation of this vulnerability may cause features to perform abnormally.",
"id": "GHSA-j2cg-2g7j-2gm8",
"modified": "2024-12-12T12:31:16Z",
"published": "2024-12-12T12:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54116"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-J2CQ-23C8-HXRP
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
{
"affected": [],
"aliases": [
"CVE-2017-11542"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-23T03:29:00Z",
"severity": "CRITICAL"
},
"details": "tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.",
"id": "GHSA-j2cq-23c8-hxrp",
"modified": "2022-05-13T01:42:24Z",
"published": "2022-05-13T01:42:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11542"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
},
{
"type": "WEB",
"url": "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201709-23"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208221"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3971"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99940"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039307"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2G7-WJ3P-J9C9
Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2026-05-12 15:30In the Linux kernel, the following vulnerability has been resolved:
sched: sch_cake: add bounds checks to host bulk flow fairness counts
Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access.
To avoid any such logic errors causing out of bounds memory accesses, this commit factors out all accesses to the per-host bulk flow counters to a series of helpers that perform bounds-checking before any increments and decrements. This also has the benefit of improving readability by moving the conditional checks for the flow mode into these helpers, instead of having them spread out throughout the code (which was the cause of the original logic error).
As part of this change, the flow quantum calculation is consolidated into a helper function, which means that the dithering applied to the ost load scaling is now applied both in the DRR rotation and when a sparse flow's quantum is first initiated. The only user-visible effect of this is that the maximum packet size that can be sent while a flow stays sparse will now vary with +/- one byte in some cases. This should not make a noticeable difference in practice, and thus it's not worth complicating the code to preserve the old behaviour.
{
"affected": [],
"aliases": [
"CVE-2025-21647"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-19T11:15:10Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"id": "GHSA-j2g7-wj3p-j9c9",
"modified": "2026-05-12T15:30:43Z",
"published": "2025-01-19T12:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21647"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-503939.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/27202e2e8721c3b23831563c36ed5ac7818641ba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44fe1efb4961c1a5ccab16bb579dfc6b308ad58b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/737d4d91d35b5f7fa5bb442651472277318b0bfd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/91bb18950b88f955838ec0c1d97f74d135756dc7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a777e06dfc72bed73c05dcb437d7c27ad5f90f3f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1a1743aaa4906c41c426eda97e2e2586f79246d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb0245fa72b783cb23a9949c5048781341e91423"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2H9-4H2F-9PQX
Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2018-14584"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-24T16:29:00Z",
"severity": "HIGH"
},
"details": "An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.",
"id": "GHSA-j2h9-4h2f-9pqx",
"modified": "2022-05-13T01:49:59Z",
"published": "2022-05-13T01:49:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14584"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/298"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/304"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2JW-5CC3-RC76
Vulnerability from github – Published: 2025-09-23 18:30 – Updated: 2025-10-01 21:31Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
{
"affected": [],
"aliases": [
"CVE-2025-8410"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-23T18:15:41Z",
"severity": "MODERATE"
},
"details": "Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.",
"id": "GHSA-j2jw-5cc3-rc76",
"modified": "2025-10-01T21:31:20Z",
"published": "2025-09-23T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8410"
},
{
"type": "WEB",
"url": "https://www.rti.com/vulnerabilities/#cve-2025-8410"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J2M8-JXHW-9X9R
Vulnerability from github – Published: 2026-05-04 18:30 – Updated: 2026-05-04 18:30Transient DOS when processing target power rate tables during channel configuration.
{
"affected": [],
"aliases": [
"CVE-2025-47401"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T17:16:20Z",
"severity": "MODERATE"
},
"details": "Transient DOS when processing target power rate tables during channel configuration.",
"id": "GHSA-j2m8-jxhw-9x9r",
"modified": "2026-05-04T18:30:29Z",
"published": "2026-05-04T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47401"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2MV-RJ6M-HQ85
Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2026-01-07 21:31In the Linux kernel, the following vulnerability has been resolved:
comedi: pcl812: Fix bit shift out of bounds
When checking for a supported IRQ number, the following test is used:
if ((1 << it->options[1]) & board->irq_bits) {
However, it->options[i] is an unchecked int value from userspace, so
the shift amount could be negative or out of bounds. Fix the test by
requiring it->options[1] to be within bounds before proceeding with
the original test. Valid it->options[1] values that select the IRQ
will be in the range [1,15]. The value 0 explicitly disables the use of
interrupts.
{
"affected": [],
"aliases": [
"CVE-2025-38530"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-16T12:15:28Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl812: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 board-\u003eirq_bits) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"id": "GHSA-j2mv-rj6m-hq85",
"modified": "2026-01-07T21:31:38Z",
"published": "2025-08-16T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38530"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0489c30d080f07cc7f09d04de723d8c2ccdb61ef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16c173abee315953fd17a279352fec4a1faee862"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29ef03e5b84431171d6b77b822985b54bc44b793"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/374d9b3eb4b08407997ef1fce96119d31e0c0bc4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5bfa301e1e59a9b1a7b62a800b54852337c97416"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e470d8efd10725b189ca8951973a8425932398a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a27e27eee313fe1c450b6af1e80e64412546cab4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b14b076ce593f72585412fc7fd3747e03a5e3632"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2QQ-RW4V-JJX2
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
{
"affected": [],
"aliases": [
"CVE-2018-5802"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-07T22:29:00Z",
"severity": "HIGH"
},
"details": "An error within the \"kodak_radc_load_raw()\" function (internal/dcraw_common.cpp) related to the \"buf\" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.",
"id": "GHSA-j2qq-rw4v-jjx2",
"modified": "2022-05-13T01:13:36Z",
"published": "2022-05-13T01:13:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5802"
},
{
"type": "WEB",
"url": "https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3065"
},
{
"type": "WEB",
"url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html"
},
{
"type": "WEB",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/79000"
},
{
"type": "WEB",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3615-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2QX-G5MC-QFXP
Vulnerability from github – Published: 2022-05-14 00:52 – Updated: 2022-05-14 00:52Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2018-15926"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-12T18:29:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-j2qx-g5mc-qfxp",
"modified": "2022-05-14T00:52:56Z",
"published": "2022-05-14T00:52:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15926"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105439"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041809"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J2X2-PRPM-JC88
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.
{
"affected": [],
"aliases": [
"CVE-2020-18756"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-13T17:15:00Z",
"severity": "HIGH"
},
"details": "An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.\u0027s PLC MAC1100 allows attackers to read the contents of any variable area.",
"id": "GHSA-j2x2-prpm-jc88",
"modified": "2022-05-24T19:11:03Z",
"published": "2022-05-24T19:11:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18756"
},
{
"type": "WEB",
"url": "https://github.com/Ni9htMar3/vulnerability/blob/master/PLC/DCCE/DCCE%20MAC1100%20PLC_read.md"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.