Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11273 vulnerabilities reference this CWE, most recent first.

GHSA-JGV2-9HRR-WQ97

Vulnerability from github – Published: 2023-06-07 06:30 – Updated: 2024-04-04 04:39
VLAI
Details

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-07T04:15:10Z",
    "severity": "HIGH"
  },
  "details": "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.",
  "id": "GHSA-jgv2-9hrr-wq97",
  "modified": "2024-04-04T04:39:05Z",
  "published": "2023-06-07T06:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33537"
    },
    {
      "type": "WEB",
      "url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/1/TL-WR940N_TL-WR841N_TL-WR740N_userRpm_FixMapCfgRpm.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH3F-R4H2-78QJ

Vulnerability from github – Published: 2022-04-19 00:00 – Updated: 2022-04-24 00:00
VLAI
Details

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_prev().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-28603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-129"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-18T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser\u003cPMDEC\u003e::read_hedge() e-\u003eset_prev().",
  "id": "GHSA-jh3f-r4h2-78qj",
  "modified": "2022-04-24T00:00:32Z",
  "published": "2022-04-19T00:00:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28603"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-34"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH3R-WP2V-G2F5

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:45
VLAI
Details

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-23T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .",
  "id": "GHSA-jh3r-wp2v-g2f5",
  "modified": "2024-04-04T00:45:55Z",
  "published": "2022-05-24T16:46:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7114"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-17.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH4F-5J2M-4V9C

Vulnerability from github – Published: 2022-04-19 00:00 – Updated: 2025-06-09 15:31
VLAI
Details

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-18T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.",
  "id": "GHSA-jh4f-5j2m-4v9c",
  "modified": "2025-06-09T15:31:33Z",
  "published": "2022-04-19T00:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213488"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH4J-8VRR-GRG5

Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2021-12-08 00:01
VLAI
Details

Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T14:15:00Z",
    "severity": "LOW"
  },
  "details": "Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.",
  "id": "GHSA-jh4j-8vrr-grg5",
  "modified": "2021-12-08T00:01:29Z",
  "published": "2021-12-08T00:01:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44186"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/bridge/apsb22-03.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1452"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JH5R-6PCQ-W8HP

Vulnerability from github – Published: 2022-12-20 21:30 – Updated: 2022-12-20 21:30
VLAI
Details

In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-16T16:15:00Z",
    "severity": "LOW"
  },
  "details": "In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711",
  "id": "GHSA-jh5r-6pcq-w8hp",
  "modified": "2022-12-20T21:30:19Z",
  "published": "2022-12-20T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20528"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2022-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH5W-4GPM-R5XW

Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-06-30 03:37
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix potential out-of-bounds access in crush_decode()

A message of type CEPH_MSG_OSD_MAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an out-of-bounds access can occur. This is the case because the first algorithm field (alg) is used to allocate the correct amount of memory for a bucket of this type, while the second algorithm field inside the bucket (b->alg) is used in the subsequent processing.

This patch fixes the issue by adding a check that compares alg and b->alg and aborts the processing in case they differ. Furthermore, b->alg is set to 0 in this case, because the destruction of the crush map also uses this field to determine the bucket type, which can again result in an out-of-bounds access when trying to free the memory pointed to by the fields of the bucket. To correctly free the memory allocated for the bucket in such a case, the corresponding call to kfree is moved from the algorithm-specific crush_destroy_bucket functions to the generic crush_destroy_bucket().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-52955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-131"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T17:17:05Z",
    "severity": "CRITICAL"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: Fix potential out-of-bounds access in crush_decode()\n\nA message of type CEPH_MSG_OSD_MAP containing a crush map with at least\none bucket has two fields holding the bucket algorithm. If the values\nin these two fields differ, an out-of-bounds access can occur. This is\nthe case because the first algorithm field (alg) is used to allocate\nthe correct amount of memory for a bucket of this type, while the second\nalgorithm field inside the bucket (b-\u003ealg) is used in the subsequent\nprocessing.\n\nThis patch fixes the issue by adding a check that compares alg and\nb-\u003ealg and aborts the processing in case they differ. Furthermore,\nb-\u003ealg is set to 0 in this case, because the destruction of the crush\nmap also uses this field to determine the bucket type, which can again\nresult in an out-of-bounds access when trying to free the memory pointed\nto by the fields of the bucket. To correctly free the memory allocated\nfor the bucket in such a case, the corresponding call to kfree is moved\nfrom the algorithm-specific crush_destroy_bucket functions to the\ngeneric crush_destroy_bucket().",
  "id": "GHSA-jh5w-4gpm-r5xw",
  "modified": "2026-06-30T03:37:11Z",
  "published": "2026-06-24T18:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52955"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-52955"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492328"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f3604cbe4df14c5e58288ac9f57511e726a222d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3f42508191e129ee6b5ea96578d5cab14f2a013a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c79fc2d598694bda845b46229c9d48b65042970"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e70ef53e818c53eab28d7b0026b7fd03dddaba5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cceb10023e76bc89f3fe9238ebd0ccab0fc7c7c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea0d42137f0c06da71e37ffc647aab4c5309599a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebe76d58a48a48031b98543d86c4cd30a825b622"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb176a99e4c1a5a8448a83d83d3606203ba81faa"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52955.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH64-9F55-5HRX

Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32
VLAI
Details

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T17:21:08Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.",
  "id": "GHSA-jh64-9f55-5hrx",
  "modified": "2025-06-10T18:32:27Z",
  "published": "2025-06-10T18:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24065"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24065"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH65-6GQ2-4WQ3

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2025-12-18 00:34
VLAI
Details

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14465"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-03T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().",
  "id": "GHSA-jh65-6gq2-4wq3",
  "modified": "2025-12-18T00:34:04Z",
  "published": "2022-05-24T16:57:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14465"
    },
    {
      "type": "WEB",
      "url": "https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4547"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4252-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4252-1"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT210788"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200120-0001"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Oct/28"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Dec/23"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Dec/26"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH6C-F2XF-5X35

Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2022-09-14 00:00
VLAI
Details

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18196)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39156"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-13T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.262), Parasolid V33.1 (All versions \u003e= V33.1.262 \u003c V33.1.263), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.161), Parasolid V35.0 (All versions \u003e= V35.0.161 \u003c V35.0.164), Simcenter Femap V2022.1 (All versions \u003c V2022.1.3), Simcenter Femap V2022.2 (All versions \u003c V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18196)",
  "id": "GHSA-jh6c-f2xf-5x35",
  "modified": "2022-09-14T00:00:50Z",
  "published": "2022-09-14T00:00:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39156"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-518824.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.