Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11291 vulnerabilities reference this CWE, most recent first.

GHSA-MCXH-4GJR-CMR4

Vulnerability from github – Published: 2024-12-27 12:30 – Updated: 2024-12-27 12:30
VLAI
Details

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)

The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T10:15:06Z",
    "severity": "LOW"
  },
  "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.",
  "id": "GHSA-mcxh-4gjr-cmr4",
  "modified": "2024-12-27T12:30:35Z",
  "published": "2024-12-27T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1818"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF28-6FXR-HG2W

Vulnerability from github – Published: 2023-06-28 18:30 – Updated: 2024-04-04 05:15
VLAI
Details

In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-264624283

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-28T18:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-264624283",
  "id": "GHSA-mf28-6fxr-hg2w",
  "modified": "2024-04-04T05:15:18Z",
  "published": "2023-06-28T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21188"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2023-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF3Q-96RC-C28Q

Vulnerability from github – Published: 2025-07-09 00:30 – Updated: 2025-07-09 00:30
VLAI
Details

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T22:15:24Z",
    "severity": "MODERATE"
  },
  "details": "Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-mf3q-96rc-c28q",
  "modified": "2025-07-09T00:30:31Z",
  "published": "2025-07-09T00:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30313"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/illustrator/apsb25-65.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF5R-6F88-Q9XF

Vulnerability from github – Published: 2024-07-17 00:32 – Updated: 2024-07-17 00:32
VLAI
Details

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T23:15:19Z",
    "severity": "LOW"
  },
  "details": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).",
  "id": "GHSA-mf5r-6f88-q9xf",
  "modified": "2024-07-17T00:32:55Z",
  "published": "2024-07-17T00:32:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21164"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF6X-7MM4-X2G7

Vulnerability from github – Published: 2019-06-20 18:22 – Updated: 2021-03-19 20:59
VLAI
Summary
Out-of-bounds Read in stringstream
Details

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

Recommendation

No fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is being passed in to stringstream.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "stringstream"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-21270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-06-20T18:22:00Z",
    "nvd_published_at": "2020-12-03T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "All versions of `stringstream` are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.\n\n\n## Recommendation\n\nNo fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is being passed in to `stringstream`.",
  "id": "GHSA-mf6x-7mm4-x2g7",
  "modified": "2021-03-19T20:59:51Z",
  "published": "2019-06-20T18:22:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/321670"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mhart/StringStream/blob/v0.0.5/stringstream.js#L32"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/664"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Out-of-bounds Read in stringstream"
}

GHSA-MF78-VF74-9QC5

Vulnerability from github – Published: 2022-05-19 00:00 – Updated: 2022-05-27 00:01
VLAI
Details

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-18T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.",
  "id": "GHSA-mf78-vf74-9qc5",
  "modified": "2022-05-27T00:01:29Z",
  "published": "2022-05-19T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30976"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/2179"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/blob/105d67985ff3c3f4b98a98f312e3d84ae77a4463/share/doc/man/gpac.1#L2226-L2229"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/blob/105d67985ff3c3f4b98a98f312e3d84ae77a4463/src/utils/utf.c#L35-L59"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF89-8VQ6-QJF7

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-17T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.",
  "id": "GHSA-mf89-8vq6-qjf7",
  "modified": "2022-05-13T01:03:25Z",
  "published": "2022-05-13T01:03:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5040"
    },
    {
      "type": "WEB",
      "url": "https://www.prevanders.net/dwarfbug.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF8H-29WQ-RFJ2

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2024-04-04 01:41
VLAI
Details

GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-15147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-18T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.",
  "id": "GHSA-mf8h-29wq-rfj2",
  "modified": "2024-04-04T01:41:55Z",
  "published": "2022-05-24T16:53:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15147"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gopro/gpmf-parser/issues/60"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gopro/gpmf-parser/commit/341f12cd5b97ab419e53853ca00176457c9f1681"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF9G-R3M3-53J9

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14
VLAI
Details

soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6611"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-04T12:29:00Z",
    "severity": "HIGH"
  },
  "details": "soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.",
  "id": "GHSA-mf9g-r3m3-53j9",
  "modified": "2022-05-13T01:14:38Z",
  "published": "2022-05-13T01:14:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6611"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenMPT/openmpt/commit/b60b322cf9f0ffa624018f1bb9783edf0dc908c3"
    },
    {
      "type": "WEB",
      "url": "https://lib.openmpt.org/libopenmpt/2018/02/03/security-update-0.3.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MFC2-PM34-9X3Q

Vulnerability from github – Published: 2024-03-11 21:31 – Updated: 2024-11-06 18:31
VLAI
Details

In plugin_extern_func of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-11T19:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In plugin_extern_func of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-mfc2-pm34-9x3q",
  "modified": "2024-11-06T18:31:03Z",
  "published": "2024-03-11T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27235"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2024-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.