CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11292 vulnerabilities reference this CWE, most recent first.
GHSA-MHM9-743P-JFXQ
Vulnerability from github – Published: 2024-07-30 00:34 – Updated: 2026-04-02 21:31An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
{
"affected": [],
"aliases": [
"CVE-2024-40799"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T23:15:12Z",
"severity": "HIGH"
},
"details": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.",
"id": "GHSA-mhm9-743p-jfxq",
"modified": "2026-04-02T21:31:50Z",
"published": "2024-07-30T00:34:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40799"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120908"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120909"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120910"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120911"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120912"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120914"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120915"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120916"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214116"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214117"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214118"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214119"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214120"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214122"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214123"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214124"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214116"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214117"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214118"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214119"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214120"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214122"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214124"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/16"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/17"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/21"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/22"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MHMH-RGMH-RF63
Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-11-19 21:31In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix invalid access to memory
In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation accessed again which is wrong since the memory is already freed. This might lead use-after-free error.
Hence, fix by locally defining bool is_continuation from rxcb, so that after freeing skb, is_continuation can be used.
Compile tested only.
{
"affected": [],
"aliases": [
"CVE-2025-38292"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T08:15:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid access to memory\n\nIn ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean\nis_continuation is part of rxcb.\nCurrently, after freeing the skb, the rxcb-\u003eis_continuation accessed\nagain which is wrong since the memory is already freed.\nThis might lead use-after-free error.\n\nHence, fix by locally defining bool is_continuation from rxcb,\nso that after freeing skb, is_continuation can be used.\n\nCompile tested only.",
"id": "GHSA-mhmh-rgmh-rf63",
"modified": "2025-11-19T21:31:15Z",
"published": "2025-07-10T09:32:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38292"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/371b340affa52f280f6eadfd25fbd43f09f0d5c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f09d16cd57764c95c8548fe5b70672c9ac01127"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f17747fbda6fca934854463873c4abf8061491d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MHRH-92MR-7RW4
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2022-05-24 16:58There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
{
"affected": [],
"aliases": [
"CVE-2019-17595"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-14T21:15:00Z",
"severity": "MODERATE"
},
"details": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
"id": "GHSA-mhrh-92mr-7rw4",
"modified": "2022-05-24T16:58:47Z",
"published": "2022-05-24T16:58:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17595"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-28"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MHV6-G5V2-7RQ9
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2011-0984"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-02-10T19:00:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"id": "GHSA-mhv6-g5v2-7rq9",
"modified": "2022-05-13T01:25:55Z",
"published": "2022-05-13T01:25:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0984"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14719"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=69970"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43342"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43368"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2166"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46262"
},
{
"type": "WEB",
"url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2190"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0408"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MHW6-P52X-6VXV
Vulnerability from github – Published: 2026-05-21 15:34 – Updated: 2026-06-19 15:33In the Linux kernel, the following vulnerability has been resolved:
net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler
t7xx_port_enum_msg_handler() uses the modem-supplied port_count field as a loop bound over port_msg->data[] without checking that the message buffer contains sufficient data. A modem sending port_count=65535 in a 12-byte buffer triggers a slab-out-of-bounds read of up to 262140 bytes.
Add a sizeof(*port_msg) check before accessing the port message header fields to guard against undersized messages.
Add a struct_size() check after extracting port_count and before the loop.
In t7xx_parse_host_rt_data(), guard the rt_feature header read with a remaining-buffer check before accessing data_len, validate feat_data_len against the actual remaining buffer to prevent OOB reads and signed integer overflow on offset.
Pass msg_len from both call sites: skb->len at the DPMAIF path after skb_pull(), and the validated feat_data_len at the handshake path.
{
"affected": [],
"aliases": [
"CVE-2026-43495"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-21T13:16:18Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler\n\nt7xx_port_enum_msg_handler() uses the modem-supplied port_count field as\na loop bound over port_msg-\u003edata[] without checking that the message buffer\ncontains sufficient data. A modem sending port_count=65535 in a 12-byte\nbuffer triggers a slab-out-of-bounds read of up to 262140 bytes.\n\nAdd a sizeof(*port_msg) check before accessing the port message header\nfields to guard against undersized messages.\n\nAdd a struct_size() check after extracting port_count and before the loop.\n\nIn t7xx_parse_host_rt_data(), guard the rt_feature header read with a\nremaining-buffer check before accessing data_len, validate feat_data_len\nagainst the actual remaining buffer to prevent OOB reads and signed\ninteger overflow on offset.\n\nPass msg_len from both call sites: skb-\u003elen at the DPMAIF path after\nskb_pull(), and the validated feat_data_len at the handshake path.",
"id": "GHSA-mhw6-p52x-6vxv",
"modified": "2026-06-19T15:33:10Z",
"published": "2026-05-21T15:34:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43495"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0e7c074cfcd9bd93765505f9eb8b42f03ed2a744"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b56d7903ab804481f5233a259d5f341e9fd513c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/307c5d0f36a5c74042217136da5bfbd9f7504650"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9855e063e063158cc5bded576382599dc3133202"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd4f4c93c1488d7100b9964f2da4c8b3c29652f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f94450ce5053b36002995b72d1fa1db3bb08c5bf"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/18/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MHWG-RMWG-CHMJ
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
{
"affected": [],
"aliases": [
"CVE-2018-10254"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-21T16:29:00Z",
"severity": "HIGH"
},
"details": "Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.",
"id": "GHSA-mhwg-rmwg-chmj",
"modified": "2022-05-13T01:25:22Z",
"published": "2022-05-13T01:25:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10254"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/nasm/bugs/561"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MHX8-VX97-XW6W
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file.
{
"affected": [],
"aliases": [
"CVE-2021-38109"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-02T00:15:00Z",
"severity": "MODERATE"
},
"details": "Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file.",
"id": "GHSA-mhx8-vx97-xw6w",
"modified": "2022-05-24T19:16:22Z",
"published": "2022-05-24T19:16:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38109"
},
{
"type": "WEB",
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-038"
},
{
"type": "WEB",
"url": "https://www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-vulnerabilities-across-multiple-corel-products"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MJ48-4FJ3-6FJG
Vulnerability from github – Published: 2023-10-20 09:30 – Updated: 2024-04-04 08:51VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
{
"affected": [],
"aliases": [
"CVE-2023-34044"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-20T09:15:12Z",
"severity": "MODERATE"
},
"details": "VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \nread vulnerability that exists in the functionality for sharing host \nBluetooth devices with the virtual machine.\u00a0A malicious actor with local administrative privileges on a virtual \nmachine may be able to read privileged information contained in \nhypervisor memory from a virtual machine.",
"id": "GHSA-mj48-4fj3-6fjg",
"modified": "2024-04-04T08:51:15Z",
"published": "2023-10-20T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34044"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MJ4R-RG7F-XJM2
Vulnerability from github – Published: 2022-05-14 02:05 – Updated: 2022-05-14 02:05Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
{
"affected": [],
"aliases": [
"CVE-2016-5316"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-20T15:59:00Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.",
"id": "GHSA-mj4r-rg7f-xjm2",
"modified": "2022-05-14T02:05:04Z",
"published": "2022-05-14T02:05:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5316"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3762"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/15/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91203"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ66-HGQF-6QQW
Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2022-08-28 00:00A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.
{
"affected": [],
"aliases": [
"CVE-2020-27799"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-25T20:15:00Z",
"severity": "HIGH"
},
"details": "A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.",
"id": "GHSA-mj66-hgqf-6qqw",
"modified": "2022-08-28T00:00:28Z",
"published": "2022-08-26T00:03:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27799"
},
{
"type": "WEB",
"url": "https://github.com/upx/upx/issues/391"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.