CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-46PR-4793-7HQ6
Vulnerability from github – Published: 2023-01-04 12:30 – Updated: 2023-01-10 18:30In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
{
"affected": [],
"aliases": [
"CVE-2022-44445"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-04T10:15:00Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.",
"id": "GHSA-46pr-4793-7hq6",
"modified": "2023-01-10T18:30:26Z",
"published": "2023-01-04T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44445"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4728-C4X2-H2QM
Vulnerability from github – Published: 2026-06-02 00:31 – Updated: 2026-06-02 00:31Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
{
"affected": [],
"aliases": [
"CVE-2025-59609"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T23:16:16Z",
"severity": "MODERATE"
},
"details": "Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.",
"id": "GHSA-4728-c4x2-h2qm",
"modified": "2026-06-02T00:31:57Z",
"published": "2026-06-02T00:31:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59609"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-49J5-25JJ-6293
Vulnerability from github – Published: 2024-11-04 12:32 – Updated: 2024-11-04 12:32Transient DOS while parsing BTM ML IE when per STA profile is not included.
{
"affected": [],
"aliases": [
"CVE-2024-38403"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-04T10:15:06Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing BTM ML IE when per STA profile is not included.",
"id": "GHSA-49j5-25jj-6293",
"modified": "2024-11-04T12:32:56Z",
"published": "2024-11-04T12:32:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38403"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-49JM-RRR5-6685
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50402"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:42Z",
"severity": "HIGH"
},
"details": "Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-49jm-rrr5-6685",
"modified": "2026-07-14T18:32:20Z",
"published": "2026-07-14T18:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50402"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50402"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4F7M-V6HV-9HCR
Vulnerability from github – Published: 2025-05-15 18:31 – Updated: 2025-05-19 21:30An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2024-52879"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-15T16:15:33Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read.",
"id": "GHSA-4f7m-v6hv-9hcr",
"modified": "2025-05-19T21:30:31Z",
"published": "2025-05-15T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52879"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge/sa-2024016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4FMH-MF22-VCRX
Vulnerability from github – Published: 2023-08-08 12:30 – Updated: 2024-04-04 06:38Transient DOS in Audio while remapping channel buffer in media codec decoding.
{
"affected": [],
"aliases": [
"CVE-2023-28555"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T10:15:14Z",
"severity": "HIGH"
},
"details": "Transient DOS in Audio while remapping channel buffer in media codec decoding.",
"id": "GHSA-4fmh-mf22-vcrx",
"modified": "2024-04-04T06:38:26Z",
"published": "2023-08-08T12:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28555"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4GMQ-QMQJ-MJVF
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-26184"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:16:55Z",
"severity": "HIGH"
},
"details": "Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-4gmq-qmqj-mjvf",
"modified": "2026-04-14T18:30:38Z",
"published": "2026-04-14T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26184"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26184"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4H9H-Q39G-QF8M
Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32Transient DOS while processing received beacon frame.
{
"affected": [],
"aliases": [
"CVE-2025-21454"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T13:15:30Z",
"severity": "HIGH"
},
"details": "Transient DOS while processing received beacon frame.",
"id": "GHSA-4h9h-q39g-qf8m",
"modified": "2025-07-08T15:32:02Z",
"published": "2025-07-08T15:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21454"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HC8-554P-PQQ5
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.
{
"affected": [],
"aliases": [
"CVE-2023-21669"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:12Z",
"severity": "HIGH"
},
"details": "Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.",
"id": "GHSA-4hc8-554p-pqq5",
"modified": "2024-04-04T04:34:59Z",
"published": "2023-06-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21669"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4MGV-G5J9-FR8Q
Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2024-02-20 15:31A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv6 ICMPv6 packet.
{
"affected": [],
"aliases": [
"CVE-2023-39541"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-20T15:15:08Z",
"severity": "MODERATE"
},
"details": "A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv6 ICMPv6 packet.",
"id": "GHSA-4mgv-g5j9-fr8q",
"modified": "2024-02-20T15:31:05Z",
"published": "2024-02-20T15:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39541"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1828"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.