Common Weakness Enumeration

CWE-126

Allowed

Buffer Over-read

Abstraction: Variant · Status: Draft

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

855 vulnerabilities reference this CWE, most recent first.

GHSA-4P3H-QRPG-H7HR

Vulnerability from github – Published: 2023-05-02 06:30 – Updated: 2024-04-04 03:45
VLAI
Details

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40505"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-02T06:15:10Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure due to buffer over-read in Modem while parsing DNS hostname.",
  "id": "GHSA-4p3h-qrpg-h7hr",
  "modified": "2024-04-04T03:45:36Z",
  "published": "2023-05-02T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40505"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4P49-PGHR-968W

Vulnerability from github – Published: 2026-03-24 21:31 – Updated: 2026-06-30 03:36
VLAI
Details

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126",
      "CWE-130"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-24T21:16:29Z",
    "severity": "HIGH"
  },
  "details": "A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird \u003c 149 and Thunderbird \u003c 140.9.",
  "id": "GHSA-4p49-pghr-968w",
  "modified": "2026-06-30T03:36:00Z",
  "published": "2026-03-24T21:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4371"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-24"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-23"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4371.json"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451001"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023493"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4371"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8850"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8315"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8290"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8289"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8288"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8287"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8286"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8285"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8284"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6917"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6342"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6188"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4P54-36PQ-7QRC

Vulnerability from github – Published: 2022-08-24 00:00 – Updated: 2022-08-27 00:00
VLAI
Details

A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-35511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-23T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.",
  "id": "GHSA-4p54-36pq-7qrc",
  "modified": "2022-08-27T00:00:42Z",
  "published": "2022-08-24T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35511"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5300"
    },
    {
      "type": "WEB",
      "url": "http://www.libpng.org/pub/png/apps/pngcheck.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4PPF-RV9C-6QJQ

Vulnerability from github – Published: 2023-01-05 18:30 – Updated: 2023-01-12 00:30
VLAI
Details

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-05T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.",
  "id": "GHSA-4ppf-rv9c-6qjq",
  "modified": "2023-01-12T00:30:19Z",
  "published": "2023-01-05T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4433"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-103709"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4PPR-X3RG-CCJ6

Vulnerability from github – Published: 2023-08-08 12:30 – Updated: 2024-04-04 06:37
VLAI
Details

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T10:15:13Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure in Network Services due to buffer over-read while the device receives DNS response.",
  "id": "GHSA-4ppr-x3rg-ccj6",
  "modified": "2024-04-04T06:37:57Z",
  "published": "2023-08-08T12:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21625"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q33-WJ3R-P79Q

Vulnerability from github – Published: 2024-01-02 06:30 – Updated: 2024-01-02 06:30
VLAI
Details

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-02T06:15:13Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.",
  "id": "GHSA-4q33-wj3r-p79q",
  "modified": "2024-01-02T06:30:31Z",
  "published": "2024-01-02T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43512"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q5Q-CFPQ-3H3J

Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33
VLAI
Details

Transient DOS may occur while parsing extended IE in beacon.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21435"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T11:15:51Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS may occur while parsing extended IE in beacon.",
  "id": "GHSA-4q5q-cfpq-3h3j",
  "modified": "2025-04-07T12:33:18Z",
  "published": "2025-04-07T12:33:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21435"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4RMV-M7CX-WVG4

Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33
VLAI
Details

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21428"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T11:15:50Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session.",
  "id": "GHSA-4rmv-m7cx-wvg4",
  "modified": "2025-04-07T12:33:18Z",
  "published": "2025-04-07T12:33:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21428"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4VV2-435C-33CH

Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:02
VLAI
Details

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22385"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-03T06:15:21Z",
    "severity": "CRITICAL"
  },
  "details": "Memory Corruption in Data Modem while making a MO call or MT VOLTE call.",
  "id": "GHSA-4vv2-435c-33ch",
  "modified": "2024-04-04T08:02:16Z",
  "published": "2023-10-03T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22385"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X46-H598-64QR

Vulnerability from github – Published: 2026-06-30 15:30 – Updated: 2026-06-30 15:30
VLAI
Details

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-58013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T13:19:17Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.",
  "id": "GHSA-4x46-h598-64qr",
  "modified": "2026-06-30T15:30:45Z",
  "published": "2026-06-30T15:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58013"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-58013"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492248"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3925"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.