CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
855 vulnerabilities reference this CWE, most recent first.
GHSA-986V-GC7P-69FC
Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33Windows Common Log File System Driver Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-49088"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T02:04:33Z",
"severity": "HIGH"
},
"details": "Windows Common Log File System Driver Elevation of Privilege Vulnerability",
"id": "GHSA-986v-gc7p-69fc",
"modified": "2024-12-12T03:33:04Z",
"published": "2024-12-12T03:33:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49088"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49088"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-987F-MX6V-8J5V
Vulnerability from github – Published: 2024-09-02 12:30 – Updated: 2024-09-02 12:30Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
{
"affected": [],
"aliases": [
"CVE-2024-33057"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-02T12:15:18Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.",
"id": "GHSA-987f-mx6v-8j5v",
"modified": "2024-09-02T12:30:45Z",
"published": "2024-09-02T12:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33057"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-994F-6382-QM9H
Vulnerability from github – Published: 2025-02-03 18:30 – Updated: 2025-02-03 18:30Information disclosure while processing IO control commands.
{
"affected": [],
"aliases": [
"CVE-2024-38417"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-03T17:15:17Z",
"severity": "MODERATE"
},
"details": "Information disclosure while processing IO control commands.",
"id": "GHSA-994f-6382-qm9h",
"modified": "2025-02-03T18:30:42Z",
"published": "2025-02-03T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38417"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9J5F-V4WH-F63G
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416)
{
"affected": [],
"aliases": [
"CVE-2021-34322"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416)",
"id": "GHSA-9j5f-v4wh-f63g",
"modified": "2022-05-24T19:07:38Z",
"published": "2022-05-24T19:07:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34322"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-859"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9P6H-67HG-3PH5
Vulnerability from github – Published: 2022-06-24 00:00 – Updated: 2022-06-30 00:00Buffer Over-read in GitHub repository vim/vim prior to 8.2.
{
"affected": [],
"aliases": [
"CVE-2022-2175"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-23T13:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"id": "GHSA-9p6h-67hg-3ph5",
"modified": "2022-06-30T00:00:35Z",
"published": "2022-06-24T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2175"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9PJ9-M7VP-27HP
Vulnerability from github – Published: 2023-11-14 21:30 – Updated: 2023-11-14 21:30Transient DOS in WLAN Firmware while parsing t2lm buffers.
{
"affected": [],
"aliases": [
"CVE-2023-33048"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T06:15:11Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while parsing t2lm buffers.",
"id": "GHSA-9pj9-m7vp-27hp",
"modified": "2023-11-14T21:30:53Z",
"published": "2023-11-14T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33048"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9Q64-8G8H-WR27
Vulnerability from github – Published: 2022-01-22 00:00 – Updated: 2026-01-08 12:30Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64.
{
"affected": [],
"aliases": [
"CVE-2022-23130"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-21T19:15:00Z",
"severity": "MODERATE"
},
"details": "Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64.",
"id": "GHSA-9q64-8g8h-wr27",
"modified": "2026-01-08T12:30:28Z",
"published": "2022-01-22T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23130"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU95403720/index.html"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-028_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9QWG-CH53-9RXW
Vulnerability from github – Published: 2025-04-03 15:31 – Updated: 2026-04-22 12:30A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2025-32052"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-03T14:15:44Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.",
"id": "GHSA-9qwg-ch53-9rxw",
"modified": "2026-04-22T12:30:28Z",
"published": "2025-04-03T15:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32052"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4440"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4508"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4560"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:4568"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7436"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:8292"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-32052"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357069"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/425"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9RJC-P324-P26X
Vulnerability from github – Published: 2023-09-05 09:30 – Updated: 2024-04-04 07:26Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.
{
"affected": [],
"aliases": [
"CVE-2022-40524"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-05T07:15:12Z",
"severity": "HIGH"
},
"details": "Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.",
"id": "GHSA-9rjc-p324-p26x",
"modified": "2024-04-04T07:26:48Z",
"published": "2023-09-05T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40524"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9RM7-7C5C-F5VJ
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34Transient DOS in WLAN Firmware while parsing FT Information Elements.
{
"affected": [],
"aliases": [
"CVE-2023-21660"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while parsing FT Information Elements.",
"id": "GHSA-9rm7-7c5c-f5vj",
"modified": "2024-04-04T04:34:50Z",
"published": "2023-06-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21660"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.