CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
853 vulnerabilities reference this CWE, most recent first.
GHSA-HPPC-G8H3-XHP3
Vulnerability from github – Published: 2026-04-22 21:00 – Updated: 2026-04-27 16:29The FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.24"
},
{
"fixed": "0.10.78"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41898"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T21:00:57Z",
"nvd_published_at": "2026-04-24T18:16:29Z",
"severity": "HIGH"
},
"details": "The FFI trampolines behind `SslContextBuilder::set_psk_client_callback`, `set_psk_server_callback`, `set_cookie_generate_cb`, and `set_stateless_cookie_generate_cb` forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the `\u0026mut [u8]` that was handed to the closure. This can lead to buffer overflows and other unintended consequences.",
"id": "GHSA-hppc-g8h3-xhp3",
"modified": "2026-04-27T16:29:44Z",
"published": "2026-04-22T21:00:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41898"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/pull/2607"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/commit/1d109020d98fff2fb2e45c39a373af3dff99b24c"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-openssl/rust-openssl"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer"
}
GHSA-HVG8-7678-V53J
Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.
{
"affected": [],
"aliases": [
"CVE-2024-45548"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T11:15:09Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.",
"id": "GHSA-hvg8-7678-v53j",
"modified": "2025-01-06T12:30:33Z",
"published": "2025-01-06T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45548"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HVR6-7X95-4JGJ
Vulnerability from github – Published: 2026-04-06 18:33 – Updated: 2026-04-06 18:33Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
{
"affected": [],
"aliases": [
"CVE-2026-21381"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-06T16:16:31Z",
"severity": "HIGH"
},
"details": "Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.",
"id": "GHSA-hvr6-7x95-4jgj",
"modified": "2026-04-06T18:33:07Z",
"published": "2026-04-06T18:33:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21381"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HWHF-72F8-CRGH
Vulnerability from github – Published: 2025-01-06 12:30 – Updated: 2025-01-06 12:30Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.
{
"affected": [],
"aliases": [
"CVE-2024-23366"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T11:15:07Z",
"severity": "MODERATE"
},
"details": "Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.",
"id": "GHSA-hwhf-72f8-crgh",
"modified": "2025-01-06T12:30:32Z",
"published": "2025-01-06T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23366"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-HXHP-8773-V9F8
Vulnerability from github – Published: 2023-05-02 09:30 – Updated: 2024-04-04 03:45Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
{
"affected": [],
"aliases": [
"CVE-2022-33273"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-02T08:15:08Z",
"severity": "MODERATE"
},
"details": "Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.",
"id": "GHSA-hxhp-8773-v9f8",
"modified": "2024-04-04T03:45:57Z",
"published": "2023-05-02T09:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33273"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-HXQC-XV34-842X
Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:03Transient DOS in WLAN Firmware while parsing rsn ies.
{
"affected": [],
"aliases": [
"CVE-2023-33027"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-03T06:15:26Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while parsing rsn ies.",
"id": "GHSA-hxqc-xv34-842x",
"modified": "2024-04-04T08:03:51Z",
"published": "2023-10-03T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33027"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2M8-JXHW-9X9R
Vulnerability from github – Published: 2026-05-04 18:30 – Updated: 2026-05-04 18:30Transient DOS when processing target power rate tables during channel configuration.
{
"affected": [],
"aliases": [
"CVE-2025-47401"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T17:16:20Z",
"severity": "MODERATE"
},
"details": "Transient DOS when processing target power rate tables during channel configuration.",
"id": "GHSA-j2m8-jxhw-9x9r",
"modified": "2026-05-04T18:30:29Z",
"published": "2026-05-04T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47401"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3R9-X7XR-WVFG
Vulnerability from github – Published: 2026-02-02 18:31 – Updated: 2026-02-02 18:31Transient DOS when processing a received frame with an excessively large authentication information element.
{
"affected": [],
"aliases": [
"CVE-2025-47402"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-02T16:16:19Z",
"severity": "MODERATE"
},
"details": "Transient DOS when processing a received frame with an excessively large authentication information element.",
"id": "GHSA-j3r9-x7xr-wvfg",
"modified": "2026-02-02T18:31:32Z",
"published": "2026-02-02T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47402"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J4C6-9Q52-52Q7
Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
{
"affected": [],
"aliases": [
"CVE-2025-21487"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T16:15:34Z",
"severity": "HIGH"
},
"details": "Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.",
"id": "GHSA-j4c6-9q52-52q7",
"modified": "2025-09-24T18:30:30Z",
"published": "2025-09-24T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21487"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-J56R-VG47-F726
Vulnerability from github – Published: 2025-10-09 06:30 – Updated: 2025-10-09 06:30Transient DOS while processing IOCTL call for image encoding.
{
"affected": [],
"aliases": [
"CVE-2025-27049"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-09T04:16:41Z",
"severity": "MODERATE"
},
"details": "Transient DOS while processing IOCTL call for image encoding.",
"id": "GHSA-j56r-vg47-f726",
"modified": "2025-10-09T06:30:24Z",
"published": "2025-10-09T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27049"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.