CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
853 vulnerabilities reference this CWE, most recent first.
GHSA-PFR9-2P92-QRHQ
Vulnerability from github – Published: 2024-10-09 14:34 – Updated: 2026-05-20 00:56The heap-buffer-overflow is triggered in the strlen() function when handling the c_chars_to_str function in the dbn crate. This vulnerability occurs because the CStr::from_ptr() function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated.
If the chars array does not contain a null byte (\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.22.0"
},
"package": {
"ecosystem": "crates.io",
"name": "dbn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.22.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-09T14:34:24Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The `heap-buffer-overflow` is triggered in the `strlen()` function when handling the `c_chars_to_str` function in the dbn crate. This vulnerability occurs because the `CStr::from_ptr()` function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated.\n\nIf the chars array does not contain a null byte (\\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.",
"id": "GHSA-pfr9-2p92-qrhq",
"modified": "2026-05-20T00:56:56Z",
"published": "2024-10-09T14:34:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/databento/dbn/issues/67"
},
{
"type": "WEB",
"url": "https://github.com/databento/dbn/commit/339efb90fdb980920a5e8829008abc1114f4bfdd"
},
{
"type": "PACKAGE",
"url": "https://github.com/databento/dbn"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0377.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function"
}
GHSA-PGCR-3MV5-2297
Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32Information disclosure while handling SA query action frame.
{
"affected": [],
"aliases": [
"CVE-2024-21458"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T15:15:13Z",
"severity": "MODERATE"
},
"details": "Information disclosure while handling SA query action frame.",
"id": "GHSA-pgcr-3mv5-2297",
"modified": "2024-07-01T15:32:42Z",
"published": "2024-07-01T15:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21458"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PGGH-8R27-X766
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34Transient DOS in WLAN Firmware while processing frames with missing header fields.
{
"affected": [],
"aliases": [
"CVE-2023-21659"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS in WLAN Firmware while processing frames with missing header fields.",
"id": "GHSA-pggh-8r27-x766",
"modified": "2024-04-04T04:34:47Z",
"published": "2023-06-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21659"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ8H-CMGW-7XPG
Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
{
"affected": [],
"aliases": [
"CVE-2023-33081"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-05T03:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.",
"id": "GHSA-pj8h-cmgw-7xpg",
"modified": "2023-12-05T03:30:22Z",
"published": "2023-12-05T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33081"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PM69-RQJ8-F5FQ
Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2024-11596"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-21T11:15:33Z",
"severity": "MODERATE"
},
"details": "ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-pm69-rqj8-f5fq",
"modified": "2025-05-07T18:30:41Z",
"published": "2025-05-07T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11596"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20214"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2024-15.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PP2Q-FPVV-VR5H
Vulnerability from github – Published: 2026-07-08 18:31 – Updated: 2026-07-08 18:31An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path
{
"affected": [],
"aliases": [
"CVE-2026-50813"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-08T18:16:32Z",
"severity": "MODERATE"
},
"details": "An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path",
"id": "GHSA-pp2q-fpvv-vr5h",
"modified": "2026-07-08T18:31:38Z",
"published": "2026-07-08T18:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50813"
},
{
"type": "WEB",
"url": "https://github.com/sqlite/sqlite/commit/c597ed79d1bd03f57198d10d1f431adda293cf2e"
},
{
"type": "WEB",
"url": "https://gist.github.com/junius-sec/f8acb66bafb80134c8e1a1c8c7c9f4f4"
},
{
"type": "WEB",
"url": "https://sqlite.org/src/info/869a51ae84df"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PP7H-53GX-MX7R
Vulnerability from github – Published: 2020-09-02 15:26 – Updated: 2022-05-26 20:43A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.0"
]
},
{
"package": {
"ecosystem": "npm",
"name": "bl"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8244"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": true,
"github_reviewed_at": "2020-09-02T15:26:05Z",
"nvd_published_at": "2020-08-30T15:15:00Z",
"severity": "MODERATE"
},
"details": "A buffer over-read vulnerability exists in bl \u003c4.0.3, \u003c3.0.1, \u003c2.2.1, and \u003c1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.",
"id": "GHSA-pp7h-53gx-mx7r",
"modified": "2022-05-26T20:43:51Z",
"published": "2020-09-02T15:26:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8244"
},
{
"type": "WEB",
"url": "https://github.com/rvagg/bl/commit/8a8c13c880e2bef519133ea43e0e9b78b5d0c91e"
},
{
"type": "WEB",
"url": "https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190"
},
{
"type": "WEB",
"url": "https://github.com/rvagg/bl/commit/dacc4ac7d5fcd6201bcf26fbd886951be9537466"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/966347"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Remote Memory Exposure in bl"
}
GHSA-PPQH-F364-PRQ3
Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-08 06:30In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
{
"affected": [],
"aliases": [
"CVE-2022-42780"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-06T07:15:00Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.",
"id": "GHSA-ppqh-f364-prq3",
"modified": "2022-12-08T06:30:30Z",
"published": "2022-12-06T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42780"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQ3F-467X-F7V6
Vulnerability from github – Published: 2024-09-02 12:30 – Updated: 2024-09-02 12:30Transient DOS while handling PS event when Program Service name length offset value is set to 255.
{
"affected": [],
"aliases": [
"CVE-2024-33043"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-02T12:15:16Z",
"severity": "MODERATE"
},
"details": "Transient DOS while handling PS event when Program Service name length offset value is set to 255.",
"id": "GHSA-pq3f-467x-f7v6",
"modified": "2024-09-02T12:30:45Z",
"published": "2024-09-02T12:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33043"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PV26-XP92-C6P8
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Transient DOS while parsing the received TID-to-link mapping action frame.
{
"affected": [],
"aliases": [
"CVE-2024-33019"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:50Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing the received TID-to-link mapping action frame.",
"id": "GHSA-pv26-xp92-c6p8",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33019"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.