CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
853 vulnerabilities reference this CWE, most recent first.
GHSA-PWWX-GM9F-WFWX
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-08 00:00A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198)
{
"affected": [],
"aliases": [
"CVE-2021-34303"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198)",
"id": "GHSA-pwwx-gm9f-wfwx",
"modified": "2022-10-08T00:00:18Z",
"published": "2022-05-24T19:07:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34303"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-848"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PXF8-P7RV-QRFF
Vulnerability from github – Published: 2023-04-13 09:30 – Updated: 2024-04-04 03:26Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
{
"affected": [],
"aliases": [
"CVE-2022-33295"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-13T07:15:00Z",
"severity": "HIGH"
},
"details": "Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.",
"id": "GHSA-pxf8-p7rv-qrff",
"modified": "2024-04-04T03:26:15Z",
"published": "2023-04-13T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33295"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PXWC-3QV6-7FRG
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-62462"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:15:57Z",
"severity": "HIGH"
},
"details": "Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-pxwc-3qv6-7frg",
"modified": "2025-12-09T18:30:46Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62462"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62462"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q26R-J393-X8VQ
Vulnerability from github – Published: 2026-03-31 12:31 – Updated: 2026-03-31 12:31An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-24028"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-31T12:16:27Z",
"severity": "MODERATE"
},
"details": "An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.",
"id": "GHSA-q26r-j393-x8vq",
"modified": "2026-03-31T12:31:35Z",
"published": "2026-03-31T12:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24028"
},
{
"type": "WEB",
"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q2G7-9RCV-3Q63
Vulnerability from github – Published: 2025-11-04 06:31 – Updated: 2025-11-04 06:31Information disclosure while processing message from client with invalid payload.
{
"affected": [],
"aliases": [
"CVE-2025-47362"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-04T04:15:39Z",
"severity": "MODERATE"
},
"details": "Information disclosure while processing message from client with invalid payload.",
"id": "GHSA-q2g7-9rcv-3q63",
"modified": "2025-11-04T06:31:11Z",
"published": "2025-11-04T06:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47362"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q2GH-HFH3-Q82Q
Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2024-04-04 08:03Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.
{
"affected": [],
"aliases": [
"CVE-2023-28571"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-03T06:15:24Z",
"severity": "MODERATE"
},
"details": "Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.",
"id": "GHSA-q2gh-hfh3-q82q",
"modified": "2024-04-04T08:03:05Z",
"published": "2023-10-03T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28571"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q2VQ-XJ2Q-G729
Vulnerability from github – Published: 2023-11-14 21:30 – Updated: 2023-11-14 21:30Information disclosure in WLAN HAL while handling command through WMI interfaces.
{
"affected": [],
"aliases": [
"CVE-2023-28569"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T06:15:10Z",
"severity": "MODERATE"
},
"details": "Information disclosure in WLAN HAL while handling command through WMI interfaces.",
"id": "GHSA-q2vq-xj2q-g729",
"modified": "2023-11-14T21:30:52Z",
"published": "2023-11-14T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28569"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q4F4-383R-XPM6
Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30Memory corruption due to global buffer overflow when a test command uses an invalid payload type.
{
"affected": [],
"aliases": [
"CVE-2025-47317"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T16:15:36Z",
"severity": "HIGH"
},
"details": "Memory corruption due to global buffer overflow when a test command uses an invalid payload type.",
"id": "GHSA-q4f4-383r-xpm6",
"modified": "2025-09-24T18:30:30Z",
"published": "2025-09-24T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47317"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q4H3-G8J4-9FV9
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-53796"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:15:49Z",
"severity": "MODERATE"
},
"details": "Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-q4h3-g8j4-9fv9",
"modified": "2025-09-09T18:31:19Z",
"published": "2025-09-09T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53796"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53796"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q5HC-GPJW-FPVP
Vulnerability from github – Published: 2022-12-06 09:30 – Updated: 2022-12-07 18:30In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
{
"affected": [],
"aliases": [
"CVE-2022-39132"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-06T07:15:00Z",
"severity": "MODERATE"
},
"details": "In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.",
"id": "GHSA-q5hc-gpjw-fpvp",
"modified": "2022-12-07T18:30:28Z",
"published": "2022-12-06T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39132"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.