VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 103 of 124
  • CVE-2025-49175MedJun 17, 2025
    risk 0.33cvss 6.1epss 0.00

    A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

  • CVE-2025-24097MedMar 31, 2025
    risk 0.33cvss 5.0epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata.

  • CVE-2017-7558MedJul 26, 2018
    risk 0.33cvss 5.1epss 0.04

    A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used…

  • CVE-2017-6437MedMar 15, 2017
    risk 0.33cvss 5.0epss 0.00

    The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.

  • CVE-2016-7917MedNov 16, 2016
    risk 0.33cvss 5.0epss 0.02

    The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite…

  • CVE-2022-4203MedFeb 24, 2023
    risk 0.32cvss 4.9epss 0.01

    A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to…

  • CVE-2016-1249MedFeb 17, 2017
    risk 0.32cvss 5.9epss 0.02

    The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.

  • CVE-2016-1839MedMay 20, 2016
    risk 0.32cvss 5.5epss 0.07

    The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2016-1838MedMay 20, 2016
    risk 0.32cvss 5.5epss 0.07

    The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML…

  • CVE-2026-45681MedJun 2, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch…

  • CVE-2025-0044MedMay 15, 2026
    risk 0.31cvss epss 0.00

    An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability.

  • CVE-2026-42934MedMay 13, 2026
    risk 0.31cvss 4.8epss 0.01

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions…

  • CVE-2026-33598MedApr 22, 2026
    risk 0.31cvss 4.8epss 0.01

    A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.

  • CVE-2026-35201MedApr 6, 2026
    risk 0.31cvss 5.9epss 0.00

    Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering…

  • CVE-2026-33985MedMar 30, 2026
    risk 0.31cvss 5.9epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

  • CVE-2025-51602MedJan 16, 2026
    risk 0.31cvss 4.8epss 0.00

    mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.

  • CVE-2025-11775MedDec 17, 2025
    risk 0.31cvss epss 0.00

    An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series…

  • CVE-2025-9232MedSep 30, 2025
    risk 0.31cvss 5.9epss 0.02

    Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read…

  • CVE-2025-60018MedSep 25, 2025
    risk 0.31cvss 4.8epss 0.00

    glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read.

  • CVE-2025-49601MedJul 4, 2025
    risk 0.31cvss 4.8epss 0.00

    In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtls_lms_import_public_key…