VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 105 of 124
  • CVE-2026-34608MedApr 2, 2026
    risk 0.25cvss 4.9epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook_inproc.c, the hook_work_cb() function processes nng messages by parsing the message body with cJSON_Parse(body). The body is obtained from nng_msg_body(msg), which…

  • CVE-2024-31150LowMay 13, 2025
    risk 0.25cvss 3.8epss 0.00

    Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2024-32667LowNov 13, 2024
    risk 0.25cvss 3.9epss 0.00

    Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2021-46772LowAug 13, 2024
    risk 0.25cvss 3.9epss 0.00

    Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

  • CVE-2023-22656LowMay 16, 2024
    risk 0.25cvss 3.9epss 0.00

    Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-29948LowApr 2, 2024
    risk 0.25cvss 3.8epss 0.00

    There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality.

  • CVE-2026-40686LowApr 30, 2026
    risk 0.24cvss 3.7epss 0.00

    In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.

  • CVE-2026-22885LowFeb 20, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory.

  • CVE-2025-7464LowJul 12, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is…

  • CVE-2017-2591LowApr 30, 2018
    risk 0.24cvss 3.7epss 0.03

    389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force…

  • CVE-2017-15353LowFeb 15, 2018
    risk 0.24cvss 3.7epss 0.01

    Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50,…

  • CVE-2026-46532MedJun 10, 2026
    risk 0.23cvss 4.6epss 0.00

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c).…

  • CVE-2026-28528MedMar 30, 2026
    risk 0.23cvss 4.6epss 0.00

    BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit…

  • CVE-2026-32984LowMar 27, 2026
    risk 0.23cvss 3.5epss 0.00

    Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on…

  • CVE-2023-7340LowMar 27, 2026
    risk 0.23cvss 3.5epss 0.00

    Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability…

  • CVE-2026-40026MedApr 8, 2026
    risk 0.22cvss 4.4epss 0.00

    The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data…

  • CVE-2026-40025MedApr 8, 2026
    risk 0.22cvss 4.4epss 0.00

    The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can…

  • CVE-2026-39864MedApr 8, 2026
    risk 0.22cvss 4.4epss 0.00

    Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet…

  • CVE-2023-49100MedFeb 21, 2024
    risk 0.22cvss 4.4epss 0.00

    Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be…

  • CVE-2017-2579LowJul 27, 2018
    risk 0.22cvss 3.3epss 0.02

    An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.