CWE-125
Out-of-bounds Read
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-540
CVEs mapped to this weakness (2,466)
page 117 of 124| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25905 | — | 0.00 | — | 0.02 | Jan 22, 2021 | An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory. | ||
| CVE-2020-35655 | — | 0.00 | — | 0.02 | Jan 12, 2021 | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | ||
| CVE-2020-35653 | — | 0.00 | — | 0.01 | Jan 12, 2021 | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | ||
| CVE-2020-35859 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption. | ||
| CVE-2020-35861 | — | 0.00 | — | 0.01 | Dec 31, 2020 | An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys. | ||
| CVE-2020-35890 | — | 0.00 | — | 0.01 | Dec 31, 2020 | An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity. | ||
| CVE-2020-35892 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read. | ||
| CVE-2020-35903 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question. | ||
| CVE-2020-35381 | — | 0.00 | — | 0.02 | Dec 15, 2020 | jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. | ||
| CVE-2020-26267 | 0.00 | — | 0.00 | Dec 10, 2020 | In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds… | |||
| CVE-2020-26269 | 0.00 | — | 0.01 | Dec 10, 2020 | In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the… | |||
| CVE-2020-26271 | 0.00 | — | 0.00 | Dec 10, 2020 | In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input… | |||
| CVE-2018-21270 | — | 0.00 | — | 0.04 | Dec 3, 2020 | Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x). | ||
| CVE-2020-26242 | 0.00 | — | 0.01 | Nov 25, 2020 | Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18. | |||
| CVE-2020-1915 | — | 0.00 | — | 0.02 | Oct 26, 2020 | An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable… | ||
| CVE-2020-15265 | 0.00 | — | 0.01 | Oct 21, 2020 | In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to… | |||
| CVE-2020-15208 | 0.00 | — | 0.01 | Sep 25, 2020 | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor,… | |||
| CVE-2020-15211 | 0.00 | — | 0.01 | Sep 25, 2020 | In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer… | |||
| CVE-2020-15196 | 0.00 | — | 0.01 | Sep 25, 2020 | In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse… | |||
| CVE-2020-1912 | — | 0.00 | — | 0.02 | Sep 9, 2020 | An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only… |
- CVE-2021-25905Jan 22, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
- CVE-2020-35655Jan 12, 2021risk 0.00cvss —epss 0.02
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
- CVE-2020-35653Jan 12, 2021risk 0.00cvss —epss 0.01
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
- CVE-2020-35859Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption.
- CVE-2020-35861Dec 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.
- CVE-2020-35890Dec 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity.
- CVE-2020-35892Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.
- CVE-2020-35903Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question.
- CVE-2020-35381Dec 15, 2020risk 0.00cvss —epss 0.02
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
- CVE-2020-26267Dec 10, 2020risk 0.00cvss —epss 0.00
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds…
- CVE-2020-26269Dec 10, 2020risk 0.00cvss —epss 0.01
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the…
- CVE-2020-26271Dec 10, 2020risk 0.00cvss —epss 0.00
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input…
- CVE-2018-21270Dec 3, 2020risk 0.00cvss —epss 0.04
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
- CVE-2020-26242Nov 25, 2020risk 0.00cvss —epss 0.01
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
- CVE-2020-1915Oct 26, 2020risk 0.00cvss —epss 0.02
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable…
- CVE-2020-15265Oct 21, 2020risk 0.00cvss —epss 0.01
In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to…
- CVE-2020-15208Sep 25, 2020risk 0.00cvss —epss 0.01
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor,…
- CVE-2020-15211Sep 25, 2020risk 0.00cvss —epss 0.01
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer…
- CVE-2020-15196Sep 25, 2020risk 0.00cvss —epss 0.01
In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse…
- CVE-2020-1912Sep 9, 2020risk 0.00cvss —epss 0.02
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only…