CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

CWE-119

Children

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (1,841)

page 29 of 93

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-11061	Google Android	Hig	0.49	7.5	0.00	Oct 10, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read can occur.
CVE-2017-11060	Google Android	Hig	0.49	7.5	0.00	Oct 10, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211…
CVE-2017-11055	—	Hig	0.49	7.5	0.00	Oct 10, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur.
CVE-2017-11054	Google Android SDK	Hig	0.49	7.5	0.00	Oct 10, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.
CVE-2017-11052	Google Android	Hig	0.49	7.5	0.00	Oct 10, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur.
CVE-2017-14976	Xorg Poppler	Hig	0.49	7.5	0.01	Oct 2, 2017	The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
CVE-2017-14646	Bento4 Bento4	Hig	0.49	7.5	0.01	Sep 21, 2017	The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.
CVE-2017-14502	Libarchive Libarchive	Hig	0.49	7.5	0.01	Sep 17, 2017	read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
CVE-2017-14227	MongoDB MongoDB	Hig	0.49	7.5	0.01	Sep 9, 2017	In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as…
CVE-2017-14226	Libreoffice Libreoffice	Hig	0.49	7.5	0.02	Sep 9, 2017	WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered…
CVE-2017-13765	Wireshark Wireshark	Hig	0.49	7.5	0.01	Aug 30, 2017	In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
CVE-2017-12963	Libsass Libsass	Hig	0.49	7.5	0.01	Aug 18, 2017	There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24).
CVE-2017-12958	GNU Pspp	Hig	0.49	7.5	0.00	Aug 18, 2017	There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
CVE-2017-9454	Resiprocate Resiprocate	Hig	0.49	7.5	0.01	Aug 18, 2017	Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response.
CVE-2017-12067	Potrace Project Potrace	Hig	0.49	7.5	0.00	Aug 1, 2017	Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.
CVE-2017-11670	Eapmd5pass Project Eapmd5pass	Hig	0.49	7.5	0.01	Jul 31, 2017	A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted…
CVE-2017-11669	Eapmd5pass Project Eapmd5pass	Hig	0.49	7.5	0.01	Jul 31, 2017	An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by…
CVE-2017-11668	Eapmd5pass Project Eapmd5pass	Hig	0.49	7.5	0.01	Jul 31, 2017	An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by…
CVE-2017-10987	FreeRADIUS Freeradius	Hig	0.49	7.5	0.01	Jul 17, 2017	An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
CVE-2017-10982	FreeRADIUS Freeradius	Hig	0.49	7.5	0.01	Jul 17, 2017	An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.

CVE-2017-11061HigOct 10, 2017
Google
Android
risk 0.49cvss 7.5epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read can occur.
CVE-2017-11060HigOct 10, 2017
Google
Android
risk 0.49cvss 7.5epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211…
CVE-2017-11055HigOct 10, 2017
risk 0.49cvss 7.5epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur.
CVE-2017-11054HigOct 10, 2017
Google
Android SDK
risk 0.49cvss 7.5epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.
CVE-2017-11052HigOct 10, 2017
Google
Android
risk 0.49cvss 7.5epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur.
CVE-2017-14976HigOct 2, 2017
Xorg
Poppler
risk 0.49cvss 7.5epss 0.01
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
CVE-2017-14646HigSep 21, 2017
Bento4
Bento4
risk 0.49cvss 7.5epss 0.01
The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.
CVE-2017-14502HigSep 17, 2017
Libarchive
Libarchive
risk 0.49cvss 7.5epss 0.01
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
CVE-2017-14227HigSep 9, 2017
MongoDB
MongoDB
risk 0.49cvss 7.5epss 0.01
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as…
CVE-2017-14226HigSep 9, 2017
Libreoffice
Libreoffice
risk 0.49cvss 7.5epss 0.02
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered…
CVE-2017-13765HigAug 30, 2017
Wireshark
Wireshark
risk 0.49cvss 7.5epss 0.01
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
CVE-2017-12963HigAug 18, 2017
Libsass
Libsass
risk 0.49cvss 7.5epss 0.01
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24).
CVE-2017-12958HigAug 18, 2017
GNU
Pspp
risk 0.49cvss 7.5epss 0.00
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
CVE-2017-9454HigAug 18, 2017
Resiprocate
Resiprocate
risk 0.49cvss 7.5epss 0.01
Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response.
CVE-2017-12067HigAug 1, 2017
Potrace Project
Potrace
risk 0.49cvss 7.5epss 0.00
Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.
CVE-2017-11670HigJul 31, 2017
Eapmd5pass Project
Eapmd5pass
risk 0.49cvss 7.5epss 0.01
A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted…
CVE-2017-11669HigJul 31, 2017
Eapmd5pass Project
Eapmd5pass
risk 0.49cvss 7.5epss 0.01
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by…
CVE-2017-11668HigJul 31, 2017
Eapmd5pass Project
Eapmd5pass
risk 0.49cvss 7.5epss 0.01
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by…
CVE-2017-10987HigJul 17, 2017
FreeRADIUS
Freeradius
risk 0.49cvss 7.5epss 0.01
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
CVE-2017-10982HigJul 17, 2017
FreeRADIUS
Freeradius
risk 0.49cvss 7.5epss 0.01
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.