CWE-125
Out-of-bounds Read
BaseDraft
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-540
CVEs mapped to this weakness (1,460)
page 7 of 73| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9728 | Cri | 0.64 | 9.8 | 0.00 | Jun 16, 2017 | In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression. | |
| CVE-2017-9265 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2017 | In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. | |
| CVE-2017-9264 | Cri | 0.64 | 9.8 | 0.01 | May 29, 2017 | In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. | |
| CVE-2017-9227 | Cri | 0.64 | 9.8 | 0.00 | May 24, 2017 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. | |
| CVE-2017-9224 | Cri | 0.64 | 9.8 | 0.01 | May 24, 2017 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. | |
| CVE-2017-9195 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27. | |
| CVE-2017-9194 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29. | |
| CVE-2017-9193 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33. | |
| CVE-2017-9171 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24. | |
| CVE-2017-9166 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11. | |
| CVE-2017-9165 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11. | |
| CVE-2017-9164 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11. | |
| CVE-2017-9152 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41. | |
| CVE-2017-9058 | Cri | 0.64 | 9.8 | 0.00 | May 18, 2017 | In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | |
| CVE-2017-9055 | Cri | 0.64 | 9.8 | 0.00 | May 18, 2017 | An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. | |
| CVE-2017-9054 | Cri | 0.64 | 9.8 | 0.00 | May 18, 2017 | An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read. | |
| CVE-2017-9052 | Cri | 0.64 | 9.8 | 0.01 | May 18, 2017 | An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list(). | |
| CVE-2017-3060 | Cri | 0.64 | 9.8 | 0.10 | Apr 12, 2017 | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution. | |
| CVE-2017-5897 | Cri | 0.64 | 9.8 | 0.02 | Mar 23, 2017 | The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | |
| CVE-2017-5538 | Cri | 0.64 | 9.8 | 0.03 | Mar 23, 2017 | The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362. |