CWE-125
Out-of-bounds Read
BaseDraft
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-540
CVEs mapped to this weakness (1,460)
page 70 of 73| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33599 | Low | 0.20 | 3.1 | 0.00 | Apr 22, 2026 | A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default. | |
| CVE-2025-23050 | Low | 0.20 | 3.1 | 0.00 | Oct 31, 2025 | QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2. | |
| CVE-2025-1400 | Low | 0.20 | 3.1 | 0.00 | May 7, 2025 | Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network. | |
| CVE-2025-1399 | Low | 0.20 | 3.1 | 0.00 | May 7, 2025 | Out-of-bounds Read vulnerability in unpack_response (session.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network. | |
| CVE-2016-2380 | Low | 0.20 | 3.1 | 0.01 | Jan 6, 2017 | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. | |
| CVE-2026-22717 | Low | 0.18 | 2.7 | 0.00 | Feb 27, 2026 | Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed. | |
| CVE-2024-22384 | Low | 0.18 | 2.8 | 0.00 | May 16, 2024 | Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2025-71264 | Low | 0.17 | 3.7 | 0.00 | Mar 16, 2026 | Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash). | |
| CVE-2025-14055 | Low | 0.16 | — | 0.00 | Feb 20, 2026 | An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet. | |
| CVE-2023-31330 | Low | 0.16 | 2.5 | 0.00 | Sep 6, 2025 | An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality. | |
| CVE-2023-25546 | Low | 0.16 | 2.5 | 0.00 | Sep 16, 2024 | Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |
| CVE-2026-2869 | Low | 0.14 | 3.3 | 0.00 | Feb 21, 2026 | A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Upgrading to version 1.41.0 addresses this issue. The identifier of the patch is 2fabc80151a2b8834ee59cda8a70453f848b40e5. The affected component should be upgraded. | |
| CVE-2026-2242 | Low | 0.14 | 3.3 | 0.00 | Feb 9, 2026 | A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue. | |
| CVE-2026-2241 | Low | 0.14 | 3.3 | 0.00 | Feb 9, 2026 | A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is named 0f285855f0e34f9183956be5f16e045f54626bff. To fix this issue, it is recommended to deploy a patch. | |
| CVE-2026-2240 | Low | 0.14 | 3.3 | 0.00 | Feb 9, 2026 | A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue. | |
| CVE-2025-15506 | Low | 0.14 | 3.3 | 0.00 | Jan 11, 2026 | A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named ebdbb75123c9d5f4643e041314e2bc988a13f20d. To fix this issue, it is recommended to deploy a patch. The fix was added to the 2.5.1 milestone. | |
| CVE-2024-28051 | Low | 0.14 | 2.2 | 0.00 | Nov 13, 2024 | Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2025-5941 | Low | 0.13 | — | 0.00 | Aug 14, 2025 | Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful exploit can potentially result in user-controllable memory being leaked in a domain name stored on the local machine. | |
| CVE-2024-21950 | Low | 0.12 | — | 0.00 | May 15, 2026 | An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability. | |
| CVE-2004-0184 | 0.08 | — | 0.65 | May 4, 2004 | Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. |