VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 9 of 124
  • CVE-2017-12894CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().

  • CVE-2017-12893CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.02

    The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().

  • CVE-2017-13139CriAug 23, 2017
    risk 0.64cvss 9.8epss 0.04

    In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.

  • CVE-2015-9050CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call.

  • CVE-2017-12941CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.02

    libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.

  • CVE-2017-12940CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.02

    libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.

  • CVE-2017-12933CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.07

    The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of…

  • CVE-2017-11542CriJul 23, 2017
    risk 0.64cvss 9.8epss 0.04

    tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.

  • CVE-2017-11541CriJul 23, 2017
    risk 0.64cvss 9.8epss 0.04

    tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.

  • CVE-2017-11465CriJul 19, 2017
    risk 0.64cvss 9.8epss 0.02

    The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have…

  • CVE-2017-10989CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.09

    The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

  • CVE-2017-9728CriJun 16, 2017
    risk 0.64cvss 9.8epss 0.01

    In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression.

  • CVE-2017-9265CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.03

    In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

  • CVE-2017-9264CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.02

    In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.

  • CVE-2017-9227CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could…

  • CVE-2017-9224CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in…

  • CVE-2017-9195CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.

  • CVE-2017-9194CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.

  • CVE-2017-9193CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33.

  • CVE-2017-9171CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24.