CWE-125
Out-of-bounds Read
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-540
CVEs mapped to this weakness (2,466)
page 9 of 124| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12894 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2017 | Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). | ||
| CVE-2017-12893 | Cri | 0.64 | 9.8 | 0.02 | Sep 14, 2017 | The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). | ||
| CVE-2017-13139 | Cri | 0.64 | 9.8 | 0.04 | Aug 23, 2017 | In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. | ||
| CVE-2015-9050 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. | ||
| CVE-2017-12941 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2017 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | ||
| CVE-2017-12940 | Cri | 0.64 | 9.8 | 0.02 | Aug 18, 2017 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | ||
| CVE-2017-12933 | Cri | 0.64 | 9.8 | 0.07 | Aug 18, 2017 | The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of… | ||
| CVE-2017-11542 | Cri | 0.64 | 9.8 | 0.04 | Jul 23, 2017 | tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. | ||
| CVE-2017-11541 | Cri | 0.64 | 9.8 | 0.04 | Jul 23, 2017 | tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. | ||
| CVE-2017-11465 | Cri | 0.64 | 9.8 | 0.02 | Jul 19, 2017 | The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have… | ||
| CVE-2017-10989 | Cri | 0.64 | 9.8 | 0.09 | Jul 7, 2017 | The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. | ||
| CVE-2017-9728 | Cri | 0.64 | 9.8 | 0.01 | Jun 16, 2017 | In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression. | ||
| CVE-2017-9265 | Cri | 0.64 | 9.8 | 0.03 | May 29, 2017 | In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. | ||
| CVE-2017-9264 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2017 | In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. | ||
| CVE-2017-9227 | Cri | 0.64 | 9.8 | 0.06 | May 24, 2017 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could… | ||
| CVE-2017-9224 | Cri | 0.64 | 9.8 | 0.07 | May 24, 2017 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in… | ||
| CVE-2017-9195 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27. | ||
| CVE-2017-9194 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29. | ||
| CVE-2017-9193 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33. | ||
| CVE-2017-9171 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24. |
- risk 0.64cvss 9.8epss 0.03
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().
- risk 0.64cvss 9.8epss 0.02
The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
- risk 0.64cvss 9.8epss 0.04
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call.
- risk 0.64cvss 9.8epss 0.02
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
- risk 0.64cvss 9.8epss 0.02
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
- risk 0.64cvss 9.8epss 0.07
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of…
- risk 0.64cvss 9.8epss 0.04
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
- risk 0.64cvss 9.8epss 0.04
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.
- risk 0.64cvss 9.8epss 0.02
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have…
- risk 0.64cvss 9.8epss 0.09
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression.
- risk 0.64cvss 9.8epss 0.03
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
- risk 0.64cvss 9.8epss 0.02
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could…
- risk 0.64cvss 9.8epss 0.07
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in…
- risk 0.64cvss 9.8epss 0.02
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.
- risk 0.64cvss 9.8epss 0.02
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.
- risk 0.64cvss 9.8epss 0.02
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33.
- risk 0.64cvss 9.8epss 0.02
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24.