VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 99 of 124
  • CVE-2026-35038MedApr 2, 2026
    risk 0.35cvss 6.5epss 0.00

    Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering…

  • CVE-2026-25627MedMar 30, 2026
    risk 0.35cvss 6.5epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual…

  • CVE-2024-42484MedSep 12, 2024
    risk 0.35cvss 6.5epss 0.00

    ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the group type message. This can result in…

  • CVE-2023-2512MedMay 12, 2023
    risk 0.35cvss 6.5epss 0.01

    Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would…

  • CVE-2022-25872MedJun 17, 2022
    risk 0.35cvss 5.3epss 0.01

    All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory.

  • CVE-2022-22816MedJan 10, 2022
    risk 0.35cvss 6.5epss 0.02

    path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

  • CVE-2020-21049MedSep 14, 2021
    risk 0.35cvss 6.5epss 0.01

    An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.

  • CVE-2021-25901MedJan 26, 2021
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.

  • CVE-2020-26242MedNov 25, 2020
    risk 0.35cvss 6.5epss 0.01

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.

  • CVE-2020-8244MedAug 30, 2020
    risk 0.35cvss 6.5epss 0.02

    A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing…

  • CVE-2018-21233MedMay 4, 2020
    risk 0.35cvss 6.5epss 0.00

    TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.

  • CVE-2019-19624MedDec 6, 2019
    risk 0.35cvss 6.5epss 0.02

    An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to…

  • CVE-2018-14798MedOct 1, 2018
    risk 0.35cvss 5.3epss 0.01

    Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure.

  • CVE-2016-9598MedAug 16, 2018
    risk 0.35cvss 6.5epss 0.01

    libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.

  • CVE-2016-9573MedAug 1, 2018
    risk 0.35cvss 6.5epss 0.03

    An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

  • CVE-2016-8621MedJul 31, 2018
    risk 0.35cvss 5.3epss 0.05

    The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.

  • CVE-2017-2633MedJul 27, 2018
    risk 0.35cvss 5.4epss 0.03

    An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU…

  • CVE-2017-17316MedJul 2, 2018
    risk 0.35cvss 5.3epss 0.01

    Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote…

  • CVE-2017-5418MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-17252MedApr 24, 2018
    risk 0.35cvss 5.3epss 0.01

    Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…