CWE-125
Out-of-bounds Read
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-540
CVEs mapped to this weakness (2,466)
page 99 of 124| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35038 | Med | 0.35 | 6.5 | 0.00 | Apr 2, 2026 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering… | ||
| CVE-2026-25627 | Med | 0.35 | 6.5 | 0.00 | Mar 30, 2026 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual… | ||
| CVE-2024-42484 | Med | 0.35 | 6.5 | 0.00 | Sep 12, 2024 | ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the group type message. This can result in… | ||
| CVE-2023-2512 | Med | 0.35 | 6.5 | 0.01 | May 12, 2023 | Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would… | ||
| CVE-2022-25872 | — | Med | 0.35 | 5.3 | 0.01 | Jun 17, 2022 | All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory. | |
| CVE-2022-22816 | — | Med | 0.35 | 6.5 | 0.02 | Jan 10, 2022 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | |
| CVE-2020-21049 | Med | 0.35 | 6.5 | 0.01 | Sep 14, 2021 | An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. | ||
| CVE-2021-25901 | — | Med | 0.35 | 5.3 | 0.01 | Jan 26, 2021 | An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race. | |
| CVE-2020-26242 | Med | 0.35 | 6.5 | 0.01 | Nov 25, 2020 | Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18. | ||
| CVE-2020-8244 | — | Med | 0.35 | 6.5 | 0.02 | Aug 30, 2020 | A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing… | |
| CVE-2018-21233 | — | Med | 0.35 | 6.5 | 0.00 | May 4, 2020 | TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. | |
| CVE-2019-19624 | — | Med | 0.35 | 6.5 | 0.02 | Dec 6, 2019 | An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to… | |
| CVE-2018-14798 | Med | 0.35 | 5.3 | 0.01 | Oct 1, 2018 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. | ||
| CVE-2016-9598 | Med | 0.35 | 6.5 | 0.01 | Aug 16, 2018 | libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. | ||
| CVE-2016-9573 | Med | 0.35 | 6.5 | 0.03 | Aug 1, 2018 | An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. | ||
| CVE-2016-8621 | Med | 0.35 | 5.3 | 0.05 | Jul 31, 2018 | The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | ||
| CVE-2017-2633 | Med | 0.35 | 5.4 | 0.03 | Jul 27, 2018 | An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU… | ||
| CVE-2017-17316 | Med | 0.35 | 5.3 | 0.01 | Jul 2, 2018 | Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote… | ||
| CVE-2017-5418 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||
| CVE-2017-17252 | Med | 0.35 | 5.3 | 0.01 | Apr 24, 2018 | Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,… |
- risk 0.35cvss 6.5epss 0.00
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering…
- risk 0.35cvss 6.5epss 0.00
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual…
- risk 0.35cvss 6.5epss 0.00
ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the group type message. This can result in…
- risk 0.35cvss 6.5epss 0.01
Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would…
- risk 0.35cvss 5.3epss 0.01
All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory.
- risk 0.35cvss 6.5epss 0.02
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
- risk 0.35cvss 6.5epss 0.01
An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
- risk 0.35cvss 6.5epss 0.01
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
- risk 0.35cvss 6.5epss 0.02
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing…
- risk 0.35cvss 6.5epss 0.00
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.
- risk 0.35cvss 6.5epss 0.02
An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to…
- risk 0.35cvss 5.3epss 0.01
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure.
- risk 0.35cvss 6.5epss 0.01
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.
- risk 0.35cvss 6.5epss 0.03
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
- risk 0.35cvss 5.3epss 0.05
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
- risk 0.35cvss 5.4epss 0.03
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU…
- risk 0.35cvss 5.3epss 0.01
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote…
- risk 0.35cvss 5.3epss 0.01
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- risk 0.35cvss 5.3epss 0.01
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…