CWE-126
Buffer Over-read
Description
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (65)
page 1 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7679 | Cri | 0.67 | 9.8 | 0.39 | Jun 20, 2017 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. | ||
| CVE-2018-14790 | Cri | 0.64 | 9.8 | 0.05 | Oct 1, 2018 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. | ||
| CVE-2026-41898 | Cri | 0.57 | 9.8 | 0.00 | Apr 24, 2026 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the… | ||
| CVE-2025-36855 | Hig | 0.57 | 8.8 | 0.01 | Sep 8, 2025 | A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access… | ||
| CVE-2024-27280 | Cri | 0.57 | 9.8 | 0.02 | May 14, 2024 | A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.… | ||
| CVE-2017-7668 | Hig | 0.53 | 7.5 | 0.57 | Jun 20, 2017 | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a… | ||
| CVE-2026-42828 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34336 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26184 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-21378 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||
| CVE-2026-21376 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||
| CVE-2026-21375 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||
| CVE-2026-21374 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | ||
| CVE-2026-21373 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||
| CVE-2026-21371 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when retrieving output buffer with insufficient size validation. | ||
| CVE-2025-47390 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory corruption while preprocessing IOCTL request in JPEG driver. | ||
| CVE-2024-38250 | Hig | 0.51 | 7.8 | 0.01 | Sep 10, 2024 | Windows Graphics Component Elevation of Privilege Vulnerability | ||
| CVE-2026-21381 | Hig | 0.49 | 7.6 | 0.00 | Apr 6, 2026 | Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. | ||
| CVE-2026-21367 | Hig | 0.49 | 7.6 | 0.00 | Apr 6, 2026 | Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | ||
| CVE-2024-12011 | — | Hig | 0.49 | 7.6 | 0.00 | Feb 13, 2025 | A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability… |
- risk 0.67cvss 9.8epss 0.39
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
- risk 0.64cvss 9.8epss 0.05
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.
- risk 0.57cvss 9.8epss 0.00
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the…
- risk 0.57cvss 8.8epss 0.01
A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access…
- risk 0.57cvss 9.8epss 0.02
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.…
- risk 0.53cvss 7.5epss 0.57
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a…
- risk 0.51cvss 7.8epss 0.00
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when retrieving output buffer with insufficient size validation.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while preprocessing IOCTL request in JPEG driver.
- risk 0.51cvss 7.8epss 0.01
Windows Graphics Component Elevation of Privilege Vulnerability
- risk 0.49cvss 7.6epss 0.00
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
- risk 0.49cvss 7.6epss 0.00
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
- risk 0.49cvss 7.6epss 0.00
A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability…