CWE-126
Buffer Over-read
Description
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (65)
page 2 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4371 | Hig | 0.48 | 7.4 | 0.00 | Mar 24, 2026 | A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird… | ||
| CVE-2024-31082 | Hig | 0.47 | 7.3 | 0.00 | Apr 4, 2024 | A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a… | ||
| CVE-2024-31081 | Hig | 0.47 | 7.3 | 0.01 | Apr 4, 2024 | A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a… | ||
| CVE-2024-31080 | Hig | 0.47 | 7.3 | 0.01 | Apr 4, 2024 | A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a… | ||
| CVE-2026-37532 | Hig | 0.46 | 7.1 | 0.00 | May 1, 2026 | AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a… | ||
| CVE-2025-47400 | Hig | 0.46 | 7.1 | 0.00 | Apr 6, 2026 | Cryptographic issue while copying data to a destination buffer without validating its size. | ||
| CVE-2025-4582 | Hig | 0.46 | 7.1 | 0.00 | Sep 23, 2025 | Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before… | ||
| CVE-2009-2495 | Med | 0.46 | 6.5 | 0.42 | Jul 29, 2009 | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via… | ||
| CVE-2025-47403 | Med | 0.42 | 6.5 | 0.00 | May 4, 2026 | Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming. | ||
| CVE-2025-47401 | Med | 0.42 | 6.5 | 0.00 | May 4, 2026 | Transient DOS when processing target power rate tables during channel configuration. | ||
| CVE-2026-34059 | Hig | 0.42 | 7.5 | 0.00 | May 4, 2026 | Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | ||
| CVE-2026-6238 | Med | 0.42 | 6.5 | 0.00 | Apr 28, 2026 | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS… | ||
| CVE-2026-26155 | Med | 0.42 | 6.5 | 0.01 | Apr 14, 2026 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||
| CVE-2026-2394 | Med | 0.42 | 6.5 | 0.00 | Apr 1, 2026 | Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x… | ||
| CVE-2025-32053 | Med | 0.42 | 6.5 | 0.01 | Apr 3, 2025 | A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | ||
| CVE-2025-32052 | Med | 0.42 | 6.5 | 0.01 | Apr 3, 2025 | A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. | ||
| CVE-2026-44185 | Hig | 0.40 | 7.3 | 0.00 | Jun 8, 2026 | Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. | ||
| CVE-2025-47406 | Med | 0.40 | 6.1 | 0.00 | May 4, 2026 | Information Disclosure while processing IOCTL handler callbacks without verifying buffer size. | ||
| CVE-2026-26169 | Med | 0.40 | 6.1 | 0.02 | Apr 14, 2026 | Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | ||
| CVE-2025-7745 | Med | 0.38 | 5.8 | 0.00 | Jul 24, 2025 | Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2. |
- risk 0.48cvss 7.4epss 0.00
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird…
- risk 0.47cvss 7.3epss 0.00
A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…
- risk 0.47cvss 7.3epss 0.01
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…
- risk 0.47cvss 7.3epss 0.01
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a…
- risk 0.46cvss 7.1epss 0.00
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a…
- risk 0.46cvss 7.1epss 0.00
Cryptographic issue while copying data to a destination buffer without validating its size.
- risk 0.46cvss 7.1epss 0.00
Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before…
- risk 0.46cvss 6.5epss 0.42
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via…
- risk 0.42cvss 6.5epss 0.00
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
- risk 0.42cvss 6.5epss 0.00
Transient DOS when processing target power rate tables during channel configuration.
- risk 0.42cvss 7.5epss 0.00
Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
- risk 0.42cvss 6.5epss 0.00
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS…
- risk 0.42cvss 6.5epss 0.01
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.00
Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x…
- risk 0.42cvss 6.5epss 0.01
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
- risk 0.42cvss 6.5epss 0.01
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
- risk 0.40cvss 7.3epss 0.00
Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
- risk 0.40cvss 6.1epss 0.00
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
- risk 0.40cvss 6.1epss 0.02
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
- risk 0.38cvss 5.8epss 0.00
Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2.