VYPR

CWE-126

Buffer Over-read

VariantDraft

Description

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (65)

page 3 of 4
  • CVE-2025-4207MedMay 8, 2025
    risk 0.38cvss 5.9epss 0.01

    Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL…

  • CVE-2025-59609MedJun 1, 2026
    risk 0.36cvss 5.5epss 0.00

    Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.

  • CVE-2026-24028MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory,…

  • CVE-2026-11787MedJun 9, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.

  • CVE-2026-45460MedJun 9, 2026
    risk 0.31cvss 4.7epss 0.00

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

  • CVE-2026-6532MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-6575MedMay 14, 2026
    risk 0.28cvss 4.3epss 0.00

    Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor…

  • CVE-2026-8463MedMay 13, 2026
    risk 0.27cvss 5.3epss 0.00

    Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify passes encoded_len - 1 as the length argument to memchr without checking that encoded_len is non-zero. When…

  • CVE-2026-5772MedApr 9, 2026
    risk 0.27cvss 5.3epss 0.00

    A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer…

  • CVE-2025-12745MedNov 5, 2025
    risk 0.27cvss 5.3epss 0.00

    A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made…

  • CVE-2024-57970MedFeb 16, 2025
    risk 0.26cvss 4.0epss 0.00

    libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.

  • CVE-2026-45684MedJun 2, 2026
    risk 0.25cvss 4.9epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total iov_iter.count as the copy…

  • CVE-2026-0930MedApr 20, 2026
    risk 0.21cvss 4.3epss 0.00

    Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.

  • CVE-2025-66038LowMar 30, 2026
    risk 0.18cvss 3.9epss 0.00

    OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the…

  • CVE-2026-40341LowApr 18, 2026
    risk 0.16cvss 3.5epss 0.00

    libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987…

  • CVE-2024-12975LowMar 7, 2025
    risk 0.07cvss epss 0.00

    A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.

  • CVE-2025-11961LowDec 31, 2025
    risk 0.05cvss 1.9epss 0.00

    pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an…

  • CVE-2006-7197Apr 25, 2007
    risk 0.01cvss epss 0.08

    The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

  • CVE-2026-49854lowJun 12, 2026
    risk 0.00cvss epss 0.00

    ### Summary Tornado's optional native extension `tornado.speedups` implements `websocket_mask` without validating that the `mask` argument is exactly four bytes long. The C function reads four bytes from `mask` unconditionally, even when Python passes a shorter byte string.…

  • CVE-2026-27799Feb 25, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when…