VYPR

CWE-127

Buffer Under-read

VariantDraft

Description

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (5)

  • CVE-2026-5928HigApr 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated…

  • CVE-2025-20359MedOct 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in…

  • CVE-2025-32050MedApr 3, 2025
    risk 0.38cvss 5.9epss 0.01

    A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

  • CVE-2026-45683LowJun 2, 2026
    risk 0.18cvss 3.8epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_probe_read instead of bpf_probe_read_user. An instrumented local process can…

  • CVE-2023-2512May 12, 2023
    risk 0.00cvss epss 0.01

    Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would…