CWE-126

Buffer Over-read

Variant

Draft

Description

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Parent Weaknesses (ChildOf)

CWE-125: Out-of-bounds Read...

CWE-788: Access of Memory Location Afte...

Common Consequences

Scope

Confidentiality

Impact

Read Memory

Scope

Confidentiality

Impact

Bypass Protection Mechanism

Scope

Availability

Integrity

Impact

DoS: Crash, Exit, or Restart

CVE-2022-1733

Text editor has out-of-bounds read past end of line while indenting C code

CVE-2014-0160

Chain: "Heartbleed" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.

CVE-2009-2523

Chain: product does not handle when an input string is not NULL terminated, leading to buffer over-read or heap-based buffer overflow.

Applicable Platforms

Memory-Unsafe

C++

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-126

Buffer Over-read

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms