Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-126 (缓冲区上溢读取) — Vulnerability Class 417

417 vulnerabilities classified as CWE-126 (缓冲区上溢读取). AI Chinese analysis included.

CWE-126, Buffer Over-read, is a memory safety weakness where a software component reads data from memory locations beyond the allocated boundaries of a target buffer. This vulnerability typically arises when developers fail to validate array indices or pointer arithmetic, allowing an attacker to access sensitive information stored in adjacent memory regions. Exploitation often leads to information disclosure, where attackers extract confidential data such as cryptographic keys or user credentials, or potentially trigger denial-of-service conditions by causing application crashes. To mitigate this risk, developers must rigorously enforce bounds checking on all buffer access operations, ensuring that read indices remain within the valid memory range. Utilizing safe programming languages with automatic memory management and employing static analysis tools during the development lifecycle can further help detect and prevent these out-of-bounds read errors before deployment.

MITRE CWE Description
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Common Consequences (3)
ConfidentialityRead Memory
ConfidentialityBypass Protection Mechanism
By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of serv…
Availability, IntegrityDoS: Crash, Exit, or Restart
An attacker might be able to cause a crash or other denial of service by causing the product to read a memory location that is not allowed (such as a segmentation fault), or to cause other conditions in which the read operation returns more data than is expected.
Examples (2)
In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.
int processMessageFromSocket(int socket) { int success; char buffer[BUFFER_SIZE]; char message[MESSAGE_SIZE]; // get message from socket and store into buffer //Ignoring possibliity that buffer > BUFFER_SIZE if (getMessage(socket, buffer, BUFFER_SIZE) > 0) { // place contents of the buffer into message structure ExMessage *msg = recastBuffer(buffer); // copy message body into string for processing int index; for (index = 0; index < msg->msgLength; index++) { message[index] = msg->msgBody[index]; } message[index] = '\0'; // process message success = processMessage(message); } return success; }
Bad · C
The following C/C++ example demonstrates a buffer over-read due to a missing NULL terminator. The main method of a pattern matching utility that looks for a specific pattern within a specific file uses the string strncopy() method to copy the command line user input file name and pattern to the Filename and Pattern character arrays respectively.
int main(int argc, char **argv) { char Filename[256]; char Pattern[32]; /* Validate number of parameters and ensure valid content */ ... /* copy filename parameter to variable, may cause off-by-one overflow */ strncpy(Filename, argv[1], sizeof(Filename)); /* copy pattern parameter to variable, may cause off-by-one overflow */ strncpy(Pattern, argv[2], sizeof(Pattern)); printf("Searching file: %s for the pattern: %s\n", Filename, Pattern); Scan_File(Filename, Pattern); }
Bad · C
/* copy filename parameter to variable, no off-by-one overflow */ strncpy(Filename, argv[2], sizeof(Filename)-1); Filename[255]='\0'; /* copy pattern parameter to variable, no off-by-one overflow */ strncpy(Pattern, argv[3], sizeof(Pattern)-1); Pattern[31]='\0';
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-21697 Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability — Windows 10 Version 1809 6.2 Medium2023-02-14
CVE-2023-21820 Windows Distributed File System (DFS) Remote Code Execution Vulnerability — Windows 10 Version 1809 7.4 High2023-02-14
CVE-2023-21813 Windows Secure Channel Denial of Service Vulnerability — Windows 10 Version 1809 7.5 High2023-02-14
CVE-2023-21811 Windows iSCSI Service Denial of Service Vulnerability — Windows 10 Version 1809 7.5 High2023-02-14
CVE-2023-21720 Microsoft Edge (Chromium-based) Tampering Vulnerability — Microsoft Edge (Chromium-based) 5.3 Medium2023-02-14
CVE-2023-0817 Buffer Over-read in gpac/gpac — gpac/gpac 7.8 -2023-02-13
CVE-2022-40512 Buffer over-read in WLAN Firmware. — Snapdragon 7.5 High2023-02-09
CVE-2022-34145 Buffer over-read in WLAN Host — Snapdragon 7.5 High2023-02-09
CVE-2022-33306 Buffer over-read in WLAN — Snapdragon 7.5 High2023-02-09
CVE-2022-33271 Buffer over-read in WLAN — Snapdragon 8.2 High2023-02-09
CVE-2022-33229 Buffer over-read in Modem — Snapdragon 8.2 High2023-02-09
CVE-2022-33221 Buffer over-read in Trusted Execution Environment — Snapdragon 6.8 Medium2023-02-09
CVE-2022-25738 Buffer Over-read in MODEM — Snapdragon 8.2 High2023-02-09
CVE-2022-25732 Buffer Over-read in MODEM — Snapdragon 8.2 High2023-02-09
CVE-2022-25728 Buffer Over-read in MODEM — Snapdragon 8.2 High2023-02-09
CVE-2023-0396 Buffer Overreads in Bluetooth HCI — zephyr 8.8 -2023-01-19
CVE-2022-4435 Lenovo ThinkPad 缓冲区错误漏洞 — ThinkPad X13s 6.7 Medium2023-01-05
CVE-2022-4434 Lenovo ThinkPad 缓冲区错误漏洞 — ThinkPad X13s 6.7 Medium2023-01-05
CVE-2022-4433 Lenovo ThinkPad 缓冲区错误漏洞 — ThinkPad X13s 6.7 Medium2023-01-05
CVE-2022-4432 Lenovo ThinkPad 缓冲区错误漏洞 — ThinkPad X13s 6.7 Medium2023-01-05
CVE-2022-44443 Google Android OS和unisoc部分产品缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 5.5 -2023-01-04
CVE-2022-44445 Google Android OS和unisoc部分产品缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 5.5 -2023-01-04
CVE-2022-44446 Google Android OS和unisoc部分产品缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 5.5 -2023-01-04
CVE-2022-39130 Google Pixel 缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 5.5 -2022-12-06
CVE-2022-39132 Google Pixel 缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 5.5 -2022-12-06
CVE-2022-42757 UNISOC chipset 缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8015 5.5 -2022-12-06
CVE-2022-42758 UNISOC chipset 缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8016 5.5 -2022-12-06
CVE-2022-42759 UNISOC chipset 缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8017 5.5 -2022-12-06
CVE-2022-42762 UNISOC chipset 缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8004 5.5 -2022-12-06
CVE-2022-42768 UNISOC chipset 缓冲区错误漏洞 — SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8013 5.5 -2022-12-06

Vulnerabilities classified as CWE-126 (缓冲区上溢读取) represent 417 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.