Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-127 (缓冲区下溢读取) — Vulnerability Class 7

7 vulnerabilities classified as CWE-127 (缓冲区下溢读取). AI Chinese analysis included.

CWE-127, Buffer Under-read, is a memory safety weakness where a program accesses memory locations preceding the intended buffer boundary. This flaw typically arises from incorrect pointer arithmetic or off-by-one errors in index calculations, causing the application to read uninitialized or sensitive data from adjacent memory regions. Attackers exploit this vulnerability to leak confidential information, such as cryptographic keys or user credentials, potentially leading to further system compromise or denial of service. To prevent under-reads, developers must rigorously validate all pointer offsets and array indices before access, ensuring they remain within the allocated buffer’s lower bounds. Implementing bounds-checking mechanisms, utilizing safe string handling libraries, and conducting thorough static code analysis are essential practices for mitigating this risk and maintaining application integrity.

MITRE CWE Description
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.
Common Consequences (2)
ConfidentialityRead Memory
ConfidentialityBypass Protection Mechanism
By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of serv…
Examples (1)
In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method
int getValueFromArray(int *array, int len, int index) { int value; // check that the array index is less than the maximum // length of the array if (index < len) { // get the value at the specified index of the array value = array[index]; } // if array index is invalid then output error message // and return value indicating error else { printf("Value is: %d\n", array[index]); value = -1; } return value; }
Bad · C
... // check that the array index is within the correct // range of values for the array if (index >= 0 && index < len) { ...
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-5928 Potential buffer under-read in ungetwc — glibc 9.1AICriticalAI2026-04-20
CVE-2025-20359 Multiple Cisco Products Snort 3 MIME Information Disclosure or Denial of Service Vulnerability — Cisco Cyber Vision 6.5 Medium2025-10-15
CVE-2025-32050 Libsoup: integer overflow in append_param_quoted 5.9 Medium2025-04-03
CVE-2024-10395 net: lib: http_server: Buffer Under-read — Zephyr 8.6 High2025-02-03
CVE-2024-25629 c-ares out of bounds read in ares__read_line() — c-ares 4.4 Medium2024-02-23
CVE-2020-1918 Katy Voor HHVM 缓冲区错误漏洞 — HHVM 7.5 -2021-03-10
CVE-2020-5360 Dell BSAFE Micro Edition Suite 缓冲区错误漏洞 — Dell BSAFE Micro Edition Suite 7.5 High2020-12-16

Vulnerabilities classified as CWE-127 (缓冲区下溢读取) represent 7 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.