CWE•Base•Draft•20 recent CVEs
CWE-125Out-of-bounds Read
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Common consequences
- Confidentiality→Read MemoryAn attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.
- Confidentiality→Bypass Protection MechanismOut-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.
- Availability→DoS: Crash, Exit, or RestartAn attacker could cause a segmentation fault or crash by causing memory to be read outside of the bounds of the buffer. This is especially likely when the code reads a variable amount of data and assumes that a sentinel exists to stop the r
- Other→Varies by ContextThe read operation could produce other undefined or unexpected results.
Potential mitigations
- Implementation[object Object]
- Architecture and DesignUse a language that provides appropriate memory abstractions.
Related CWEs
CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
Recent CVEs classified under this CWE
CVE-2026-116907.52026-06-09CVE-2026-116672026-06-09CVE-2026-116654.32026-06-09CVE-2026-116458.82026-06-09CVE-2026-402152026-06-08CVE-2026-439516.52026-06-08CVE-2026-481126.52026-06-05CVE-2026-481114.32026-06-05CVE-2026-481044.22026-06-05CVE-2026-481034.32026-06-05CVE-2026-481023.12026-06-05CVE-2026-480924.32026-06-05CVE-2026-502625.52026-06-05CVE-2026-113018.82026-06-05CVE-2026-112996.52026-06-05CVE-2026-112798.82026-06-05CVE-2026-112568.32026-06-05CVE-2026-111918.82026-06-04CVE-2026-111836.52026-06-04CVE-2026-111606.52026-06-04