CWE-125— Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
8,185 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-125page 98 of 164
- CVE-2023-28376MEDIUMCVSS 6.5EG 6.52023-11-14
Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
- CVE-2023-2838CRITICALCVSS 9.1EG 6.12023-05-22
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
- CVE-2023-28404LOWCVSS 3.8EG 3.82023-11-14
Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-28445CRITICALCVSS 9.9EG 9.92023-03-24
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is …
- CVE-2023-28448MEDIUMCVSS 5.7EG 5.72023-03-24
Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deseria…
- CVE-2023-28541HIGHCVSS 7.8EG 7.82023-07-04
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
- CVE-2023-28542HIGHCVSS 7.8EG 7.82023-07-04
Memory Corruption in WLAN HOST while fetching TX status information.
- CVE-2023-28543HIGHCVSS 8.1EG 8.12023-09-05
A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote source).
- CVE-2023-28555HIGHCVSS 7.5EG 7.52023-08-08
Transient DOS in Audio while remapping channel buffer in media codec decoding.
- CVE-2023-28571MEDIUMCVSS 6.1EG 6.12023-10-03
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.
- CVE-2023-2860MEDIUMCVSS 4.4EG 4.42023-07-24
An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can resu…
- CVE-2023-28866MEDIUMCVSS 5.3EG 5.32023-03-27
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
- CVE-2023-29053HIGHCVSS 7.8EG 7.82023-04-11
A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially craf…
- CVE-2023-29089MEDIUMCVSS 6.8EG 6.82023-04-14
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficie…
- CVE-2023-29167HIGHCVSS 7.8EG 7.82023-06-13
Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be exec…
- CVE-2023-29273HIGHCVSS 7.8EG 7.82023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage …
- CVE-2023-29274HIGHCVSS 7.8EG 7.82023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage …
- CVE-2023-29275HIGHCVSS 7.8EG 7.82023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage …
- CVE-2023-29277MEDIUMCVSS 5.5EG 5.52023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.…
- CVE-2023-29279MEDIUMCVSS 5.5EG 5.52023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.…
- CVE-2023-29280HIGHCVSS 7.8EG 7.82023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage …
- CVE-2023-29281HIGHCVSS 7.8EG 7.82023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage …
- CVE-2023-29309MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29310MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29311MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29312MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29313MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29314MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29315MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29316MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29317MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29318MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29319MEDIUMCVSS 5.5EG 5.52023-07-12
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigati…
- CVE-2023-29373HIGHCVSS 8.8EG 8.82023-06-14
Microsoft ODBC Driver Remote Code Execution Vulnerability
- CVE-2023-29383LOWCVSS 3.3EG 3.32023-04-14
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list)…
- CVE-2023-29417MEDIUMCVSS 6.5EG 6.52023-04-06
An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's pers…
- CVE-2023-29418MEDIUMCVSS 6.5EG 6.52023-04-06
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.
- CVE-2023-29419MEDIUMCVSS 6.5EG 6.52023-04-06
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.
- CVE-2023-29460HIGHCVSS 7.8EG 7.82023-05-09
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffe…
- CVE-2023-29461HIGHCVSS 7.8EG 7.82023-05-09
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffe…
- CVE-2023-29462HIGHCVSS 7.8EG 7.82023-05-09
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffe…
- CVE-2023-29576MEDIUMCVSS 5.5EG 5.52023-04-11
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.
- CVE-2023-2977HIGHCVSS 7.1EG 7.12023-06-01
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package …
- CVE-2023-2989CRITICALCVSS 9.1EG 9.12023-06-22
Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited
- CVE-2023-29933MEDIUMCVSS 5.5EG 5.52023-05-05
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.
- CVE-2023-29934MEDIUMCVSS 5.5EG 5.52023-05-05
llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().
- CVE-2023-29939MEDIUMCVSS 5.5EG 5.52023-05-05
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).
- CVE-2023-29941MEDIUMCVSS 5.5EG 5.52023-05-05
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.
- CVE-2023-29942MEDIUMCVSS 5.5EG 5.52023-05-05
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.
- CVE-2023-30084MEDIUMCVSS 5.5EG 5.52023-05-09
An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c.
Map vulnerabilities like CWE-125 to your infrastructure
EchelonGraph correlates every CVE — across CWE-125 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →