CWE-126— Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.— MITRE CWE catalog
451 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-126page 2 of 10
- CVE-2022-23130MEDIUMCVSS 5.9EG 5.52022-01-21
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi …
- CVE-2022-25726HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet
- CVE-2022-25728HIGHCVSS 8.2EG 7.52023-02-12
Information disclosure in modem due to buffer over-read while processing response from DNS server
- CVE-2022-25730HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure in modem due to improper check of IP type while processing DNS server query
- CVE-2022-25732HIGHCVSS 8.2EG 7.52023-02-12
Information disclosure in modem due to buffer over read in dns client due to missing length check
- CVE-2022-25738HIGHCVSS 8.2EG 7.52023-02-12
Information disclosure in modem due to buffer over-red while performing checksum of packet received
- CVE-2022-25747HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message
- CVE-2022-2845HIGHCVSS 7.8EG 7.82022-08-17
Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
- CVE-2022-3178HIGHCVSS 7.8EG 7.82022-09-12
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
- CVE-2022-32141MEDIUMCVSS 6.5EG 6.52022-06-24
Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interact…
- CVE-2022-33220MEDIUMCVSS 5.1EG 5.12023-09-05
Information disclosure in Automotive multimedia due to buffer over-read.
- CVE-2022-33221MEDIUMCVSS 6.8EG 5.52023-02-12
Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests.
- CVE-2022-33222HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
- CVE-2022-33228HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
- CVE-2022-33229HIGHCVSS 8.2EG 7.52023-02-12
Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.
- CVE-2022-33258HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure due to buffer over-read in modem while reading configuration parameters.
- CVE-2022-33271HIGHCVSS 8.2EG 7.52023-02-12
Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
- CVE-2022-33273HIGHCVSS 7.3EG 7.32023-05-02
Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
- CVE-2022-33287HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
- CVE-2022-33291HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.
- CVE-2022-33295HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
- CVE-2022-33297MEDIUMCVSS 6.8EG 5.52023-04-13
Information disclosure due to buffer overread in Linux sensors
- CVE-2022-33306HIGHCVSS 7.5EG 7.52023-02-12
Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
- CVE-2022-33309HIGHCVSS 7.5EG 7.52023-03-10
Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
- CVE-2022-34145HIGHCVSS 7.5EG 7.52023-02-12
Transient DOS due to buffer over-read in WLAN Host while parsing frame information.
- CVE-2022-38671MEDIUMCVSS 5.5EG 5.52022-10-14
In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
- CVE-2022-38673MEDIUMCVSS 5.5EG 5.52022-10-14
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
- CVE-2022-39130MEDIUMCVSS 5.5EG 5.52022-12-06
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
- CVE-2022-39132MEDIUMCVSS 5.5EG 5.52022-12-06
In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
- CVE-2022-40503HIGHCVSS 8.2EG 7.52023-04-13
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
- CVE-2022-40505HIGHCVSS 8.2EG 8.22023-05-02
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.
- CVE-2022-40512HIGHCVSS 7.5EG 7.52023-02-12
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
- CVE-2022-40524MEDIUMCVSS 6.7EG 6.72023-09-05
Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.
- CVE-2022-40535HIGHCVSS 7.5EG 7.52023-03-10
Transient DOS due to buffer over-read in WLAN while sending a packet to device.
- CVE-2022-42757LOWCVSS 3.3EG 3.32022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
- CVE-2022-42758LOWCVSS 3.3EG 3.32022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
- CVE-2022-42759MEDIUMCVSS 5.5EG 5.52022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
- CVE-2022-42762MEDIUMCVSS 5.5EG 5.52022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
- CVE-2022-42768MEDIUMCVSS 4.3EG 4.32022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
- CVE-2022-42774MEDIUMCVSS 5.5EG 5.52022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
- CVE-2022-42779MEDIUMCVSS 5.5EG 5.52022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
- CVE-2022-42780MEDIUMCVSS 5.5EG 5.52022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
- CVE-2022-42781MEDIUMCVSS 5.5EG 5.52022-12-06
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
- CVE-2022-4432MEDIUMCVSS 6.7EG 4.42023-01-05
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
- CVE-2022-4433MEDIUMCVSS 6.7EG 4.42023-01-05
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
- CVE-2022-4434MEDIUMCVSS 6.7EG 4.42023-01-05
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.
- CVE-2022-4435MEDIUMCVSS 6.7EG 4.42023-01-05
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
- CVE-2022-44443MEDIUMCVSS 5.5EG 5.52023-01-04
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
- CVE-2022-44445MEDIUMCVSS 5.5EG 5.52023-01-04
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
- CVE-2022-44446MEDIUMCVSS 5.5EG 5.52023-01-04
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Map vulnerabilities like CWE-126 to your infrastructure
EchelonGraph correlates every CVE — across CWE-126 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →