CWE-125 - Out-of-bounds Read

Description: The product reads data past the end, or before the beginning, of the intended buffer.

Common Consequences: Scope: Confidentiality
Impact: Read Memory
Notes: An attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.
Scope: Confidentiality
Impact: Bypass Protection Mechanism
Notes: Out-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Notes: An attacker could cause a segmentation fault or crash by causing memory to be read outside of the bounds of the buffer. This is especially likely when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.
Scope: Other
Impact: Varies by Context
Notes: The read operation could produce other undefined or unexpected results.

Related Weaknesses: CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferHigh

Free security scan for your website

Don't show website scan report rating on the leaderboard

The product reads data past the end, or before the beginning, of the intended buffer.