logo

CWE-125 - Out-of-bounds Read

CWE-125

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Out-of-bounds Read

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Common Consequences

Scope: Confidentiality

Impact: Read Memory

Notes: An attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.

Scope: Confidentiality

Impact: Bypass Protection Mechanism

Notes: Out-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Notes: An attacker could cause a segmentation fault or crash by causing memory to be read outside of the bounds of the buffer. This is especially likely when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.

Scope: Other

Impact: Varies by Context

Notes: The read operation could produce other undefined or unexpected results.

Related Weaknesses
CWE-119
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2024-07-16