Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

CVEs (446)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-26243 1Microsoft 7Windows 10 21h2 Windows 10 22h2Windows 11 21h2+4 more Jan 8, 2025 Apr 9, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-31082 - - Nov 21, 2024 Apr 4, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakag...Show more A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.Show less
CVE-2024-31081 - - Aug 4, 2025 Apr 4, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage...Show more A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.Show less
CVE-2024-31080 - - Aug 4, 2025 Apr 4, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage...Show more A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.Show less
CVE-2023-33115 1Qualcomm 164Aqt1000 Firmware Ar8035 FirmwareFastconnect 6200 Firmware+161 more Aug 11, 2025 Apr 1, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVE-2024-3077 1Zephyrproject 1Zephyr Jan 23, 2025 Mar 29, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An malicious BLE device can crash BLE victim device by sending malformed gatt packet
CVE-2023-45919 1Mesa3d 1Mesa Nov 4, 2025 Mar 27, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller...Show more Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.Show less
CVE-2024-26176 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Dec 27, 2024 Mar 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26160 1Microsoft 3Windows 11 22h2 Windows 11 23h2Windows Server 2022 23h2 Dec 27, 2024 Mar 12, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2023-43539 1Qualcomm 135Ar8035 Firmware Csr8811 FirmwareFastconnect 6800 Firmware+132 more Jan 10, 2025 Mar 4, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
CVE-2023-33090 1Qualcomm 51Ar8035 Firmware Fastconnect 6800 FirmwareFastconnect 6900 Firmware+48 more Jan 10, 2025 Mar 4, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Transient DOS while processing channel information for speaker protection v2 module in ADSP.
CVE-2023-33078 1Qualcomm 13Fastconnect 6700 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+10 more Jan 10, 2025 Mar 4, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Information Disclosure while processing IOCTL request in FastRPC.
CVE-2023-51773 1Bacnetstack 1Bacnet Stack May 23, 2025 Feb 29, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.
CVE-2023-6936 1Wolfssl 1Wolfssl Mar 26, 2025 Feb 20, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is o...Show more In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging). Show less
CVE-2023-39541 1Weston Embedded 1Uc Tcp Ip Nov 4, 2025 Feb 20, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a ma...Show more A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv6 ICMPv6 packet.Show less
CVE-2023-39540 1Weston Embedded 1Uc Tcp Ip Nov 4, 2025 Feb 20, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a ma...Show more A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv4 ICMP packet.Show less
CVE-2024-21340 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 4.6 MEDIUM· v3 N/A· v2 Windows Kernel Information Disclosure Vulnerability
CVE-2024-20290 2Cisco Fedoraproject 3Fedora Secure EndpointSecure Endpoint Private Cloud Nov 21, 2024 Feb 7, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect ch...Show more A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .Show less
CVE-2023-43536 1Qualcomm 303315 5g Iot Modem Firmware Aqt1000 FirmwareAr8031 Firmware+300 more Aug 11, 2025 Feb 6, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS while parse fils IE with length equal to 1.
CVE-2023-43533 1Qualcomm 232315 5g Iot Modem Firmware Aqt1000 FirmwareAr8035 Firmware+229 more Aug 11, 2025 Feb 6, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

Previous 1...121314...23 Next