Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56099

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-18 Jun, 2026 | 19:29
Updated At-23 Jun, 2026 | 20:44
Rejected At-
Credits

OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:18 Jun, 2026 | 19:29
Updated At:23 Jun, 2026 | 20:44
Rejected At:
â–¼CVE Numbering Authority (CNA)
OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

Affected Products
Vendor
OpenBSDopenbsd
Product
src
Repo
https://github.com/openbsd/src
Default Status
affected
Versions
Affected
  • From 0 before 6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd (git)
Problem Types
TypeCWE IDDescription
CWECWE-125Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Argus Systems
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://pop.argus-systems.ai/advisory/adv-040.html
technical-description
exploit
https://github.com/openbsd/src/commit/6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd
patch
https://www.vulncheck.com/advisories/openbsd-mpls-do-error-kernel-stack-memory-disclosure-via-mpls-input
third-party-advisory
Hyperlink: https://pop.argus-systems.ai/advisory/adv-040.html
Resource:
technical-description
exploit
Hyperlink: https://github.com/openbsd/src/commit/6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/openbsd-mpls-do-error-kernel-stack-memory-disclosure-via-mpls-input
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2026/06/19/3
N/A
http://seclists.org/fulldisclosure/2026/Jun/17
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2026/06/19/3
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2026/Jun/17
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:18 Jun, 2026 | 20:16
Updated At:27 Jun, 2026 | 23:53

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
N/A
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

OpenBSD
openbsd
>>openbsd>>Versions before 2026-06-18(exclusive)
cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondarydisclosure@vulncheck.com
CWE ID: CWE-125
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/openbsd/src/commit/6a23123ec05f1eb29cfcaae0f3a468b2e1983cfddisclosure@vulncheck.com
Patch
https://pop.argus-systems.ai/advisory/adv-040.htmldisclosure@vulncheck.com
Exploit
Patch
Third Party Advisory
https://www.vulncheck.com/advisories/openbsd-mpls-do-error-kernel-stack-memory-disclosure-via-mpls-inputdisclosure@vulncheck.com
Third Party Advisory
http://seclists.org/fulldisclosure/2026/Jun/17af854a3a-2127-422b-91ae-364da2661108
Exploit
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/06/19/3af854a3a-2127-422b-91ae-364da2661108
Exploit
Mailing List
Patch
Third Party Advisory
Hyperlink: https://github.com/openbsd/src/commit/6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd
Source: disclosure@vulncheck.com
Resource:
Patch
Hyperlink: https://pop.argus-systems.ai/advisory/adv-040.html
Source: disclosure@vulncheck.com
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://www.vulncheck.com/advisories/openbsd-mpls-do-error-kernel-stack-memory-disclosure-via-mpls-input
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2026/Jun/17
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Mailing List
Patch
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2026/06/19/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Mailing List
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

73Records found

CVE-2018-15919
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.56% / 87.91%
||
7 Day CHG~0.00%
Published-28 Aug, 2018 | 08:00
Updated-18 Dec, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Action-Not Available
Vendor-n/aOpenBSDNetApp, Inc.
Product-opensshsteelstoredata_ontap_edgeontap_select_deploycloud_backupcn1610_firmwarecn1610n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-15473
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-98.63% / 99.92%
||
7 Day CHG~0.00%
Published-17 Aug, 2018 | 00:00
Updated-17 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxSiemens AGOracle CorporationRed Hat, Inc.NetApp, Inc.OpenBSDCanonical Ltd.
Product-debian_linuxoncommand_unified_manageraff_baseboard_management_controllercloud_backupvasa_providercn1610_firmwareservice_processoropensshsun_zfs_storage_appliance_kitenterprise_linux_workstationfas_baseboard_management_controllerscalance_x204rna_firmwareclustered_data_ontapontap_select_deployvirtual_storage_consoleenterprise_linux_desktopubuntu_linuxdata_ontapenterprise_linux_serverdata_ontap_edgesteelstore_cloud_integrated_storagecn1610scalance_x204rnastorage_replication_adaptern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-20012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-5.04% / 91.24%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 19:32
Updated-29 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

Action-Not Available
Vendor-n/aNetApp, Inc.OpenBSD
Product-ontap_select_deploy_administration_utilityclustered_data_ontaphci_management_nodesolidfireopensshn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2004-0221
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.62% / 88.11%
||
7 Day CHG~0.00%
Published-25 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2004-0112
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.42% / 95.18%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Action-Not Available
Vendor-scoforcepointstonesoftlitespeedtech4dbluecoatneoteristarantellasecurecomputingn/aApple Inc.HP Inc.Symantec CorporationDell Inc.VMware (Broadcom Inc.)Cisco Systems, Inc.Silicon Graphics, Inc.FreeBSD FoundationAvaya LLCCheck Point Software Technologies Ltd.Red Hat, Inc.OpenBSDNovellOpenSSLSun Microsystems (Oracle Corporation)
Product-sg200serverclusteraccess_registrarimanagerinstant_virtual_extranetstonebeat_webclustercontent_services_switch_11500enterprise_linuxopenservermds_9000hp-uxiosprovider-1edirectorycall_managermac_os_x_serverstonebeat_fullclusterlinuxpropackfreebsdintuity_audixcrypto_accelerator_4000litespeed_web_serverproxysggss_4490_global_site_selectorvsuenterprise_linux_desktopapache-based_web_serverstonebeat_securityclusterfirewall-1wbemgsx_serversg208ciscoworks_common_serviceswebnsstonegateconverged_communications_serverpix_firewallmac_os_xvpn-1application_and_content_networking_softwarefirewall_services_modulesg203sidewinderbsafe_ssl-jwebstaraaa_servertarantella_enterpriseokena_stormwatchsecure_content_acceleratoropenbsdcss_secure_content_accelerators8500threat_responseopensslciscoworks_common_management_foundationsg5s8700gss_4480_global_site_selectorpix_firewall_softwareclientless_vpn_gateway_4400cacheos_ca_sacss11000_content_services_switchs8300n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-55654
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.31% / 22.57%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 03:37
Updated-25 Jun, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.

Action-Not Available
Vendor-OpenBSDRed Hat, Inc.
Product-opensshhardened_imagesenterprise_linuxRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-25049
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.88% / 54.61%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 02:53
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).

Action-Not Available
Vendor-n/aOpenBSDLinux Kernel Organization, Inc
Product-libressllinux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-25048
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.88% / 54.61%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 02:53
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).

Action-Not Available
Vendor-n/aOpenBSDLinux Kernel Organization, Inc
Product-libressllinux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-41581
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.62% / 45.58%
||
7 Day CHG~0.00%
Published-24 Sep, 2021 | 02:12
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.

Action-Not Available
Vendor-n/aOpenBSD
Product-libressln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-20539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.00%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:50
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. An out-of-bounds Read in the Wi-Fi vendor command leads to an information leak. The Samsung ID is SVE-2019-14869 (November 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-24564
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.7||LOW
EPSS-0.56% / 42.52%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 20:16
Updated-16 Jan, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vyper extract32 can ready dirty memory

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0.

Action-Not Available
Vendor-vyperlangvyperlangvyperlang
Product-vypervypervyper
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-3576
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.89% / 54.82%
||
7 Day CHG~0.00%
Published-20 Oct, 2022 | 05:50
Updated-05 May, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerds3622xs\+hd6500fs3410DiskStation Manager (DSM)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22918
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-23.13% / 97.49%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 00:00
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Siemens AG
Product-sinec_infrastructure_network_servicesnode.jsNode
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-51210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 38.41%
||
7 Day CHG+0.01%
Published-04 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/afirepad
Product-n/afirepad
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28330
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-3.40% / 87.38%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 10:00
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
read beyond bounds in mod_isapi

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-http_serverwindowsApache HTTP Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21143
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 31.83%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 22:39
Updated-26 Aug, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-istoreiStoreistore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-0518
Matching Score-4
Assigner-CyberArk Labs
ShareView Details
Matching Score-4
Assigner-CyberArk Labs
CVSS Score-4.8||MEDIUM
EPSS-0.37% / 29.15%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 16:45
Updated-03 Nov, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unchecked sscanf return value which leads to memory data leak

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman

Action-Not Available
Vendor-FFmpeg
Product-ffmpegFFmpeg
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-28116
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-13.00% / 95.85%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 21:44
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.

Action-Not Available
Vendor-n/aSquid CacheDebian GNU/LinuxFedora Project
Product-squiddebian_linuxfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-54937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 36.17%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 00:00
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.

Action-Not Available
Vendor-lopalopan/a
Product-e-learning_management_systemn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-48855
Matching Score-4
Assigner-BlackBerry
ShareView Details
Matching Score-4
Assigner-BlackBerry
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 27.35%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:59
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform

Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.

Action-Not Available
Vendor-BlackBerry Limited
Product-qnx_software_development_platformQNX Software Development Platform (SDP)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-44246
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.13% / 62.51%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ossafariipadosmacosSafariiOS and iPadOSmacOSiPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-29362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.26% / 80.86%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 13:32
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

Action-Not Available
Vendor-p11-kit_projectn/a
Product-p11-kitn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-42477
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 36.70%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 15:02
Updated-27 Apr, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
llama.cpp global-buffer-overflow in ggml_type_size

llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561.

Action-Not Available
Vendor-ggmlggerganovggerganov
Product-llama.cppllama.cppllama.cpp
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-42478
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.51%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 15:05
Updated-27 Apr, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
llama.cpp allows Arbitrary Address Read in rpc_server::get_tensor

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address reading. This vulnerability is fixed in b3561.

Action-Not Available
Vendor-ggmlggerganovggerganov
Product-llama.cppllama.cppllama.cpp
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-34776
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 12.34%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 23:56
Updated-27 Apr, 2026 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and Linux, apps that call app.requestSingleInstanceLock() were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same user as the Electron app. Apps that do not call app.requestSingleInstanceLock() are not affected. Windows is not affected by this issue. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.

Action-Not Available
Vendor-Electron UserlandElectron (OpenJS Foundation)
Product-electronelectron
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-27336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-1.71% / 74.51%
||
7 Day CHG~0.00%
Published-22 Dec, 2020 | 21:04
Updated-30 Sep, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access.

Action-Not Available
Vendor-treckn/a
Product-ipv6n/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2024-31198
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.68%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 13:59
Updated-20 Sep, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in libfluid_msg library

Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This issue affects libfluid: 0.1.0.

Action-Not Available
Vendor-opennetworkingOpen Networking Foundation (ONF)open_networking_foundation
Product-libfluid_msglibfluidlibfluid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23264
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.80% / 52.23%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1. An application may be able to read restricted memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionosmacosiphone_osipadosmacOSiOS and iPadOStvOSvisionOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-22006
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 13.24%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 18:55
Updated-03 Apr, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-25987
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 29.02%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:46
Updated-28 Feb, 2026 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has heap buffer over-read in MAP image decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-54500
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 9.69%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 23:08
Updated-01 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Oj: intern.c form_attr has an uninitialized stack read

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory (and, for long keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. In ext/oj/intern.c, form_attr() handles the long-key path by allocating a heap buffer, `b`, populating it with the attribute name, and then freeing it — but it passed the uninitialized stack buffer buf (not b) to rb_intern3(). rb_intern3 therefore reads len + 1 bytes of uninitialized stack memory. When the key length is >= 256, it also reads out of bounds past the 256-byte buf. The resulting bytes are interned and can reach the caller via the produced Symbol or via the EncodingError message raised on invalid UTF-8, leaking process stack contents. This issue has been fixed in version 3.17.3.

Action-Not Available
Vendor-ohler55
Product-oj
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-20973
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 31.26%
||
7 Day CHG~0.00%
Published-09 Jan, 2026 | 06:16
Updated-02 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-4891
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5.3||MEDIUM
EPSS-6.23% / 92.67%
||
7 Day CHG+1.77%
Published-11 May, 2026 | 16:47
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

Action-Not Available
Vendor-dnsmasqRed Hat, Inc.
Product-dnsmasqRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat OpenShift Container Platform 4
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.66% / 73.82%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 22:19
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.

Action-Not Available
Vendor-opencvn/a
Product-opencvn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-6936
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.39%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 21:52
Updated-26 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-buffer over-read with WOLFSSL_CALLBACKS

In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).

Action-Not Available
Vendor-wolfsslwolfSSLwolfssl
Product-wolfsslwolfSSLwolfssl
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2024-0016
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.51%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 19:33
Updated-16 Dec, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-45358
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 15.07%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 21:26
Updated-11 Jun, 2026 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-193
Off-by-one Error
CVE-2023-42114
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-3.7||LOW
EPSS-28.08% / 97.87%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:13
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. . Was ZDI-CAN-17433.

Action-Not Available
Vendor-Exim
Product-eximEximexim
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-37459
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 30.60%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 19:19
Updated-25 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds read when processing a received IPv6 packet

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2510 to patch the system.

Action-Not Available
Vendor-contiki-ngcontiki-ng
Product-contiki-ngcontiki-ng
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-3425
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 41.21%
||
7 Day CHG~0.00%
Published-25 Aug, 2023 | 08:08
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-3425: Out-of-Bounds memory read

Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.

Action-Not Available
Vendor-M-Files Oy
Product-classic_webM-Files Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.93% / 95.34%
||
7 Day CHG+0.09%
Published-17 Jun, 2020 | 10:52
Updated-30 Sep, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.

Action-Not Available
Vendor-treckn/a
Product-tcp\/ipn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5065
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-1.88% / 76.85%
||
7 Day CHG~0.00%
Published-05 Sep, 2019 | 16:07
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.

Action-Not Available
Vendor-blynkn/a
Product-blynk-libraryBlynck Inc
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5034
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.08%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 21:07
Updated-04 Aug, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vulnerability.

Action-Not Available
Vendor-n/aGoogle LLC
Product-nest_cam_iq_indoor_firmwarenest_cam_iq_indoorNest Labs
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-40686
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.25% / 15.77%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 00:00
Updated-01 May, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.

Action-Not Available
Vendor-Exim
Product-eximExim
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-28866
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.77% / 51.21%
||
7 Day CHG-0.01%
Published-27 Mar, 2023 | 00:00
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-11172
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.90% / 55.25%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:36
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-hpcr1304wftysrbbs2600bpbhns2600bpb24rhpcr2208wf0zsrr1304wftysrhpcr2208wftzsrr2208wftzsrr2208wf0zsrr1208wftysr1304wf0ysr2224wfqzshns2600bpqbbs2600stqhpcr2312wftzsrhns2600bpbrhpcr2224wftzsrhns2600bpblchpcr2208wftzsrxbbs2600stbr2208wf0zsr2208wftzshns2600bpsrr1208wftysrr2208wftzsrxbbs2600stbrhns2600bpbrxr2312wf0nphns2600bpblcrs2600stbr2224wftzsrr2208wfqzsrr2224wftzsbbs2600bpqrbbs2600stqrr2208wfqzsbbs2600bpshns2600bpshpcr2312wf0nprhns2600bpq24rhns2600bpb24hns2600bps24hns2600bpq24hns2600bpblc24r2312wfqzshpcr1208wftysrs9256wk1hlchpchns2600bpsrbbs2600bpsrr2312wf0nprs2600stbrs2600wftrhns2600bpbhpcr2208wfqzsrs9248wk2hlcr1304wftysbbs2600bpbrs9248wk2hachpcr1208wfqysrhns2600bpblc24rs2600wf0rs2600stqrs9232wk1hlcs2600stqs9232wk2hacr2308wftzss9248wk1hlcs2600wfqrhpcr2308wftzsrr1208wfqysrhpchns2600bpbrr2312wftzsrr2308wftzsrhpcr1304wf0ysrhpchns2600bpqrs2600wf0hns2600bps24rs9232wk2hlchns2600bpqrs2600wfqbbs2600bpqr1304wf0ysrbaseboard_management_controller_firmwares2600wfthns2600bpb24rxr2312wftzsIntel(R) BMC
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-11579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.41% / 69.45%
||
7 Day CHG~0.00%
Published-28 Apr, 2019 | 15:22
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.

Action-Not Available
Vendor-dhcpcd_projectn/aDebian GNU/Linux
Product-dhcpcddebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-11046
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-3.7||LOW
EPSS-4.08% / 89.47%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 02:40
Updated-16 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer underflow in bc_shift_addsub

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

Action-Not Available
Vendor-Debian GNU/LinuxThe PHP GroupTenable, Inc.Canonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxphpdebian_linuxfedorasecuritycenterleapPHP
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-24473
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.86% / 54.02%
||
7 Day CHG~0.00%
Published-30 Mar, 2023 | 15:47
Updated-02 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-openimageioOpenImageIO Projectopenimageio
Product-openimageioOpenImageIOopenimageio
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-22485
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.72% / 49.49%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:26
Updated-10 Mar, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cmark-gfm out-of-bounds read in validate_protocol

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.

Action-Not Available
Vendor-GitHub, Inc.
Product-cmark-gfmcmark-gfm
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
  • Previous
  • 1
  • 2
  • Next
Details not found