Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-6094

Summary
Assigner-wolfSSL
Assigner Org ID-50d2cd11-d01a-48ed-9441-5bfce9d63b27
Published At-25 Jun, 2026 | 16:35
Updated At-25 Jun, 2026 | 17:59
Rejected At-
Credits

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:wolfSSL
Assigner Org ID:50d2cd11-d01a-48ed-9441-5bfce9d63b27
Published At:25 Jun, 2026 | 16:35
Updated At:25 Jun, 2026 | 17:59
Rejected At:
â–¼CVE Numbering Authority (CNA)
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

Affected Products
Vendor
wolfSSL
Product
wolfSSL
Collection URL
https://github.com/wolfSSL/wolfssl
Default Status
unaffected
Versions
Affected
  • From 5.8.0 through 5.9.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
4.06.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Dikai Zou
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/wolfSSL/wolfssl/pull/10128
patch
https://www.wolfssl.com/docs/security-vulnerabilities/
N/A
Hyperlink: https://github.com/wolfSSL/wolfssl/pull/10128
Resource:
patch
Hyperlink: https://www.wolfssl.com/docs/security-vulnerabilities/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:facts@wolfssl.com
Published At:25 Jun, 2026 | 18:16
Updated At:26 Jun, 2026 | 16:51

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

wolfssl
wolfssl
>>wolfssl>>Versions from 5.8.0(inclusive) to 5.9.2(exclusive)
cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondaryfacts@wolfssl.com
CWE ID: CWE-125
Type: Secondary
Source: facts@wolfssl.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/wolfSSL/wolfssl/pull/10128facts@wolfssl.com
Issue Tracking
Patch
https://www.wolfssl.com/docs/security-vulnerabilities/facts@wolfssl.com
Vendor Advisory
Hyperlink: https://github.com/wolfSSL/wolfssl/pull/10128
Source: facts@wolfssl.com
Resource:
Issue Tracking
Patch
Hyperlink: https://www.wolfssl.com/docs/security-vulnerabilities/
Source: facts@wolfssl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

307Records found

CVE-2026-5393
Matching Score-10
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-10
Assigner-wolfSSL Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 9.29%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 23:02
Updated-29 Apr, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-6936
Matching Score-10
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-10
Assigner-wolfSSL Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.39%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 21:52
Updated-26 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-buffer over-read with WOLFSSL_CALLBACKS

In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).

Action-Not Available
Vendor-wolfsslwolfSSLwolfssl
Product-wolfsslwolfSSLwolfssl
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2022-42905
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.96% / 77.89%
||
7 Day CHG~0.00%
Published-06 Nov, 2022 | 00:00
Updated-02 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-12340
Matching Score-10
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-10
Assigner-wolfSSL Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 13.27%
||
7 Day CHG+0.01%
Published-25 Jun, 2026 | 19:36
Updated-26 Jun, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds heap read in SM2/SM3 certificate Subject Key Identifier computation

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65 bytes results in an out-of-bounds heap read, leading to a potential crash (denial of service); there is no out-of-bounds write. Note this only affects builds with SM2 support (--enable-sm2 or --enable-all).

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0901
Matching Score-8
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-8
Assigner-wolfSSL Inc.
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.41%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 22:37
Updated-15 Dec, 2025 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SEGV and out of bounds memory read from malicious packet

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.

Action-Not Available
Vendor-wolfsslwolfSSLwolfssl
Product-wolfsslwolfSSLwolfssl
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2014-2896
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.77% / 84.53%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 15:41
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-16748
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.15% / 63.12%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 12:12
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-15382
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.30% / 21.92%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 17:43
Updated-12 Jan, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Client SCP Request Triggers Buffer Overread by 1 Byte

A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.

Action-Not Available
Vendor-wolfsshwolfSSL
Product-wolfsshwolfSSH
CWE ID-CWE-125
Out-of-bounds Read
CVE-2014-2898
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.77% / 84.53%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 15:42
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-15651
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.01% / 58.81%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 21:57
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-5991
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-10||CRITICAL
EPSS-0.56% / 42.50%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 18:33
Updated-06 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overread in domain name matching

In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.

Action-Not Available
Vendor-wolfsslwolfSSLwolfssl
Product-wolfsslwolfSSLwolfssl
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-5392
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-2.3||LOW
EPSS-0.16% / 5.45%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 23:10
Updated-29 Apr, 2026 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wolfSSL heap OOB read in PKCS7 SignedData streaming

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData().

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-125
Out-of-bounds Read
CVE-2014-2897
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.77% / 84.53%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 15:41
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-4159
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-1.2||LOW
EPSS-0.10% / 0.84%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:17
Updated-29 Apr, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read

1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-3547
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.04%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 20:20
Updated-26 Mar, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-0930
Matching Score-6
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-6
Assigner-wolfSSL Inc.
CVSS Score-2.3||LOW
EPSS-0.17% / 6.87%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 21:28
Updated-24 Apr, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.

Action-Not Available
Vendor-wolfsshwolfSSL
Product-wolfsshwolfSSH
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2025-32460
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.32% / 23.34%
||
7 Day CHG+0.02%
Published-09 Apr, 2025 | 00:00
Updated-29 Jan, 2026 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.

Action-Not Available
Vendor-GraphicsMagick
Product-graphicsmagickGraphicsMagick
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-1000301
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-6.00% / 92.44%
||
7 Day CHG~0.00%
Published-24 May, 2018 | 13:00
Updated-15 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

Action-Not Available
Vendor-n/aOracle CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.CURL
Product-debian_linuxpeoplesoft_enterprise_peopletoolsubuntu_linuxcurlenterprise_manager_ops_centerenterprise_linux_desktopenterprise_linux_workstationcommunications_webrtc_session_controllerenterprise_linux_servern/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30194
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.15% / 63.03%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 12:09
Updated-15 Aug, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

Action-Not Available
Vendor-wagon/aCODESYS GmbH
Product-750-8202750-832_firmware750-831750-8211750-893v2_web_server750-8202_firmware750-8216750-831_firmware750-8214750-885_firmware750-881750-880750-829750-8210_firmware750-8213_firmware750-8203_firmware750-891_firmware750-8214_firmware750-8212_firmware750-881_firmware750-823_firmware750-823750-862750-8211_firmware750-8217_firmware750-882_firmware750-8207_firmware750-8203750-889_firmware750-8212750-890_firmware750-8206_firmware750-8208_firmware750-882750-890750-852750-832750-8206750-8207750-8208750-889750-862_firmware750-893_firmware750-8204_firmware750-885750-8204750-8210750-8213750-8216_firmware750-852_firmware750-8217750-880_firmware750-829_firmware750-891n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.28% / 66.45%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 08:15
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation.

Action-Not Available
Vendor-fltk_projectn/a
Product-fltkn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-20367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.80% / 84.75%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 16:50
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

Action-Not Available
Vendor-n/aopenSUSEDebian GNU/LinuxCanonical Ltd.freedesktop.org
Product-ubuntu_linuxlibbsddebian_linuxleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-20433
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.74% / 74.95%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 14:03
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.

Action-Not Available
Vendor-n/aGNU
Product-aspelln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-25178
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.54% / 41.25%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 00:00
Updated-03 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

Action-Not Available
Vendor-luajitn/a
Product-luajitn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-17441
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-7.11% / 93.47%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 22:29
Updated-04 Aug, 2024 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).

Action-Not Available
Vendor-microchipaltrann/a
Product-mplab_harmonypicotcpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-24192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.38% / 29.52%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 21:23
Updated-13 Feb, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.

Action-Not Available
Vendor-robertdavidgrahamn/a
Product-robdnsn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-22949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.77% / 51.09%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 00:00
Updated-27 May, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

Action-Not Available
Vendor-jfreen/ajfree
Product-jfreechartn/ajfreechart
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.31% / 81.24%
||
7 Day CHG~0.00%
Published-10 May, 2017 | 05:14
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

Action-Not Available
Vendor-n/alibxml2 (XMLSoft)
Product-libxml2n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-19953
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.78% / 84.64%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 00:06
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-backportsdebian_linuxgraphicsmagickleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-25847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.19% / 64.06%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 10:43
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-vport_06ec-2v42m-ct_firmwarevport_06ec-2v60m-t_firmwarevport_06ec-2v60m-ct-tvport_06ec-2v36m-ct-tvport_06ec-2v80m_firmwarevport_06ec-2v42mvport_06ec-2v42m-ct-tvport_06ec-2v80m-ct-t_firmwarevport_06ec-2v36m-ct-t_firmwarevport_06ec-2v36m-t_firmwarevport_06ec-2v60m-tvport_06ec-2v80m-ctvport_06ec-2v80m-ct-tvport_06ec-2v80mvport_06ec-2v42m-t_firmwarevport_06ec-2v36m-ct_firmwarevport_06ec-2v36m-tvport_06ec-2v60m-ctvport_06ec-2v80m-t_firmwarevport_06ec-2v26m_firmwarevport_06ec-2v60m-ct-t_firmwarevport_06ec-2v80m-ct_firmwarevport_06ec-2v42m-tvport_06ec-2v60m_firmwarevport_06ec-2v26mvport_06ec-2v60mvport_06ec-2v60m-ct_firmwarevport_06ec-2v80m-tvport_06ec-2v42m_firmwarevport_06ec-2v36m-ctvport_06ec-2v42m-ctvport_06ec-2v42m-ct-t_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-25848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.19% / 64.06%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 10:42
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-vport_06ec-2v42m-ct_firmwarevport_06ec-2v60m-t_firmwarevport_06ec-2v60m-ct-tvport_06ec-2v36m-ct-tvport_06ec-2v80m_firmwarevport_06ec-2v42mvport_06ec-2v42m-ct-tvport_06ec-2v80m-ct-t_firmwarevport_06ec-2v36m-ct-t_firmwarevport_06ec-2v36m-t_firmwarevport_06ec-2v60m-tvport_06ec-2v80m-ctvport_06ec-2v80m-ct-tvport_06ec-2v80mvport_06ec-2v42m-t_firmwarevport_06ec-2v36m-ct_firmwarevport_06ec-2v36m-tvport_06ec-2v60m-ctvport_06ec-2v80m-t_firmwarevport_06ec-2v26m_firmwarevport_06ec-2v60m-ct-t_firmwarevport_06ec-2v80m-ct_firmwarevport_06ec-2v42m-tvport_06ec-2v60m_firmwarevport_06ec-2v26mvport_06ec-2v60mvport_06ec-2v60m-ct_firmwarevport_06ec-2v80m-tvport_06ec-2v42m_firmwarevport_06ec-2v36m-ctvport_06ec-2v42m-ctvport_06ec-2v42m-ct-t_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-15473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.29% / 66.67%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 10:54
Updated-26 Jan, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.

Action-Not Available
Vendor-ntopn/a
Product-ndpin/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-25288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.34% / 81.57%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 15:13
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

Action-Not Available
Vendor-n/aFedora ProjectPython Software Foundation
Product-pillowfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-19949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.89% / 85.17%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 00:06
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-48623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.79% / 51.70%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 00:00
Updated-30 Oct, 2024 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.

Action-Not Available
Vendor-rurbann/acPanel (WebPros International, LLC)
Product-cpanel\n/acpanel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11894
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.70% / 74.42%
||
7 Day CHG~0.00%
Published-19 Apr, 2020 | 18:04
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.

Action-Not Available
Vendor-libmingn/a
Product-libmingn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-44940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.04% / 59.88%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.

Action-Not Available
Vendor-patchelf_projectn/a
Product-patchelfn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-17362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-3.19% / 86.55%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 00:00
Updated-15 Nov, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

Action-Not Available
Vendor-libtomn/aDebian GNU/Linux
Product-libtomcryptdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41880
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.38% / 30.03%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ThreadUnsafeUnigramCandidateSampler Heap out of bounds in Tensorflow

TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-24043
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.12% / 62.18%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 11:59
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.

Action-Not Available
Vendor-n/aWhatsApp LLC
Product-whatsappwhatsapp_businessn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-37032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.58% / 72.50%
||
7 Day CHG+0.04%
Published-19 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

Action-Not Available
Vendor-frroutingn/aDebian GNU/Linux
Product-debian_linuxfrroutingn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22354
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.80% / 52.11%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 17:12
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-17544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-3.26% / 86.85%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 01:07
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

Action-Not Available
Vendor-n/aCanonical Ltd.GNU
Product-ubuntu_linuxaspelln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-41475
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.48% / 38.10%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 19:39
Updated-28 Apr, 2026 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated WPM request. The vulnerability stems from wpm_decode_object_property() calling the deprecated decode_tag_number_and_value() function, which performs no bounds checking on the input buffer. A crafted BACnet/IP packet with a truncated property payload causes the decoder to read 1-7 bytes past the end of the buffer, leading to crashes or information disclosure on embedded BACnet devices. This vulnerability is fixed in 1.4.3.

Action-Not Available
Vendor-bacnetstackbacnet-stack
Product-bacnet_stackbacnet-stack
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-35937
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7||HIGH
EPSS-0.44% / 35.41%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 19:40
Updated-23 Apr, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OOB read in `Gather_nd` op in TensorFlow Lite

TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33319
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.2||HIGH
EPSS-1.31% / 67.23%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 16:58
Updated-09 Jan, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.

Action-Not Available
Vendor-iconicsMitsubishi Electric Iconics Digital SolutionsMitsubishi Electric Corporation
Product-genesis64mc_works64GENESIS64MC Works64GENESIS32ICONICS Suite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-21410
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-1.23% / 65.30%
||
7 Day CHG~0.00%
Published-18 Jun, 2021 | 21:00
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds read in the 6LoWPAN implementation

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround.

Action-Not Available
Vendor-contiki-ngcontiki-ng
Product-contiki-ngcontiki-ng
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.92% / 85.34%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

Action-Not Available
Vendor-luan/aFedora Project
Product-luafedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28228
Matching Score-4
Assigner-Yandex N.V.
ShareView Details
Matching Score-4
Assigner-Yandex N.V.
CVSS Score-9.1||CRITICAL
EPSS-0.67% / 47.52%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash.

Action-Not Available
Vendor-ydbn/a
Product-ydbYDB
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-15926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-5.19% / 91.45%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 20:33
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-20093
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-9.1||CRITICAL
EPSS-33.30% / 98.17%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 11:09
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

Action-Not Available
Vendor-wibun/aSiemens AG
Product-sicam_230simit_simulation_platformsinec_infrastructure_network_servicessimatic_pcs_neosinema_remote_connect_serversimatic_process_historiansicam_230_firmwarepss_capesimatic_wincc_oacodemetersimatic_information_serverWibu-Systems CodeMeter
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found