LIVE NEWSROOM · --:-- · May 24, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CWE WEAKNESSES  /  CWE-125

CWE-125

Out-of-bounds Read

Base

What it is

The product reads data past the end, or before the beginning, of the intended buffer.

Impact

ConfidentialityRead Memory
ConfidentialityBypass Protection Mechanism
AvailabilityDoS: Crash, Exit, or Restart
OtherVaries by Context

Mitigations

  • [Implementation]Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.When performing input validation, consider all potentially relevant properties, including length, type of input, the full r
  • [Architecture and Design] Use a language that provides appropriate memory abstractions.

Real-world CVE examples

  • CVE-2023-1018 — The reference implementation code for a Trusted Platform Module does not implement length checks on data, allowing for an attacker to read 2 bytes past the end
  • CVE-2020-11899 — Out-of-bounds read in IP stack used in embedded systems, as exploited in the wild per CISA KEV.
  • CVE-2014-0160 — Chain: "Heartbleed" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include privat
  • CVE-2021-40985 — HTML conversion package has a buffer under-read, allowing a crash
  • CVE-2018-10887 — Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)
  • CVE-2009-2523 — Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-1
  • CVE-2018-16069 — Chain: series of floating-point precision errors (CWE-1339) in a web browser rendering engine causes out-of-bounds read (CWE-125), giving access to cross-origin
  • CVE-2004-0112 — out-of-bounds read due to improper length check
  • CVE-2004-0183 — packet with large number of specified elements cause out-of-bounds read.
  • CVE-2004-0221 — packet with large number of specified elements cause out-of-bounds read.
  • CVE-2004-0184 — out-of-bounds read, resultant from integer underflow
  • CVE-2004-1940 — large length value causes out-of-bounds read

Related weaknesses

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →

Scroll to Top