CWE WEAKNESSES / CWE-126
CWE-126
Buffer Over-read
Variant
What it is
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Impact
| Confidentiality | Read Memory |
| Confidentiality | Bypass Protection Mechanism |
| Availability, Integrity | DoS: Crash, Exit, or Restart |
Real-world CVE examples
- CVE-2022-1733 — Text editor has out-of-bounds read past end of line while indenting C code
- CVE-2014-0160 — Chain: "Heartbleed" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include privat
- CVE-2009-2523 — Chain: product does not handle when an input string is not NULL terminated, leading to buffer over-read or heap-based buffer overflow.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →