CWE-125βOut-of-bounds Read
PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-125
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2025-12-11
Weakness Name
Out-of-bounds Read
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Common Consequences
- Scope:
- Confidentiality
- Impact:
- Read Memory
- Notes:
- An attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.
- Scope:
- Confidentiality
- Impact:
- Bypass Protection Mechanism
- Notes:
- Out-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.
- Scope:
- Availability
- Impact:
- DoS: Crash, Exit, or Restart
- Notes:
- An attacker could cause a segmentation fault or crash by causing memory to be read outside of the bounds of the buffer. This is especially likely when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.
- Scope:
- Other
- Impact:
- Varies by Context
- Notes:
- The read operation could produce other undefined or unexpected results.