CWE-125β€”Out-of-bounds Read

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11
CWE-125 - Out-of-bounds Read - Diagram

Metadata

CWE ID:
CWE-125
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Out-of-bounds Read

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Common Consequences

Scope:
Confidentiality
Impact:
Read Memory
Notes:
An attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.
Scope:
Confidentiality
Impact:
Bypass Protection Mechanism
Notes:
Out-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.
Scope:
Availability
Impact:
DoS: Crash, Exit, or Restart
Notes:
An attacker could cause a segmentation fault or crash by causing memory to be read outside of the bounds of the buffer. This is especially likely when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.
Scope:
Other
Impact:
Varies by Context
Notes:
The read operation could produce other undefined or unexpected results.

Related Weaknesses