CWE-125 - Out-of-bounds Read

  • 摘要:Base
  • 结构:Simple
  • 状态:Draft
  • 发布日期:2006-07-19
  • 更新日期:2025-12-11

名称

Out-of-bounds Read

描述

The product reads data past the end, or before the beginning, of the intended buffer.

常见后果

范围:Confidentiality

影响:Read Memory

注释:An attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.

范围:Confidentiality

影响:Bypass Protection Mechanism

注释:Out-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.

范围:Availability

影响:DoS: Crash, Exit, or Restart

注释:An attacker could cause a segmentation fault or crash by causing memory to be read outside of the bounds of the buffer. This is especially likely when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.

范围:Other

影响:Varies by Context

注释:The read operation could produce other undefined or unexpected results.

相关 CWE

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferHigh