CWE-126 - Buffer Over-read
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2025-04-03
Weakness Name
Buffer Over-read
Description
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Common Consequences
Scope: Confidentiality
Impact: Read Memory
Scope: Confidentiality
Impact: Bypass Protection Mechanism
Notes: By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.
Scope: Availability, Integrity
Impact: DoS: Crash, Exit, or Restart
Notes: An attacker might be able to cause a crash or other denial of service by causing the product to read a memory location that is not allowed (such as a segmentation fault), or to cause other conditions in which the read operation returns more data than is expected.