CWE-126 - Buffer Over-read
- 摘要:Variant
- 结构:Simple
- 状态:Draft
- 发布日期:2006-07-19
- 更新日期:2025-12-11
名称
Buffer Over-read
描述
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
常见后果
范围:Confidentiality
影响:Read Memory
范围:Confidentiality
影响:Bypass Protection Mechanism
注释:By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.
范围:Availability, Integrity
影响:DoS: Crash, Exit, or Restart
注释:An attacker might be able to cause a crash or other denial of service by causing the product to read a memory location that is not allowed (such as a segmentation fault), or to cause other conditions in which the read operation returns more data than is expected.