CWE-127 - Buffer Under-read

  • Abstraction:Variant
  • Structure:Simple
  • Status:Draft
  • Release Date:2006-07-19
  • Latest Modification Date:2025-12-11

Weakness Name

Buffer Under-read

Description

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

Common Consequences

Scope: Confidentiality

Impact: Read Memory

Scope: Confidentiality

Impact: Bypass Protection Mechanism

Notes: By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.

Related Weaknesses

CWE-125Out-of-bounds Read

CWE-786Access of Memory Location Before Start of Buffer