CWE-125

Naam

Out-of-bounds Read

Status

Draft

Gepubliceerd

2006-07-19
00h00 +00:00

Gewijzigd

2025-12-11
00h00 +00:00

Officiële links

CWE Mitre.org

Meldingen voor een CWE

Blijf op de hoogte van wijzigingen voor een specifieke CWE.

Meldingen beheren

Aangepaste meldingen

Activeer uw gepersonaliseerde meldingen!

Om uw meldingen te activeren hoeft u alleen maar ingelogd te zijn op uw gratis account. Als u nog niet bent ingelogd, kies dan een van de onderstaande opties.

Inloggen op uw account Maak een gratis account aan

Meldingen voor een CWE

Blijf op de hoogte van wijzigingen voor een specifieke CWE.

Parameters

U kunt een titel opgeven die wordt gebruikt in de meldingen die worden verzonden.

Geef het CWE-ID op dat u wilt monitoren.

Planning

Maand

Berekening volgende run

Dag

Weekdag

Uur

Minuut

Aanmakingsdatum

Laatste uitvoering

Volgende uitvoering

Naam: Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Algemene informatie

Introductiemodi

Implementation

Toepasselijke platforms

Taal

Class: Memory-Unsafe (Undetermined)
Name: C (Undetermined)
Name: C++ (Undetermined)

Technologieën

Class: ICS/OT (Often)

Veelvoorkomende gevolgen

Bereik	Impact	Waarschijnlijkheid
Confidentiality	Read Memory Note: An attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.
Confidentiality	Bypass Protection Mechanism Note: Out-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.
Availability	DoS: Crash, Exit, or Restart Note: An attacker could cause a segmentation fault or crash by causing memory to be read outside of the bounds of the buffer. This is especially likely when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.
Other	Varies by Context Note: The read operation could produce other undefined or unexpected results.

Waargenomen voorbeelden

Referenties	Beschrijving
CVE-2023-1018	The reference implementation code for a Trusted Platform Module does not implement length checks on data, allowing for an attacker to read 2 bytes past the end of a buffer.
CVE-2020-11899	Out-of-bounds read in IP stack used in embedded systems, as exploited in the wild per CISA KEV.
CVE-2014-0160	Chain: "Heartbleed" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.
CVE-2021-40985	HTML conversion package has a buffer under-read, allowing a crash
CVE-2018-10887	Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)
CVE-2009-2523	Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).
CVE-2018-16069	Chain: series of floating-point precision errors (CWE-1339) in a web browser rendering engine causes out-of-bounds read (CWE-125), giving access to cross-origin data
CVE-2004-0112	out-of-bounds read due to improper length check
CVE-2004-0183	packet with large number of specified elements cause out-of-bounds read.
CVE-2004-0221	packet with large number of specified elements cause out-of-bounds read.
CVE-2004-0184	out-of-bounds read, resultant from integer underflow
CVE-2004-1940	large length value causes out-of-bounds read
CVE-2004-0421	malformed image causes out-of-bounds read
CVE-2008-4113	OS kernel trusts userland-supplied length value, allowing reading of sensitive information

Mogelijke risicobeperkingen

Phases : Implementation
Phases : Architecture and Design
Use a language that provides appropriate memory abstractions.

Detectiemethoden

Fuzzing

Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.
Effectiviteit : High

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiviteit : High

Automated Dynamic Analysis

Use tools that are integrated during compilation to insert runtime error-checking mechanisms related to memory safety errors, such as AddressSanitizer (ASan) for C/C++ [REF-1518].
Effectiviteit : Moderate

Notities kwetsbaarheidsmapping

Rechtvaardiging : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Opmerking : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Gerelateerde aanvalspatronen

CAPEC-ID	Naam aanvalspatroon
CAPEC-540	Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Referenties

REF-1034

Breaking the memory secrecy assumption
Raoul Strackx, Yves Younan, Pieter Philippaerts, Frank Piessens, Sven Lachmund, Thomas Walter.
https://dl.acm.org/doi/10.1145/1519144.1519145

REF-1035

The info leak era on software exploitation
Fermin J. Serna.
https://media.blackhat.com/bh-us-12/Briefings/Serna/BH_US_12_Serna_Leak_Era_Slides.pdf

REF-44

24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega.

REF-1518

AddressSanitizer
https://clang.llvm.org/docs/AddressSanitizer.html

Indiening

Naam	Organisatie	Datum	Releasedatum	Version
PLOVER		2006-07-19 +00:00	2006-07-19 +00:00	Draft 3

Wijzigingen

Naam	Organisatie	Datum	Opmerking
CWE Content Team	MITRE	2008-09-08 +00:00	updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
CWE Content Team	MITRE	2009-10-29 +00:00	updated Description
CWE Content Team	MITRE	2010-09-27 +00:00	updated Relationships
CWE Content Team	MITRE	2011-06-01 +00:00	updated Common_Consequences
CWE Content Team	MITRE	2012-05-11 +00:00	updated Demonstrative_Examples, References, Relationships
CWE Content Team	MITRE	2014-06-23 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2014-07-30 +00:00	updated Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2015-12-07 +00:00	updated Relationships
CWE Content Team	MITRE	2017-11-08 +00:00	updated Causal_Nature, Observed_Examples, Taxonomy_Mappings
CWE Content Team	MITRE	2018-03-27 +00:00	updated Description
CWE Content Team	MITRE	2019-01-03 +00:00	updated Relationships
CWE Content Team	MITRE	2019-06-20 +00:00	updated Description, Related_Attack_Patterns
CWE Content Team	MITRE	2019-09-19 +00:00	updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships
CWE Content Team	MITRE	2020-02-24 +00:00	updated Potential_Mitigations, Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2020-06-25 +00:00	updated Observed_Examples, Potential_Mitigations
CWE Content Team	MITRE	2020-08-20 +00:00	updated Observed_Examples, Potential_Mitigations, Relationships
CWE Content Team	MITRE	2020-12-10 +00:00	updated Related_Attack_Patterns, Relationships
CWE Content Team	MITRE	2021-07-20 +00:00	updated Observed_Examples, Relationships
CWE Content Team	MITRE	2022-04-28 +00:00	updated Research_Gaps
CWE Content Team	MITRE	2022-06-28 +00:00	updated Observed_Examples, Relationships
CWE Content Team	MITRE	2022-10-13 +00:00	updated Applicable_Platforms, Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2023-01-31 +00:00	updated Description
CWE Content Team	MITRE	2023-04-27 +00:00	updated Detection_Factors, References, Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes, Relationships
CWE Content Team	MITRE	2023-10-26 +00:00	updated Observed_Examples
CWE Content Team	MITRE	2024-07-16 +00:00	updated Alternate_Terms, Common_Consequences, Description, Diagram, Weakness_Ordinalities
CWE Content Team	MITRE	2024-11-19 +00:00	updated Observed_Examples, Relationships
CWE Content Team	MITRE	2025-09-09 +00:00	updated Affected_Resources, Demonstrative_Examples, Functional_Areas
CWE Content Team	MITRE	2025-12-11 +00:00	updated Applicable_Platforms, Detection_Factors, References, Relationships

CWE-125 Detail