Vulnerabilities (CVE)

Filtered by CWE-125
Total 3635 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38451 2021-10-22 N/A N/A
The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.
CVE-2021-3881 1 Libmobi Project 1 Libmobi 2021-10-22 7.5 HIGH 9.8 CRITICAL
libmobi is vulnerable to Out-of-bounds Read
CVE-2021-3712 3 Debian, Netapp, Openssl 10 Debian Linux, Clustered Data Ontap, Clustered Data Ontap Antivirus Connector and 7 more 2021-10-22 5.8 MEDIUM 7.4 HIGH
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
CVE-2021-38440 1 Fatek 1 Winproladder 2021-10-21 4.3 MEDIUM 3.3 LOW
FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information.
CVE-2021-40729 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2021-10-21 4.3 MEDIUM 3.3 LOW
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.
CVE-2021-30819 1 Apple 2 Ipados, Iphone Os 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents.
CVE-2021-36160 3 Apache, Debian, Fedoraproject 3 Http Server, Debian Linux, Fedora 2021-10-20 5.0 MEDIUM 7.5 HIGH
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
CVE-2021-3522 1 Gstreamer Project 1 Gstreamer 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
CVE-2021-27364 2 Debian, Linux 2 Debian Linux, Linux Kernel 2021-10-20 3.6 LOW 7.1 HIGH
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
CVE-2020-27824 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2021-10-20 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
CVE-2020-24977 5 Debian, Fedoraproject, Netapp and 2 more 12 Debian Linux, Fedora, Active Iq Unified Manager and 9 more 2021-10-20 6.4 MEDIUM 6.5 MEDIUM
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
CVE-2020-10724 3 Canonical, Dpdk, Fedoraproject 3 Ubuntu Linux, Data Plane Development Kit, Fedora 2021-10-19 2.1 LOW 4.4 MEDIUM
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
CVE-2021-35940 1 Apache 1 Portable Runtime 2021-10-18 3.6 LOW 7.1 HIGH
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
CVE-2021-36159 1 Freebsd 1 Libfetch 2021-10-18 6.4 MEDIUM 9.1 CRITICAL
libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.
CVE-2021-3444 1 Linux 1 Linux Kernel 2021-10-16 4.6 MEDIUM 7.8 HIGH
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
CVE-2021-42054 1 Accel-ppp 1 Accel-ppp 2021-10-15 5.0 MEDIUM 7.5 HIGH
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.
CVE-2021-37972 2 Fedoraproject, Google 2 Fedora, Chrome 2021-10-14 6.8 MEDIUM 8.8 HIGH
Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-25483 1 Google 1 Android 2021-10-13 5.0 MEDIUM 6.5 MEDIUM
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
CVE-2021-25487 2 Google, Samsung 2 Android, Exynos 2021-10-13 4.6 MEDIUM 7.8 HIGH
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
CVE-2021-25488 2 Google, Samsung 2 Android, Exynos 2021-10-13 2.1 LOW 5.5 MEDIUM
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.