CWE-126 – Buffer Over-read

Read Time:1 Minute, 3 Second

Description

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-125
CWE-788

 

Consequences

Confidentiality: Read Memory

Confidentiality: Bypass Protection Mechanism

By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.

 

Potential Mitigations

CVE References

  • CVE-2014-0160
    • Chain: “Heartbleed” bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.
  • CVE-2009-2523
    • Chain: product does not handle when an input string is not NULL terminated, leading to buffer over-read or heap-based buffer overflow.