Out-of-bounds Read
Weakness ID: 125 (Weakness Base)Status: Draft
+ Description

Description Summary

The software reads data past the end, or before the beginning, of the intended buffer.

Extended Description

This typically occurs when the pointer or its index is incremented or decremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in corruption of sensitive information, a crash, or code execution among other things.

+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

C

C++

+ Observed Examples
ReferenceDescription
CVE-2004-0112out-of-bounds read due to improper length check
CVE-2004-0183packet with large number of specified elements cause out-of-bounds read.
CVE-2004-0221packet with large number of specified elements cause out-of-bounds read.
CVE-2004-0184out-of-bounds read, resultant from integer underflow
CVE-2004-1940large length value causes out-of-bounds read
CVE-2004-0421malformed image causes out-of-bounds read
+ Weakness Ordinalities
OrdinalityDescription
Primary
(where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class119Failure to Constrain Operations within the Bounds of a Memory Buffer
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant126Buffer Over-read
Development Concepts699
Research Concepts1000
ParentOfWeakness VariantWeakness Variant127Buffer Under-read
Development Concepts699
Research Concepts1000
+ Research Gaps

Under-studied and under-reported. Most issues are probably labeled as buffer overflows.

+ Causal Nature

Explicit

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVEROut-of-bounds Read
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Applicable Platforms, Relationships, Taxonomy Mappings, Weakness Ordinalities
2009-10-29CWE Content TeamMITREInternal
updated Description