CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.4)  

CWE-125: Out-of-bounds Read

Individual Definition in a New Window
Out-of-bounds Read
Status: Draft
Weakness ID: 125 (Weakness Base)
+ Description
Summary

The software reads data past the end, or before the beginning, of the intended buffer.

+ Time of Introduction
* Implementation
+ Applicable Platforms
Languages
C
C++
+ Observed Examples
ReferenceDescription
out-of-bounds read due to improper length check
packet with large number of specified elements cause out-of-bounds read.
out-of-bounds read, resultant from integer underflow
packet with large number of specified elements cause out-of-bounds read.
malformed image causes out-of-bounds read
large length value causes out-of-bounds read
+ Weakness Ordinalities
Primary (where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness ClassWeakness Class119Failure to Constrain Operations within the Bounds of a Memory Buffer
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness VariantWeakness Variant126Buffer Over-read
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness VariantWeakness Variant127Buffer Under-read
Development Concepts (primary)699
Research Concepts (primary)1000
+ Research Gaps

Under-studied and under-reported. Most issues are probably labeled as buffer overflows.

+ Causal Nature
Explicit (an explicit weakness resulting from behavior of the developer)
+ Taxonomy Mappings
Mapped Taxonomy NameMapped Node Name
PLOVEROut-of-bounds Read
+ Content History
Submissions
PLOVER. (Externally Mined)
Modifications
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
Page Last Updated: May 26, 2009