Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  

CWE-125: Out-of-bounds Read

Weakness ID: 125
Abstraction: Base
Status: Draft
Presentation Filter:
+ Description

Description Summary

The software reads data past the end, or before the beginning, of the intended buffer.

Extended Description

This typically occurs when the pointer or its index is incremented or decremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in corruption of sensitive information, a crash, or code execution among other things.

+ Time of Introduction
  • Implementation
+ Applicable Platforms




+ Common Consequences

Technical Impact: Read memory

+ Demonstrative Examples

Example 1

In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method

(Bad Code)
Example Language:
int getValueFromArray(int *array, int len, int index) {

int value;

// check that the array index is less than the maximum
// length of the array
if (index < len) {

// get the value at the specified index of the array
value = array[index];
// if array index is invalid then output error message
// and return value indicating error
else {
printf("Value is: %d\n", array[index]);
value = -1;

return value;

However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below.

(Good Code)
Example Language:


// check that the array index is within the correct
// range of values for the array
if (index >= 0 && index < len) {

+ Observed Examples
out-of-bounds read due to improper length check
packet with large number of specified elements cause out-of-bounds read.
packet with large number of specified elements cause out-of-bounds read.
out-of-bounds read, resultant from integer underflow
large length value causes out-of-bounds read
malformed image causes out-of-bounds read
+ Weakness Ordinalities
(where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class119Improper Restriction of Operations within the Bounds of a Memory Buffer
Development Concepts (primary)699
Research Concepts (primary)1000
Weaknesses for Simplified Mapping of Published Vulnerabilities (primary)1003
ChildOfCategoryCategory970SFP Secondary Cluster: Faulty Buffer Access
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant126Buffer Over-read
Development Concepts699
Research Concepts1000
ParentOfWeakness VariantWeakness Variant127Buffer Under-read
Development Concepts699
Research Concepts1000
CanFollowWeakness BaseWeakness Base822Untrusted Pointer Dereference
Research Concepts1000
CanFollowWeakness BaseWeakness Base823Use of Out-of-range Pointer Offset
Research Concepts1000
CanFollowWeakness BaseWeakness Base824Access of Uninitialized Pointer
Research Concepts1000
CanFollowWeakness BaseWeakness Base825Expired Pointer Dereference
Research Concepts1000
+ Research Gaps

Under-studied and under-reported. Most issues are probably labeled as buffer overflows.

+ Causal Nature


+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVEROut-of-bounds Read
Software Fault PatternsSFP8Faulty Buffer Access
+ References
[REF-17] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 5: Buffer Overruns." Page 89. McGraw-Hill. 2010.
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
2009-10-29CWE Content TeamMITREInternal
updated Description
2010-09-27CWE Content TeamMITREInternal
updated Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Demonstrative_Examples, References, Relationships
2014-06-23CWE Content TeamMITREInternal
updated Related_Attack_Patterns
2014-07-30CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2015-12-07CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017