CWE-125

Reading data outside the bounds of allocated memory at runtime, potentially leaking sensitive information from process memory....

Verified by Precogs Threat Research
BASE SCORE
7.5 CRITICAL

Precogs AI Insight

"Precogs AI runtime analysis detects memory read violations that could expose secrets, keys, or PII from running processes."

EXPLOIT PROBABILITYHigh
PUBLIC POCAvailable

What is CWE-125 (Out-of-bounds Read)?

Reading data outside the bounds of allocated memory at runtime, potentially leaking sensitive information from process memory.

Vulnerability Insights

In the context of binary ai-powered dast vulnerabilities, this vulnerability poses significant risk because compiled binaries and complex AI logic cannot be easily patched without vendor cooperation. Organizations relying on third-party software must use structural analysis tools to detect these flaws.

Impact on Systems

  • Information Disclosure: Reading sensitive data from adjacent memory
  • Security Bypass: Leaking memory addresses to defeat ASLR
  • Denial of Service: Triggering segmentation faults

Real-World Attack Scenario

The attacker manipulates a user-controlled index parameter to point beyond the intended array boundaries. Because the application fails to validate the index, it retrieves and returns the value residing at that arbitrary memory location, effectively leaking internal secrets such as cryptographic keys or memory layout details.

Code Examples

Vulnerable Implementation

int get_item(int index) {
    int array[10] = { /* ... */ };
    // VULNERABLE: No validation that index is within array bounds
    return array[index];
}

Secure Alternative

int get_item(int index) {
    int array[10] = { /* ... */ };
    // SECURE: Strict boundary validation prevents out-of-bounds reading
    if (index >= 0 && index < 10) return array[index];
    return -1;
}

Remediation

Ensure robust input validation, boundary checking, and adherence to secure architecture frameworks when designing Binary DAST solutions. Use automated code scanning or binary analysis to detect flaws early in the SDLC.

CVEs Classified Under CWE-12525 vulnerabilities

The following CVEs have been classified under CWE-125 (Out-of-bounds Read). Each CVE represents a specific vulnerability instance of this weakness type.

CVE-2026-31967HTSlib is a library for reading and writing bioinformatics file formats
CVSS 9.1CRITICALMar 18, 2026
CVE-2026-31966HTSlib is a library for reading and writing bioinformatics file formats
CVSS 9.1CRITICALMar 18, 2026
CVE-2025-69808An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet
CVSS 9.1CRITICALMar 16, 2026
CVE-2026-4462Out of bounds read in Blink in Google Chrome prior to 146
CVSS 8.8HIGHMar 20, 2026
CVE-2026-4460Out of bounds read in Skia in Google Chrome prior to 146
CVSS 8.8HIGHMar 20, 2026
CVE-2026-4459Out of bounds read and write in WebAudio in Google Chrome prior to 146
CVSS 8.8HIGHMar 20, 2026
CVE-2026-4440Out of bounds read and write in WebGL in Google Chrome prior to 146
CVSS 8.8HIGHMar 20, 2026
CVE-2026-4439Out of bounds memory access in WebGL in Google Chrome on Android prior to 146
CVSS 8.8HIGHMar 20, 2026
CVE-2026-31962HTSlib is a library for reading and writing bioinformatics file formats
CVSS 8.8HIGHMar 18, 2026
CVE-2026-4227A security vulnerability has been detected in LB-LINK BL-WR9000 2
CVSS 8.8HIGHMar 16, 2026
CVE-2026-0708A flaw was found in libucl
CVSS 8.3HIGHMar 17, 2026
CVE-2026-31965HTSlib is a library for reading and writing bioinformatics file formats
CVSS 8.2HIGHMar 18, 2026
CVE-2026-28521arduino-TuyaOpen before version 1
CVSS 7.7HIGHMar 16, 2026
CVE-2026-3547Out-of-bounds read in ALPN parsing due to incomplete validation
CVSS 7.5HIGHMar 19, 2026
CVE-2026-4424A flaw was found in libarchive
CVSS 7.5HIGHMar 19, 2026
CVE-2026-22882An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026
CVE-2026-20726An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026
CVE-2025-66633An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026
CVE-2025-66617An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026
CVE-2025-66503An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026
CVE-2025-66042An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026
CVE-2025-66000An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026
CVE-2025-65119An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026
CVE-2025-64776An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026
CVE-2025-64735An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity
CVSS 6.1MEDIUMMar 17, 2026

Supplemental Intelligence & References

🛡️ Notable Vulnerabilities

🔗 External References