CWE-125
nazwa:Out-of-bounds Read
abstrakcja:Base
struktura:Simple
status:Draft
opis:The software reads data past the end, or before the beginning, of the intended buffer.
rozszerzony opis:Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.