CWE-127: Buffer Under-read
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.
扩展描述
This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.
常见后果
影响范围: Confidentiality
技术影响: Read Memory
影响范围: Confidentiality
技术影响: Bypass Protection Mechanism
说明: By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.
观察示例
参考: CVE-2021-40985
HTML conversion package has a buffer under-read, allowing a crash
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Buffer under-read | - |
| Software Fault Patterns | SFP8 | Faulty Buffer Access | - |