1. Home
  2. CWE Database
  3. CWE-127
Variant · Low-Medium

CWE-127: Buffer Under-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

CWE-127 · Variant Level ·1 CVEs

Description

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

Potential Impact

Confidentiality

Read Memory

Confidentiality

Bypass Protection Mechanism

Demonstrative Examples

In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method
Bad
int getValueFromArray(int *array, int len, int index) {
                        
                           int value;
                           
                           // check that the array index is less than the maximum
                           
                           
                           // length of the array
                           if (index < len) {
                              
                                 
                                 // get the value at the specified index of the array
                                 value = array[index];
                           }
                           // if array index is invalid then output error message
                           
                           
                           // and return value indicating error
                           else {printf("Value is: %d\n", array[index]);value = -1;}
                           return value;
                     }
However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in reading data before the beginning of the buffer (CWE-127) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below.
Good
...
                     
                     // check that the array index is within the correct
                     
                     
                     // range of values for the array
                     if (index >= 0 && index < len) {
                     ...

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea
  • Automated Dynamic Analysis Moderate — Use tools that are integrated during compilation to insert runtime error-checking mechanisms related to memory safety errors, such as AddressSanitizer (ASan) for C/C++ [REF-1518].

Real-World CVE Examples

CVE IDDescription
CVE-2021-40985HTML conversion package has a buffer under-read, allowing a crash

CWE-125: Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-786: Access of Memory Location Before Start of Buffer

The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginni...

Taxonomy Mappings

  • PLOVER: — Buffer under-read
  • Software Fault Patterns: SFP8 — Faulty Buffer Access

Frequently Asked Questions

What is CWE-127?

CWE-127 (Buffer Under-read) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

How can CWE-127 be exploited?

Attackers can exploit CWE-127 (Buffer Under-read) to read memory. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-127?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-127?

CWE-127 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.