Out-of-bounds Read
Reading memory outside an allocated buffer. Leaks adjacent data, sometimes secrets. C/C++ class.
GateTest coverage
Not directly covered today. GateTest focuses on web-stack languages and infrastructure-as-code. For this class of bug, pair GateTest with a C/C++-aware analyzer.
Example
for (i = 0; i <= len; i++) printf('%c', buffer[i]); — off-by-one reads one byte past end.How to fix it
Use memory-safe languages or bounded-read APIs. GateTest does not scan C/C++ today.
Frequently asked questions
What is CWE-125 (Out-of-bounds Read)?
Reading memory outside an allocated buffer. Leaks adjacent data, sometimes secrets. C/C++ class.
How do I fix out-of-bounds read?
Use memory-safe languages or bounded-read APIs. GateTest does not scan C/C++ today.
Does GateTest detect CWE-125?
Not directly today. GateTest focuses on web-stack languages (JavaScript, TypeScript, Python, Go, Java, Ruby, PHP) and infrastructure-as-code. Out-of-bounds Read is most relevant to C / C++ code. For full coverage of this class, pair GateTest with CodeQL or a memory-safety analyzer.
What rank is Out-of-bounds Read in the CWE Top 25?
Out-of-bounds Read is ranked #7 in the MITRE 2023 CWE Top 25 Most Dangerous Software Weaknesses list. The ranking reflects both prevalence (how often it appears in real CVEs) and severity (the typical impact when it's exploited).