SYM_CS_0022 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Out-of-bounds Read
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-125: Out-of-bounds Read |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Using MemoryMarshal.CreateSpan or CreateReadOnlySpan with an unchecked length can lead to reading outside the bounds of the underlying data. This happens because these methods do not verify that the specified length is valid.
Impact
If exploited, this can cause your application to access unintended memory, potentially exposing sensitive data or causing crashes. Attackers might leverage this to leak information or destabilize your system, leading to security breaches or reliability issues.