Description
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
Published: 2026-03-24
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

An out-of-bounds read vulnerability has been identified in the software component woof provided by fabiangreffrath. The flaw allows code within the application to read data beyond the bounds of a designated buffer, potentially exposing sensitive or private information to an attacker. The vulnerability is scored at 9.1 under CVSS, indicating a severe risk of exploitation, and although no explicit exploitation method is disclosed, the high score suggests that an attacker could leverage the flaw to obtain confidential data or possibly gain a foothold for higher‑level attacks.

Affected Systems

The issue affects all releases of fabiangreffrath:woof prior to the 15.3.0 version. There is no narrower version scope given, so any deployment using a version older than 15.3.0 is considered vulnerable.

Risk and Exploitability

The CVSS score of 9.1 reflects a high attack impact. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, so current exploitation activity is unknown. The likely path to exploitation involves providing crafted input to woof that triggers the out‑of‑bounds read, indicating a high likelihood of attack if the attacker can exercise control over the input or code path. In absence of publicly available exploits, the risk remains theoretical but potentially significant due to the severity rating.

Generated by OpenCVE AI on March 24, 2026 at 07:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade woof to version 15.3.0 or later as soon as possible.
  • Check the fabiangreffrath project page or related advisories for any patches or updates.
  • If upgrading is delayed, add input validation or boundary checks around the use of woof to prevent the out‑of‑bounds read from occurring.

Generated by OpenCVE AI on March 24, 2026 at 07:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Fabiangreffrath
Fabiangreffrath woof
Vendors & Products Fabiangreffrath
Fabiangreffrath woof

Tue, 24 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
Title Out-of-bounds Read in fabiangreffrath woof
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}

Subscriptions

Fabiangreffrath Woof
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T14:31:31.027Z

Reserved: 2026-03-24T05:36:24.851Z

Link: CVE-2026-4750

cve-icon Vulnrichment

Updated: 2026-03-24T14:31:27.649Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T06:16:23.260

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4750

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:03Z

Weaknesses