To view data from the buffer the software uses indexes or pointers referring only to the certain memory locations. As only the pointers or its indexes used by the program become out-of-bound, there is a risk of potentially sensitive disclosure.
The vulnerability is introduced during Implementatin stage.