Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

494 vulnerabilities reference this CWE, most recent first.

GHSA-856Q-XV3C-7F2F

Vulnerability from github – Published: 2022-02-23 14:59 – Updated: 2022-02-25 15:38
VLAI
Summary
Unauthenticated control plane denial of service attack in Istio
Details

Impact

The Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker.

For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially multicluster topologies, this port is exposed over the public internet.

Patches

  • Istio 1.13.1 and above
  • Istio 1.12.4 and above
  • Istio 1.11.7 and above

Workarounds

There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.

References

More details can be found in the Istio Security Bulletin

For more information

If you have any questions or comments about this advisory, please email us at istio-security-vulnerability-reports@googlegroups.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.13.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.13.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0"
            },
            {
              "fixed": "1.12.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-23T14:59:08Z",
    "nvd_published_at": "2022-02-22T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker.\n\nFor simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet.\n\n### Patches\n\n- Istio 1.13.1 and above\n- Istio 1.12.4 and above\n- Istio 1.11.7 and above\n\n### Workarounds\nThere are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\n### References\nMore details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-003)\n\n### For more information\nIf you have any questions or comments about this advisory, please email us at [istio-security-vulnerability-reports@googlegroups.com](mailto:istio-security-vulnerability-reports@googlegroups.com)\n",
  "id": "GHSA-856q-xv3c-7f2f",
  "modified": "2022-02-25T15:38:52Z",
  "published": "2022-02-23T14:59:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635"
    },
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84"
    },
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio"
    },
    {
      "type": "WEB",
      "url": "https://istio.io/latest/news/security/istio-security-2022-003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unauthenticated control plane denial of service attack in Istio"
}

GHSA-8896-PXP4-28PJ

Vulnerability from github – Published: 2024-12-29 09:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: prevent bad user input in nsim_dev_health_break_write()

If either a zero count or a large one is provided, kernel can crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-29T09:15:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: prevent bad user input in nsim_dev_health_break_write()\n\nIf either a zero count or a large one is provided, kernel can crash.",
  "id": "GHSA-8896-pxp4-28pj",
  "modified": "2025-11-03T21:32:02Z",
  "published": "2024-12-29T09:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56716"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/470c5ecbac2f19b1cdee2a6ce8d5650c3295c94b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/81bdfcd6e6a998e219c9dd49ec7291c2e0594bbc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e9ef6bdf71bf25f4735e0230ce1919de8985835"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b3a6daaf7cfb2de37b89fd7a5a2ad4ea9aa3e181"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d10321be26ff9e9e912697e9e8448099654ff561"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee76746387f6233bdfa93d7406990f923641568f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88F3-QP5H-CW8H

Vulnerability from github – Published: 2025-10-15 15:30 – Updated: 2025-10-15 15:30
VLAI
Details

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-61938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-15T14:15:56Z",
    "severity": "HIGH"
  },
  "details": "When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-88f3-qp5h-cw8h",
  "modified": "2025-10-15T15:30:28Z",
  "published": "2025-10-15T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61938"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000156624"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-88Q9-CMP2-C2VQ

Vulnerability from github – Published: 2026-05-11 14:53 – Updated: 2026-05-11 14:53
VLAI
Summary
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)
Details

Impact

oxidize-pdf defines Color as a pub enum with public tuple-struct variants Rgb(f64, f64, f64), Gray(f64), and Cmyk(f64, f64, f64, f64). The constructors Color::rgb, Color::gray, and Color::cmyk clamp incoming components to [0.0, 1.0], but because the variants are pub, callers can construct values directly without going through the constructors:

```rust let safe = Color::rgb(f64::NAN, 0.5, 0.5); // clamps NaN to 0.0 let attack = Color::Rgb(f64::NAN, 0.5, 0.5); // bypasses clamp

Color: Copy allows the non-finite value to propagate freely through API surfaces and serialisation. When such a value reaches a content-stream emitter, the writer formats it via format!("{:.3}", v). The Rust standard library renders f64::NAN as "NaN", f64::INFINITY as "inf", and f64::NEG_INFINITY as "-inf" — none of which are valid PDF numeric tokens per ISO 32000-1 §7.3.3:

▎ A numeric object shall be represented by one or more decimal digits with an optional sign and a leading, trailing, or embedded PERIOD.

The resulting content stream contains an invalid token sequence (e.g. NaN 0.500 0.500 rg). Conformant PDF viewers (Adobe Acrobat, Foxit, PDF.js, Apple Preview) reject the content stream, the affected page, or the entire document depending on parser strictness.

Affected packages (all listed in the "Affected products" section of this advisory):

  • oxidize-pdf on crates.io — the core Rust library where the vulnerable code path lives.
  • OxidizePdf.NET on NuGet — .NET FFI binding that exposes Color through its public API; inherits the vulnerability from its dependency on oxidize-pdf.
  • oxidize-pdf on PyPI — Python bindings (PyO3) that similarly expose colour construction; inherits the vulnerability from its dependency.

Who is impacted: any application that uses these packages to generate PDFs and accepts user-influenced colour values without validation. The most exposed surfaces are server-side PDF generators that take arbitrary f64 colour parameters from upstream services.

Reproduction (Rust API): use oxidize_pdf::{Document, Page, graphics::Color};

let mut doc = Document::new(); let mut page = Page::a4(); let gc = page.graphics(); gc.set_fill_color(Color::Rgb(f64::NAN, 0.5, 0.5)); gc.rectangle(50.0, 50.0, 100.0, 100.0).fill(); doc.add_page(page); doc.save("malformed.pdf").unwrap();

// The resulting content stream contains: // NaN 0.500 0.500 rg // 50 50 100 100 re // f // which conformant viewers reject.

Affected sites in oxidize-pdf 2.5.7 (the same code paths are reached by both .NET and Python bindings via FFI):

  • oxidize-pdf-core/src/text/flow.rs (TextFlowContext)
  • oxidize-pdf-core/src/text/mod.rs (TextContext::apply_text_state_parameters)
  • oxidize-pdf-core/src/graphics/mod.rs (GraphicsContext::apply_fill_color / apply_stroke_color)
  • oxidize-pdf-core/src/graphics/patterns.rs (create_checkerboard_pattern / create_stripe_pattern / create_dots_pattern)
  • ~45 sibling sites across forms/, annotations/, layout/rich_text.rs, and writer/pdf_writer/mod.rs that emit colour through the same code path.

Patches

The fix introduces a sanitising helper at the emission boundary in graphics/color.rs:

pub(crate) fn finite_or_zero(val: f64) -> f64 { if val.is_finite() { val } else { 0.0 } }

Every colour-operator emitter (~50 sites across 17 files) now routes through fill_color_op / stroke_color_op / write_fill_color / write_stroke_color, which apply finite_or_zero before formatting. Non-finite components are substituted with 0.0, so the wire format remains ISO 32000-1 conformant regardless of the input.

Patched releases:

  • oxidize-pdf 2.6.0 on crates.io — contains the fix at the source.
  • OxidizePdf.NET on NuGet — bumped to depend on oxidize-pdf 2.6.0 (see "Patched versions" above).
  • oxidize-pdf on PyPI — bumped to depend on oxidize-pdf 2.6.0 (see "Patched versions" above).

Users should upgrade to the patched version of whichever package(s) they consume.

Workarounds

For users who cannot upgrade immediately:

  • Always construct colours via the safe constructors Color::rgb(), Color::gray(), Color::cmyk(), which clamp components to [0.0, 1.0] (no NaN/inf survives clamping).
  • Never use direct enum construction (Color::Rgb(...), Color::Gray(...), Color::Cmyk(...)) when components originate from untrusted input. The same applies to the corresponding APIs in the .NET and Python bindings.
  • Validate untrusted f64 colour inputs with f64::is_finite() (Rust) or equivalent checks (!double.IsFinite(v) in .NET, math.isfinite(v) in Python) before passing them to any oxidize-pdf API.

These mitigations are partial — they cover the application layer but not other code paths that may construct Color values internally. The full fix is the upgrade to the patched versions.

References

  • Issue: https://github.com/bzsanti/oxidizePdf/issues/220
  • Companion refactor: https://github.com/bzsanti/oxidizePdf/issues/221
  • Fix PR: https://github.com/bzsanti/oxidizePdf/pull/225
  • Release PR (oxidize-pdf 2.6.0): https://github.com/bzsanti/oxidizePdf/pull/226
  • .NET binding repository: https://github.com/bzsanti/oxidize-pdf-dotnet
  • Python binding repository: https://github.com/bzsanti/oxidize-python
  • ISO 32000-1 §7.3.3 (Numeric Objects): https://www.iso.org/standard/51502.html

A broader follow-up tracks the same CWE class in non-colour numeric content-stream emitters (line widths, transformation matrices, dash arrays, text positioning, path operators) — to be addressed in oxidize-pdf 2.7.0 with its own advisory.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.5.7"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "oxidize-pdf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.7.1"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "OxidizePdf.NET"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.4.3"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "oxidize-pdf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T14:53:25Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n  `oxidize-pdf` defines `Color` as a `pub enum` with public tuple-struct variants `Rgb(f64, f64, f64)`, `Gray(f64)`, and `Cmyk(f64, f64, f64, f64)`. The constructors `Color::rgb`, `Color::gray`, and `Color::cmyk` clamp incoming\n  components to `[0.0, 1.0]`, but because the variants are `pub`, callers can construct values directly without going through the constructors:\n\n  ```rust\n  let safe   = Color::rgb(f64::NAN, 0.5, 0.5);   // clamps NaN to 0.0\n  let attack = Color::Rgb(f64::NAN, 0.5, 0.5);    // bypasses clamp\n\n  Color: Copy allows the non-finite value to propagate freely through API surfaces and serialisation. When such a value reaches a content-stream emitter, the writer formats it via format!(\"{:.3}\", v). The Rust standard library renders\n  f64::NAN as \"NaN\", f64::INFINITY as \"inf\", and f64::NEG_INFINITY as \"-inf\" \u2014 none of which are valid PDF numeric tokens per ISO 32000-1 \u00a77.3.3:\n\n  \u258e A numeric object shall be represented by one or more decimal digits with an optional sign and a leading, trailing, or embedded PERIOD.\n\n  The resulting content stream contains an invalid token sequence (e.g. NaN 0.500 0.500 rg). Conformant PDF viewers (Adobe Acrobat, Foxit, PDF.js, Apple Preview) reject the content stream, the affected page, or the entire document\n  depending on parser strictness.\n\n  Affected packages (all listed in the \"Affected products\" section of this advisory):\n\n  - oxidize-pdf on crates.io \u2014 the core Rust library where the vulnerable code path lives.\n  - OxidizePdf.NET on NuGet \u2014 .NET FFI binding that exposes Color through its public API; inherits the vulnerability from its dependency on oxidize-pdf.\n  - oxidize-pdf on PyPI \u2014 Python bindings (PyO3) that similarly expose colour construction; inherits the vulnerability from its dependency.\n\n  Who is impacted: any application that uses these packages to generate PDFs and accepts user-influenced colour values without validation. The most exposed surfaces are server-side PDF generators that take arbitrary f64 colour\n  parameters from upstream services.\n\n  Reproduction (Rust API):\n  use oxidize_pdf::{Document, Page, graphics::Color};\n\n  let mut doc = Document::new();\n  let mut page = Page::a4();\n  let gc = page.graphics();\n  gc.set_fill_color(Color::Rgb(f64::NAN, 0.5, 0.5));\n  gc.rectangle(50.0, 50.0, 100.0, 100.0).fill();\n  doc.add_page(page);\n  doc.save(\"malformed.pdf\").unwrap();\n\n  // The resulting content stream contains:\n  //   NaN 0.500 0.500 rg\n  //   50 50 100 100 re\n  //   f\n  // which conformant viewers reject.\n\n  Affected sites in oxidize-pdf 2.5.7 (the same code paths are reached by both .NET and Python bindings via FFI):\n\n  - oxidize-pdf-core/src/text/flow.rs (TextFlowContext)\n  - oxidize-pdf-core/src/text/mod.rs (TextContext::apply_text_state_parameters)\n  - oxidize-pdf-core/src/graphics/mod.rs (GraphicsContext::apply_fill_color / apply_stroke_color)\n  - oxidize-pdf-core/src/graphics/patterns.rs (create_checkerboard_pattern / create_stripe_pattern / create_dots_pattern)\n  - ~45 sibling sites across forms/*, annotations/*, layout/rich_text.rs, and writer/pdf_writer/mod.rs that emit colour through the same code path.\n\n  Patches\n\n  The fix introduces a sanitising helper at the emission boundary in graphics/color.rs:\n\n  pub(crate) fn finite_or_zero(val: f64) -\u003e f64 {\n      if val.is_finite() { val } else { 0.0 }\n  }\n\n  Every colour-operator emitter (~50 sites across 17 files) now routes through fill_color_op / stroke_color_op / write_fill_color / write_stroke_color, which apply finite_or_zero before formatting. Non-finite components are substituted\n  with 0.0, so the wire format remains ISO 32000-1 conformant regardless of the input.\n\n  Patched releases:\n\n  - oxidize-pdf 2.6.0 on crates.io \u2014 contains the fix at the source.\n  - OxidizePdf.NET on NuGet \u2014 bumped to depend on oxidize-pdf 2.6.0 (see \"Patched versions\" above).\n  - oxidize-pdf on PyPI \u2014 bumped to depend on oxidize-pdf 2.6.0 (see \"Patched versions\" above).\n\n  Users should upgrade to the patched version of whichever package(s) they consume.\n\n  Workarounds\n\n  For users who cannot upgrade immediately:\n\n  - Always construct colours via the safe constructors Color::rgb(), Color::gray(), Color::cmyk(), which clamp components to [0.0, 1.0] (no NaN/inf survives clamping).\n  - Never use direct enum construction (Color::Rgb(...), Color::Gray(...), Color::Cmyk(...)) when components originate from untrusted input. The same applies to the corresponding APIs in the .NET and Python bindings.\n  - Validate untrusted f64 colour inputs with f64::is_finite() (Rust) or equivalent checks (!double.IsFinite(v) in .NET, math.isfinite(v) in Python) before passing them to any oxidize-pdf API.\n\n  These mitigations are partial \u2014 they cover the application layer but not other code paths that may construct Color values internally. The full fix is the upgrade to the patched versions.\n\n  References\n\n  - Issue: https://github.com/bzsanti/oxidizePdf/issues/220\n  - Companion refactor: https://github.com/bzsanti/oxidizePdf/issues/221\n  - Fix PR: https://github.com/bzsanti/oxidizePdf/pull/225\n  - Release PR (oxidize-pdf 2.6.0): https://github.com/bzsanti/oxidizePdf/pull/226\n  - .NET binding repository: https://github.com/bzsanti/oxidize-pdf-dotnet\n  - Python binding repository: https://github.com/bzsanti/oxidize-python\n  - ISO 32000-1 \u00a77.3.3 (Numeric Objects): https://www.iso.org/standard/51502.html\n\n  A broader follow-up tracks the same CWE class in non-colour numeric content-stream emitters (line widths, transformation matrices, dash arrays, text positioning, path operators) \u2014 to be addressed in oxidize-pdf 2.7.0 with its own\n  advisory.",
  "id": "GHSA-88q9-cmp2-c2vq",
  "modified": "2026-05-11T14:53:25Z",
  "published": "2026-05-11T14:53:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bzsanti/oxidizePdf/security/advisories/GHSA-88q9-cmp2-c2vq"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bzsanti/oxidizePdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)"
}

GHSA-8927-M9QJ-7WH3

Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2022-04-20 00:01
VLAI
Details

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-1284",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-04T23:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
  "id": "GHSA-8927-m9qj-7wh3",
  "modified": "2022-04-20T00:01:32Z",
  "published": "2022-02-10T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21960"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1389"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8F95-V3JQ-CJ86

Vulnerability from github – Published: 2026-07-09 13:42 – Updated: 2026-07-09 13:42
VLAI
Summary
pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small
Details

Impact

The argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.

Patches

Fixed in 4.0.2.8, which now verifies that nb_blocks is large enough. See 90ff5b1.

Workarounds

Provide a correctly sized nb_blocks buffer.

pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pymonocypher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-53720"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-1284",
      "CWE-787"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-09T13:42:46Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe argon2i_32 implementation does not check the nb_blocks size.  If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.\n\n### Patches\nFixed in 4.0.2.8, which now verifies that nb_blocks is large enough.  See [90ff5b1](https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86).\n\n### Workarounds\nProvide a correctly sized nb_blocks buffer.\n\npymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.",
  "id": "GHSA-8f95-v3jq-cj86",
  "modified": "2026-07-09T13:42:46Z",
  "published": "2026-07-09T13:42:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jetperch/pymonocypher/security/advisories/GHSA-8f95-v3jq-cj86"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jetperch/pymonocypher"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small"
}

GHSA-8FJR-734H-7JJ5

Vulnerability from github – Published: 2025-03-04 21:30 – Updated: 2025-03-04 21:30
VLAI
Details

On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.

Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8000"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-04T21:15:12Z",
    "severity": "MODERATE"
  },
  "details": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \n\nNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.",
  "id": "GHSA-8fjr-734h-7jj5",
  "modified": "2025-03-04T21:30:58Z",
  "published": "2025-03-04T21:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8000"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8FQJ-X6JV-392P

Vulnerability from github – Published: 2026-07-03 03:34 – Updated: 2026-07-03 03:34
VLAI
Details

** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-03T03:16:23Z",
    "severity": "HIGH"
  },
  "details": "** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3\u00a0driver\u00a0allows a local user to bypass security validation and\u00a0access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation.",
  "id": "GHSA-8fqj-x6jv-392p",
  "modified": "2026-07-03T03:34:13Z",
  "published": "2026-07-03T03:34:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4990"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/security-advisory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8H49-W326-P6W9

Vulnerability from github – Published: 2022-12-26 03:30 – Updated: 2023-01-04 03:30
VLAI
Details

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-26T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.",
  "id": "GHSA-8h49-w326-p6w9",
  "modified": "2023-01-04T03:30:32Z",
  "published": "2022-12-26T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37311"
    },
    {
      "type": "WEB",
      "url": "https://open-xchange.com"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2022/Nov/18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P3C-WVJ4-2GQC

Vulnerability from github – Published: 2026-07-10 00:31 – Updated: 2026-07-10 00:31
VLAI
Details

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).

When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.

This issue affects Junos OS on MX with SPC3, and SRX Series: 

  • 23.4 versions before 23.4R2-S7, 
  • 24.2 versions before 24.2R2-S4, 
  • 24.4 versions before 24.4R2-S3,
  • 25.2 versions before 25.2R2.

This issue does not affect releases before 23.4R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-09T22:17:07Z",
    "severity": "HIGH"
  },
  "details": "An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).\n\nWhen TCP proxy is engaged in a flow session, to support ALGs,\u00a0Advanced Anti-Malware, ICAP\u00a0or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.\n\n\n\nThis issue affects Junos OS on MX with SPC3, and SRX Series:\u00a0\n\n\n\n  *  23.4 versions before 23.4R2-S7,\u00a0\n  *  24.2 versions before 24.2R2-S4,\u00a0\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2.\n\n\n\n\nThis issue does not affect releases before 23.4R1.",
  "id": "GHSA-8p3c-wvj4-2gqc",
  "modified": "2026-07-10T00:31:26Z",
  "published": "2026-07-10T00:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57023"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA110083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.