Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

494 vulnerabilities reference this CWE, most recent first.

GHSA-8PWQ-5WX2-R2FC

Vulnerability from github – Published: 2022-12-12 09:30 – Updated: 2022-12-14 18:30
VLAI
Details

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20689"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-130",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-12T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.",
  "id": "GHSA-8pwq-5wx2-r2fc",
  "modified": "2022-12-14T18:30:28Z",
  "published": "2022-12-12T09:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20689"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PXF-65QH-4QRC

Vulnerability from github – Published: 2025-11-06 09:30 – Updated: 2025-11-14 03:30
VLAI
Details

Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10259"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-06T08:15:36Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one.",
  "id": "GHSA-8pxf-65qh-4qrc",
  "modified": "2025-11-14T03:30:53Z",
  "published": "2025-11-06T09:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10259"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU92088475"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-01"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-014_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8Q2F-M3G8-M8QM

Vulnerability from github – Published: 2025-01-06 21:30 – Updated: 2025-01-07 18:30
VLAI
Details

An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-55407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T19:15:12Z",
    "severity": "HIGH"
  },
  "details": "An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.",
  "id": "GHSA-8q2f-m3g8-m8qm",
  "modified": "2025-01-07T18:30:48Z",
  "published": "2025-01-06T21:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55407"
    },
    {
      "type": "WEB",
      "url": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55407/CVE-2024-55407_Winio64.sys_README.md"
    },
    {
      "type": "WEB",
      "url": "http://ite.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8QQV-VV7X-PMX3

Vulnerability from github – Published: 2024-12-02 21:31 – Updated: 2024-12-02 21:31
VLAI
Details

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management) module, which can lead to Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39343"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-02T20:15:06Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management) module, which can lead to Denial of Service.",
  "id": "GHSA-8qqv-vv7x-pmx3",
  "modified": "2024-12-02T21:31:20Z",
  "published": "2024-12-02T21:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39343"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8QVX-F5GF-G43V

Vulnerability from github – Published: 2022-01-12 22:54 – Updated: 2022-01-20 15:34
VLAI
Summary
Logic error in dolibarr
Details

The application does not check the input of price number lead to Business Logic error through negative price amount.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "dolibarr/dolibarr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "15.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-0174"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-11T18:42:50Z",
    "nvd_published_at": "2022-01-10T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The application does not check the input of price number lead to Business Logic error through negative price amount.",
  "id": "GHSA-8qvx-f5gf-g43v",
  "modified": "2022-01-20T15:34:33Z",
  "published": "2022-01-12T22:54:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0174"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dolibarr/dolibarr"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Logic error in dolibarr"
}

GHSA-8RFM-2X4G-8XH5

Vulnerability from github – Published: 2022-08-18 00:00 – Updated: 2023-01-21 03:30
VLAI
Details

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-17T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "libtiff\u0027s tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.",
  "id": "GHSA-8rfm-2x4g-8xh5",
  "modified": "2023-01-21T03:30:28Z",
  "published": "2022-08-18T00:00:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2868"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118863"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8WVG-QC85-JR5C

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-06-30 03:35
VLAI
Details

GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T14:19:46Z",
    "severity": "HIGH"
  },
  "details": "GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.",
  "id": "GHSA-8wvg-qc85-jr5c",
  "modified": "2026-06-30T03:35:54Z",
  "published": "2026-03-16T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3085"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-167"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3085.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d60a94dee3c0a0942c9981491bf83e0de1900fbf"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447495"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-3085"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9488"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9487"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9447"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9446"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8876"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8874"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8862"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8857"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8854"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:7850"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:7673"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6750"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6300"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6259"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19180"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-927H-58V2-FQV5

Vulnerability from github – Published: 2025-06-17 15:31 – Updated: 2025-08-06 18:31
VLAI
Details

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T13:15:21Z",
    "severity": "HIGH"
  },
  "details": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway",
  "id": "GHSA-927h-58v2-fqv5",
  "modified": "2025-08-06T18:31:10Z",
  "published": "2025-06-17T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5349"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-92X6-4GF8-7HCJ

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2025-10-22 03:30
VLAI
Details

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-3904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-06T20:13:00Z",
    "severity": "HIGH"
  },
  "details": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.",
  "id": "GHSA-92x6-4gf8-7hcj",
  "modified": "2025-10-22T03:30:29Z",
  "published": "2022-05-13T01:23:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3904"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3904"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44677"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=799c10559d60f159ab2232203f222f18fa3c4a5f"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1024613"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/362983"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1000-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c"
    },
    {
      "type": "WEB",
      "url": "http://www.vsecurity.com/resources/advisory/20101019-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9398-5GHF-7PR6

Vulnerability from github – Published: 2022-10-31 18:44 – Updated: 2022-10-31 18:44
VLAI
Summary
conduit-hyper vulnerable to Denial of Service from unchecked request length
Details

Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::to_bytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocation failed for that request.

In version 0.4.2, conduit-hyper sets an internal limit of 128 MiB per request, otherwise returning status 400 ("Bad Request").

This crate is part of the implementation of Rust's crates.io, but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, conduit-hyper is not recommended for production use, nor to directly serve the public Internet.

The vulnerability was discovered by Ori Hollander from the JFrog Security Research team.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "conduit-hyper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.2.0-alpha.3"
            },
            {
              "fixed": "0.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-31T18:44:47Z",
    "nvd_published_at": "2022-10-31T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request\u0027s length before calling [`hyper::body::to_bytes`](https://docs.rs/hyper/latest/hyper/body/fn.to_bytes.html). An attacker could send a malicious request with an abnormally large `Content-Length`, which could lead to a panic if memory allocation failed for that request.\n\nIn version 0.4.2, `conduit-hyper` sets an internal limit of 128 MiB per request, otherwise returning status 400 (\"Bad Request\").\n\nThis crate is part of the implementation of Rust\u0027s [crates.io](https://crates.io/), but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, `conduit-hyper` is not recommended for production use, nor to directly serve the public Internet.\n\nThe vulnerability was discovered by Ori Hollander from the JFrog Security Research team.",
  "id": "GHSA-9398-5ghf-7pr6",
  "modified": "2022-10-31T18:44:47Z",
  "published": "2022-10-31T18:44:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/conduit-rust/conduit-hyper/security/advisories/GHSA-9398-5ghf-7pr6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39294"
    },
    {
      "type": "WEB",
      "url": "https://github.com/conduit-rust/conduit-hyper/commit/4d225a53206505d39438ec6694e15f49c038baff"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/conduit-rust/conduit-hyper"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0066.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "conduit-hyper vulnerable to Denial of Service from unchecked request length"
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.