Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

494 vulnerabilities reference this CWE, most recent first.

GHSA-F33W-G2MP-F2W2

Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-11-25 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/ops-common: ignore migration request to invalid nodes

damon_migrate_pages() tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOS_MIGRATE_{HOT,COLD} action, the below kernel BUG can happen.

[ 7831.883495] BUG: unable to handle page fault for address: 0000000000001f48
[ 7831.884160] #PF: supervisor read access in kernel mode
[ 7831.884681] #PF: error_code(0x0000) - not-present page
[ 7831.885203] PGD 0 P4D 0
[ 7831.885468] Oops: Oops: 0000 [#1] SMP PTI
[ 7831.885852] CPU: 31 UID: 0 PID: 94202 Comm: kdamond.0 Not tainted 6.16.0-rc5-mm-new-damon+ #93 PREEMPT(voluntary)
[ 7831.886913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.el9 04/01/2014
[ 7831.887777] RIP: 0010:__alloc_frozen_pages_noprof (include/linux/mmzone.h:1724 include/linux/mmzone.h:1750 mm/page_alloc.c:4936 mm/page_alloc.c:5137)
[...]
[ 7831.895953] Call Trace:
[ 7831.896195]  <TASK>
[ 7831.896397] __folio_alloc_noprof (mm/page_alloc.c:5183 mm/page_alloc.c:5192)
[ 7831.896787] migrate_pages_batch (mm/migrate.c:1189 mm/migrate.c:1851)
[ 7831.897228] ? __pfx_alloc_migration_target (mm/migrate.c:2137)
[ 7831.897735] migrate_pages (mm/migrate.c:2078)
[ 7831.898141] ? __pfx_alloc_migration_target (mm/migrate.c:2137)
[ 7831.898664] damon_migrate_folio_list (mm/damon/ops-common.c:321 mm/damon/ops-common.c:354)
[ 7831.899140] damon_migrate_pages (mm/damon/ops-common.c:405)
[...]

Add a target node validity check in damon_migrate_pages(). The validity check is stolen from that of do_pages_move(), which is being used for the move_pages() system call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-05T18:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/ops-common: ignore migration request to invalid nodes\n\ndamon_migrate_pages() tries migration even if the target node is invalid. \nIf users mistakenly make such invalid requests via\nDAMOS_MIGRATE_{HOT,COLD} action, the below kernel BUG can happen.\n\n    [ 7831.883495] BUG: unable to handle page fault for address: 0000000000001f48\n    [ 7831.884160] #PF: supervisor read access in kernel mode\n    [ 7831.884681] #PF: error_code(0x0000) - not-present page\n    [ 7831.885203] PGD 0 P4D 0\n    [ 7831.885468] Oops: Oops: 0000 [#1] SMP PTI\n    [ 7831.885852] CPU: 31 UID: 0 PID: 94202 Comm: kdamond.0 Not tainted 6.16.0-rc5-mm-new-damon+ #93 PREEMPT(voluntary)\n    [ 7831.886913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.el9 04/01/2014\n    [ 7831.887777] RIP: 0010:__alloc_frozen_pages_noprof (include/linux/mmzone.h:1724 include/linux/mmzone.h:1750 mm/page_alloc.c:4936 mm/page_alloc.c:5137)\n    [...]\n    [ 7831.895953] Call Trace:\n    [ 7831.896195]  \u003cTASK\u003e\n    [ 7831.896397] __folio_alloc_noprof (mm/page_alloc.c:5183 mm/page_alloc.c:5192)\n    [ 7831.896787] migrate_pages_batch (mm/migrate.c:1189 mm/migrate.c:1851)\n    [ 7831.897228] ? __pfx_alloc_migration_target (mm/migrate.c:2137)\n    [ 7831.897735] migrate_pages (mm/migrate.c:2078)\n    [ 7831.898141] ? __pfx_alloc_migration_target (mm/migrate.c:2137)\n    [ 7831.898664] damon_migrate_folio_list (mm/damon/ops-common.c:321 mm/damon/ops-common.c:354)\n    [ 7831.899140] damon_migrate_pages (mm/damon/ops-common.c:405)\n    [...]\n\nAdd a target node validity check in damon_migrate_pages().  The validity\ncheck is stolen from that of do_pages_move(), which is being used for the\nmove_pages() system call.",
  "id": "GHSA-f33w-g2mp-f2w2",
  "modified": "2025-11-25T21:32:04Z",
  "published": "2025-09-05T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39700"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c303fa1f311aadc17fa82b7bbf776412adf45de"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e6c3130690a01076efdf45aa02ba5d5c16849a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d0c2d15aff96746f99a7c97221bb8ce5b62db19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F3Q8-X325-FC8H

Vulnerability from github – Published: 2026-05-27 12:31 – Updated: 2026-05-27 12:31
VLAI
Details

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through <= 3.0.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T11:16:19Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through \u003c= 3.0.2.",
  "id": "GHSA-f3q8-x325-fc8h",
  "modified": "2026-05-27T12:31:22Z",
  "published": "2026-05-27T12:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42732"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/quick-adsense-reloaded/vulnerability/wordpress-ads-by-wpquads-plugin-3-0-2-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F3QP-9GXF-F3C8

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2024-10-08 09:30
VLAI
Details

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31345"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-09T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
  "id": "GHSA-f3qp-9gxf-f3c8",
  "modified": "2024-10-08T09:30:50Z",
  "published": "2022-05-24T19:20:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31345"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F46P-QR4H-M6P4

Vulnerability from github – Published: 2025-04-25 06:30 – Updated: 2025-10-10 09:30
VLAI
Details

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module and CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-25T06:15:45Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module and CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY allows a remote unauthenticated attacker to cause a Denial of Service condition in the products by sending specially crafted UDP packets.",
  "id": "GHSA-f46p-qr4h-m6p4",
  "modified": "2025-10-10T09:30:48Z",
  "published": "2025-04-25T06:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3511"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU96620683"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-128-03"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-001_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F559-VGH2-9HJ6

Vulnerability from github – Published: 2026-06-18 21:32 – Updated: 2026-06-18 21:32
VLAI
Details

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-55392"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-18T19:16:23Z",
    "severity": "MODERATE"
  },
  "details": "NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg.",
  "id": "GHSA-f559-vgh2-9hj6",
  "modified": "2026-06-18T21:32:34Z",
  "published": "2026-06-18T21:32:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55392"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nilfs-dev/nilfs-utils/issues/26"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nilfs-dev/nilfs-utils/commit/26efb5daff0757365101035145331b0a5a85d9d9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F6R7-6W34-X2GP

Vulnerability from github – Published: 2026-05-28 06:31 – Updated: 2026-07-01 21:26
VLAI
Summary
Keycloak Vulnerable to Improper Validation of Specified Quantity in Input
Details

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-ldap-federation"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-9801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-01T21:26:37Z",
    "nvd_published_at": "2026-05-28T06:16:29Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node.",
  "id": "GHSA-f6r7-6w34-x2gp",
  "modified": "2026-07-01T21:26:37Z",
  "published": "2026-05-28T06:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9801"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/issues/49434"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/pull/49514"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/2c4fe42235ba8c265b1da3a30541a270d5bd8c39"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:25097"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:25098"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30049"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30050"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-9801"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482473"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak Vulnerable to Improper Validation of Specified Quantity in Input"
}

GHSA-F768-8PVQ-MM6R

Vulnerability from github – Published: 2022-02-01 22:01 – Updated: 2023-06-30 20:07
VLAI
Summary
Dolibarr vulnerable to Improper Validation of Specified Quantity in Input
Details

Dolibarr 14.0.5 and prior versions are vulnerable to Improper Validation of Specified Quantity in Input.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 14.0.5"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "dolibarr/dolibarr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "15.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-0414"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-01T15:33:18Z",
    "nvd_published_at": "2022-01-31T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Dolibarr 14.0.5 and prior versions are vulnerable to Improper Validation of Specified Quantity in Input.",
  "id": "GHSA-f768-8pvq-mm6r",
  "modified": "2023-06-30T20:07:03Z",
  "published": "2022-02-01T22:01:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0414"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dolibarr/dolibarr/commit/37fb02ee760cfff18c795ba468da1ba1c53f4684"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dolibarr/dolibarr"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Dolibarr vulnerable to Improper Validation of Specified Quantity in Input"
}

GHSA-F7W2-RJ2F-73Q3

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-30 03:36
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - reject short ahash digests during instance creation

authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequence number data at the end of the authenticated data.

While crypto_authenc_esn_setauthsize() already rejects explicit non-zero authsizes in the range 1..3, crypto_authenc_esn_create() still copied auth->digestsize into inst->alg.maxauthsize without validating it. The AEAD core then initialized the tfm's default authsize from that value.

As a result, selecting an ahash with digest size 1..3, such as cbcmac(cipher_null), exposed authencesn instances whose default authsize was invalid even though setauthsize() would have rejected the same value. AF_ALG could then trigger the ESN tail handling with a too-short tag and hit an out-of-bounds access.

Reject authencesn instances whose ahash digest size is in the invalid non-zero range 1..3 so that no tfm can inherit an unsupported default authsize.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46033"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:22Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: authencesn - reject short ahash digests during instance creation\n\nauthencesn requires either a zero authsize or an authsize of at least\n4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of\nhigh-order sequence number data at the end of the authenticated data.\n\nWhile crypto_authenc_esn_setauthsize() already rejects explicit\nnon-zero authsizes in the range 1..3, crypto_authenc_esn_create()\nstill copied auth-\u003edigestsize into inst-\u003ealg.maxauthsize without\nvalidating it.  The AEAD core then initialized the tfm\u0027s default\nauthsize from that value.\n\nAs a result, selecting an ahash with digest size 1..3, such as\ncbcmac(cipher_null), exposed authencesn instances whose default\nauthsize was invalid even though setauthsize() would have rejected the\nsame value.  AF_ALG could then trigger the ESN tail handling with a\ntoo-short tag and hit an out-of-bounds access.\n\nReject authencesn instances whose ahash digest size is in the invalid\nnon-zero range 1..3 so that no tfm can inherit an unsupported default\nauthsize.",
  "id": "GHSA-f7w2-rj2f-73q3",
  "modified": "2026-06-30T03:36:50Z",
  "published": "2026-05-27T15:33:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46033"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-46033"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482000"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f31cd1e64a079c845bca31d2da7b3c90a311726"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5db6ef9847717329f12c5ea8aba7e9f588a980c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67f1f0933cc3d78dde222842bcad2778ec7a0b88"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/77f59fb2d3aa33e90ec6cbbf45dcfb20ab82b1a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9aff81e8217e9de2929084b03b3c7f81988c112b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b42821c15445f93daea3e76ada682b2b7181c476"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b69933e97efea238ebbfcf70c2b1be1cd03f13e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4c6a6d08e70bb1083c7c405fc7faacbf19aebc0"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46033.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F82P-7GV2-XXJ9

Vulnerability from github – Published: 2026-01-20 15:33 – Updated: 2026-01-20 15:33
VLAI
Details

A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11743"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-20T14:16:06Z",
    "severity": "HIGH"
  },
  "details": "A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover.",
  "id": "GHSA-f82p-7gv2-xxj9",
  "modified": "2026-01-20T15:33:12Z",
  "published": "2026-01-20T15:33:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11743"
    },
    {
      "type": "WEB",
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1770.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-F8R7-633C-JQQ8

Vulnerability from github – Published: 2026-01-31 00:30 – Updated: 2026-01-31 00:30
VLAI
Details

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-30T22:15:54Z",
    "severity": "MODERATE"
  },
  "details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.",
  "id": "GHSA-f8r7-633c-jqq8",
  "modified": "2026-01-31T00:30:28Z",
  "published": "2026-01-31T00:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36423"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7257694"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.