Common Weakness Enumeration

CWE-130

Allowed

Improper Handling of Length Parameter Inconsistency

Abstraction: Base · Status: Incomplete

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

161 vulnerabilities reference this CWE, most recent first.

CVE-2026-5265 (GCVE-0-2026-5265)

Vulnerability from cvelistv5 – Published: 2026-04-24 12:25 – Updated: 2026-06-17 22:00
VLAI
Title
Ovn: ovn: heap over-read in icmp error response generation
Summary
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual packet buffer size. A VM can send a short packet with an inflated IP length field that triggers an ICMP error (e.g., by hitting a reject ACL), causing ovn-controller to read heap memory beyond the valid packet data and include it in the ICMP response sent back to the VM.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
Impacted products
Vendor Product Version
Red Hat Fast Datapath for Red Hat Enterprise Linux 10 Unaffected: 0:25.03.2-100.el10fdp , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for Red Hat Enterprise Linux 10 Unaffected: 0:25.09.2-103.el10fdp , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for Red Hat Enterprise Linux 8 Unaffected: 0:21.12.0-145.el8fdp , < * (rpm)
    cpe:/o:redhat:enterprise_linux:8::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for Red Hat Enterprise Linux 8 Unaffected: 0:23.06.4-30.el8fdp , < * (rpm)
    cpe:/o:redhat:enterprise_linux:8::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for Red Hat Enterprise Linux 9 Unaffected: 0:23.06.4-30.el9fdp , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for Red Hat Enterprise Linux 9 Unaffected: 0:23.09.6-16.el9fdp , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for Red Hat Enterprise Linux 9 Unaffected: 0:24.03.7-82.el9fdp , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for Red Hat Enterprise Linux 9 Unaffected: 0:25.03.2-100.el9fdp , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for Red Hat Enterprise Linux 9 Unaffected: 0:25.09.2-103.el9fdp , < * (rpm)
    cpe:/o:redhat:enterprise_linux:9::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for RHEL 7     cpe:/o:redhat:enterprise_linux:7::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for RHEL 8     cpe:/o:redhat:enterprise_linux:8::fastdatapath
Create a notification for this product.
Red Hat Fast Datapath for RHEL 9     cpe:/o:redhat:enterprise_linux:9::fastdatapath
Create a notification for this product.
Date Public
2026-04-06 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-24T13:37:06.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/20/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/20/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-24T18:19:52.126823Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-24T18:21:26.388Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn25.03",
          "product": "Fast Datapath for Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.03.2-100.el10fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn25.09",
          "product": "Fast Datapath for Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.09.2-103.el10fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn-2021",
          "product": "Fast Datapath for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:21.12.0-145.el8fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn23.06",
          "product": "Fast Datapath for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.06.4-30.el8fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn23.06",
          "product": "Fast Datapath for Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.06.4-30.el9fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn23.09",
          "product": "Fast Datapath for Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:23.09.6-16.el9fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn24.03",
          "product": "Fast Datapath for Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:24.03.7-82.el9fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn25.03",
          "product": "Fast Datapath for Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.03.2-100.el9fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn25.09",
          "product": "Fast Datapath for Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:25.09.2-103.el9fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn2.11",
          "product": "Fast Datapath for RHEL 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn2.12",
          "product": "Fast Datapath for RHEL 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn2.13",
          "product": "Fast Datapath for RHEL 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn2.11",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn2.12",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn2.13",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn22.03",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn22.06",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn22.09",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn22.12",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn23.03",
          "product": "Fast Datapath for RHEL 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn-2021",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn22.03",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn22.06",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn22.09",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn22.12",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn23.03",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "ovn24.09",
          "product": "Fast Datapath for RHEL 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-04-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header\u0027s self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual packet buffer size. A VM can send a short packet with an inflated IP length field that triggers an ICMP error (e.g., by hitting a reject ACL), causing ovn-controller to read heap memory beyond the valid packet data and include it in the ICMP response sent back to the VM."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T22:00:07.950Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:11694",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11694"
        },
        {
          "name": "RHSA-2026:11695",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11695"
        },
        {
          "name": "RHSA-2026:11696",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11696"
        },
        {
          "name": "RHSA-2026:11698",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11698"
        },
        {
          "name": "RHSA-2026:11700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11700"
        },
        {
          "name": "RHSA-2026:11701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11701"
        },
        {
          "name": "RHSA-2026:11702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11702"
        },
        {
          "name": "RHSA-2026:22110",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:22110"
        },
        {
          "name": "RHSA-2026:22111",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:22111"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-5265"
        },
        {
          "name": "RHBZ#2453458",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453458"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-24T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-06T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Ovn: ovn: heap over-read in icmp error response generation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-130: Improper Handling of Length Parameter Inconsistency"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-5265",
    "datePublished": "2026-04-24T12:25:06.808Z",
    "dateReserved": "2026-03-31T17:33:09.225Z",
    "dateUpdated": "2026-06-17T22:00:07.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3868 (GCVE-0-2026-3868)

Vulnerability from cvelistv5 – Published: 2026-04-27 02:56 – Updated: 2026-04-27 15:14
VLAI
Summary
An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive. Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation. While successful exploitation can severely impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
Impacted products
Vendor Product Version
Moxa EDR-8010 Series Affected: 1.0 , ≤ 3.23 (custom)
Unaffected: 3.24 (custom)
Create a notification for this product.
Moxa EDR-G9010 Series Affected: 1.0 , ≤ 3.23.1 (custom)
Unaffected: 3.24 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3868",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-27T15:13:55.314280Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-27T15:14:14.677Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EDR-8010 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.23",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "3.24",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EDR-G9010 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "3.23.1",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "3.24",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:moxa:edr-8010_series:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "3.23",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:moxa:edr-8010_series:3.24:*:*:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:moxa:edr-g9010_series:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "3.23.1",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:moxa:edr-g9010_series:3.24:*:*:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn improper handling of the length parameter inconsistency vulnerability has been identified in Moxa\u2019s Secure Router.\u0026nbsp;Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive.\u0026nbsp;Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation.\u0026nbsp;While successful exploitation can\u0026nbsp;severely\u0026nbsp;impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.\u003c/p\u003e"
            }
          ],
          "value": "An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa\u2019s Secure Router.\u00a0Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive.\u00a0Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation.\u00a0While successful exploitation can\u00a0severely\u00a0impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-47",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-47: Buffer Overflow via Parameter Expansion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T02:56:34.266Z",
        "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "shortName": "Moxa"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261521-cve-2026-3867-cve-2026-3868-improper-ownership-management-and-improper-handling-of-length-parameter-incons"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
    "assignerShortName": "Moxa",
    "cveId": "CVE-2026-3868",
    "datePublished": "2026-04-27T02:56:34.266Z",
    "dateReserved": "2026-03-10T07:56:29.470Z",
    "dateUpdated": "2026-04-27T15:14:14.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54646 (GCVE-0-2025-54646)

Vulnerability from cvelistv5 – Published: 2025-08-06 02:50 – Updated: 2025-08-06 15:39
VLAI
Summary
Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation of this vulnerability may affect performance.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
Impacted products
Vendor Product Version
Huawei HarmonyOS Affected: 5.1.0
Affected: 5.0.1
Affected: 4.3.0
Affected: 4.2.0
Affected: 4.0.0
Affected: 3.1.0
Affected: 3.0.0
Affected: 2.1.0
Affected: 2.0.0
Create a notification for this product.
Huawei EMUI Affected: 14.0.0
Affected: 13.0.0
Affected: 12.0.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54646",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-06T15:12:00.487058Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-06T15:39:49.052Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HarmonyOS",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "4.3.0"
            },
            {
              "status": "affected",
              "version": "4.2.0"
            },
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EMUI",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "14.0.0"
            },
            {
              "status": "affected",
              "version": "13.0.0"
            },
            {
              "status": "affected",
              "version": "12.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vulnerability of inadequate packet length check in the BLE module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect performance."
            }
          ],
          "value": "Vulnerability of inadequate packet length check in the BLE module.\nImpact: Successful exploitation of this vulnerability may affect performance."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-06T02:50:23.319Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://consumer.huawei.com/en/support/bulletin/2025/8/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2025-54646",
    "datePublished": "2025-08-06T02:50:23.319Z",
    "dateReserved": "2025-07-28T03:55:34.532Z",
    "dateUpdated": "2025-08-06T15:39:49.052Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53604 (GCVE-0-2025-53604)

Vulnerability from cvelistv5 – Published: 2025-07-05 00:00 – Updated: 2025-07-08 14:35
VLAI
Summary
The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
Impacted products
Vendor Product Version
pimeys web-push Affected: 0 , < 0.10.3 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53604",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-08T13:10:45.489131Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-08T14:35:55.692Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "web-push",
          "vendor": "pimeys",
          "versions": [
            {
              "lessThan": "0.10.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-05T00:33:04.548Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://rustsec.org/advisories/RUSTSEC-2025-0015.html"
        },
        {
          "url": "https://github.com/pimeys/rust-web-push/pull/68"
        },
        {
          "url": "https://crates.io/crates/web-push"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-53604",
    "datePublished": "2025-07-05T00:00:00.000Z",
    "dateReserved": "2025-07-05T00:00:00.000Z",
    "dateUpdated": "2025-07-08T14:35:55.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-52949 (GCVE-0-2025-52949)

Vulnerability from cvelistv5 – Published: 2025-07-11 14:40 – Updated: 2025-07-11 15:05
VLAI
Title
Junos OS and Junos OS Evolved: In an EVPN environment, receipt of specifically malformed BGP update causes RPD crash
Summary
An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Only systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerable to this issue.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects: Junos OS:  * all versions before 21.4R3-S11,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S1,  * from 24.4 before 24.4R1-S3, 24.4R2;  Junos OS Evolved:  * all versions before 22.2R3-S7-EVO,  * from 22.4-EVO before 22.4R3-S7-EVO,  * from 23.2-EVO before 23.2R2-S4-EVO,  * from 23.4-EVO before 23.4R2-S5-EVO,  * from 24.2-EVO before 24.2R2-S1-EVO,  * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 21.4R3-S11 (semver)
Affected: 22.2 , < 22.2R3-S7 (semver)
Affected: 22.4 , < 22.4R3-S7 (semver)
Affected: 23.2 , < 23.2R2-S4 (semver)
Affected: 23.4 , < 23.4R2-S5 (semver)
Affected: 24.2 , < 24.2R2-S1 (semver)
Affected: 24.4 , < 24.4R1-S3, 24.4R2 (semver)
Create a notification for this product.
Juniper Networks Junos OS Evolved Affected: 0 , < 22.2R3-S7-EVO (semver)
Affected: 22.4-EVO , < 22.4R3-S7-EVO (semver)
Affected: 23.2-EVO , < 23.2R2-S4-EVO (semver)
Affected: 23.4-EVO , < 23.4R2-S5-EVO (semver)
Affected: 24.2-EVO , < 24.2R2-S1-EVO (semver)
Affected: 24.4-EVO , < 24.4R1-S3-EVO, 24.4R2-EVO (semver)
Create a notification for this product.
Date Public
2025-07-09 16:00
Credits
Juniper SIRT would like to acknowledge and thank Craig Dods from Meta’s Infrastructure Security Engineering team for responsibly reporting this vulnerability.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52949",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T15:05:51.634973Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T15:05:58.938Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S7",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S7",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S4",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S5",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S1",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R1-S3, 24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.2R3-S7-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S7-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S4-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S5-EVO",
              "status": "affected",
              "version": "23.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S1-EVO",
              "status": "affected",
              "version": "24.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R1-S3-EVO, 24.4R2-EVO",
              "status": "affected",
              "version": "24.4-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue only affects systems configured for EVPN signaling.\u0026nbsp; For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[protocols bgp family evpn signaling]\u003c/tt\u003e"
            }
          ],
          "value": "This issue only affects systems configured for EVPN signaling.\u00a0 For example:\n\n[protocols bgp family evpn signaling]"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Juniper SIRT would like to acknowledge and thank Craig Dods from Meta\u2019s Infrastructure Security Engineering team for responsibly reporting this vulnerability."
        }
      ],
      "datePublic": "2025-07-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eOnly systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerable to this issue.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.4R3-S11,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R1-S3, 24.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.2R3-S7-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S7-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2-EVO before 24.2R2-S1-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nOnly systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerable to this issue.\u00a0\n\nThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  all versions before 21.4R3-S11,\u00a0\n  *  from 22.2 before 22.2R3-S7,\u00a0\n  *  from 22.4 before 22.4R3-S7,\u00a0\n  *  from 23.2 before 23.2R2-S4,\u00a0\n  *  from 23.4 before 23.4R2-S5,\u00a0\n  *  from 24.2 before 24.2R2-S1,\u00a0\n  *  from 24.4 before 24.4R1-S3, 24.4R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  all versions before 22.2R3-S7-EVO,\u00a0\n  *  from 22.4-EVO before 22.4R3-S7-EVO,\u00a0\n  *  from 23.2-EVO before 23.2R2-S4-EVO,\u00a0\n  *  from 23.4-EVO before 23.4R2-S5-EVO,\u00a0\n  *  from 24.2-EVO before 24.2R2-S1-EVO,\u00a0\n  *  from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T14:40:41.658Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA100053"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved:  22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases.\nJunos OS Evolved:  22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA100053",
        "defect": [
          "1863170"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Junos OS and Junos OS Evolved: In an EVPN environment, receipt of specifically malformed BGP update causes RPD crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-52949",
    "datePublished": "2025-07-11T14:40:41.658Z",
    "dateReserved": "2025-06-23T13:16:01.408Z",
    "dateUpdated": "2025-07-11T15:05:58.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48022 (GCVE-0-2025-48022)

Vulnerability from cvelistv5 – Published: 2026-02-13 04:58 – Updated: 2026-02-13 12:35
VLAI
Summary
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
Create a notification for this product.
Date Public
2026-02-13 03:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48022",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-13T12:34:51.349166Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-13T12:35:05.068Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Vnet/IP Interface Package",
          "vendor": "Yokogawa Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "R1.07.00 or earlier",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-02-13T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T04:58:12.391Z",
        "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "shortName": "YokogawaGroup"
      },
      "references": [
        {
          "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
    "assignerShortName": "YokogawaGroup",
    "cveId": "CVE-2025-48022",
    "datePublished": "2026-02-13T04:58:12.391Z",
    "dateReserved": "2025-05-15T03:31:13.259Z",
    "dateUpdated": "2026-02-13T12:35:05.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-32366 (GCVE-0-2025-32366)

Vulnerability from cvelistv5 – Published: 2025-04-05 00:00 – Updated: 2025-04-15 15:15
VLAI
Summary
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen) without a check for whether the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be larger than the amount of remaining packet data in the current state of parsing. Values of stack memory locations may be sent over the network in a response.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
Impacted products
Vendor Product Version
ConnMan ConnMan Affected: 0 , ≤ 1.44 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32366",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T14:42:05.651515Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T15:15:06.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ConnMan",
          "vendor": "ConnMan",
          "versions": [
            {
              "lessThanOrEqual": "1.44",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:connman:connman:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.44",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr-\u003erdlen) and memcpy(response+offset,*end,*rdlen) without a check for whether the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be larger than the amount of remaining packet data in the current state of parsing. Values of stack memory locations may be sent over the network in a response."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-11T17:13:52.101Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://web.git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnsproxy.c?h=1.44#n1001"
        },
        {
          "url": "https://web.git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnsproxy.c?h=1.44#n988"
        },
        {
          "url": "https://lapis-sawfish-be3.notion.site/0-day-Comman-memory-Leak-190dc00d01d080688472d322c93c4340"
        },
        {
          "url": "https://web.archive.org/web/20250410130356/https://lapis-sawfish-be3.notion.site/0-day-Comman-memory-Leak-190dc00d01d080688472d322c93c4340"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-32366",
    "datePublished": "2025-04-05T00:00:00.000Z",
    "dateReserved": "2025-04-05T00:00:00.000Z",
    "dateUpdated": "2025-04-15T15:15:06.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30659 (GCVE-0-2025-30659)

Vulnerability from cvelistv5 – Published: 2025-04-09 20:03 – Updated: 2025-04-09 20:30
VLAI
Title
Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic
Summary
An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart. This issue affects Junos OS on SRX Series: * All 21.4 versions, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2. This issue does not affect versions before 21.4.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 21.4R1 , < 21.4* (semver)
Affected: 22.2 , < 22.2R3-S6 (semver)
Affected: 22.4 , < 22.4R3-S6 (semver)
Affected: 23.2 , < 23.2R2-S3 (semver)
Affected: 23.4 , < 23.4R2-S4 (semver)
Affected: 24.2 , < 24.2R2 (semver)
Create a notification for this product.
Date Public
2025-04-09 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T20:30:29.483767Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T20:30:38.589Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4*",
              "status": "affected",
              "version": "21.4R1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S6",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S6",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S3",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S4",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue the SRX needs to be configured for SVR:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ services\u0026nbsp;vector-routing ]\u003c/tt\u003e"
            }
          ],
          "value": "To be exposed to this issue the SRX needs to be configured for SVR:\n\n[ services\u00a0vector-routing ]"
        }
      ],
      "datePublic": "2025-04-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll 21.4 versions,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S6,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eThis issue does not affect versions before 21.4."
            }
          ],
          "value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n  *  All 21.4 versions,\n  *  22.2 versions before 22.2R3-S6,\n  *  22.4 versions before 22.4R3-S6,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2.\n\n\n\n\nThis issue does not affect versions before 21.4."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-09T20:03:23.936Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA96470"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA96470",
        "defect": [
          "1820807"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-09T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-30659",
    "datePublished": "2025-04-09T20:03:23.936Z",
    "dateReserved": "2025-03-24T19:34:11.323Z",
    "dateUpdated": "2025-04-09T20:30:38.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-29931 (GCVE-0-2025-29931)

Vulnerability from cvelistv5 – Published: 2025-04-17 11:05 – Updated: 2025-04-17 14:43
VLAI
Summary
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
Impacted products
Vendor Product Version
Siemens TeleControl Server Basic Affected: 0 , < V3.1.2.2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T14:43:20.510525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T14:43:50.005Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "TeleControl Server Basic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.1.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in TeleControl Server Basic (All versions \u003c V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition.\r\nSuccessful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-17T11:05:57.612Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-395348.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-29931",
    "datePublished": "2025-04-17T11:05:57.612Z",
    "dateReserved": "2025-03-12T13:47:09.580Z",
    "dateUpdated": "2025-04-17T14:43:50.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-29784 (GCVE-0-2025-29784)

Vulnerability from cvelistv5 – Published: 2025-04-18 15:50 – Updated: 2025-04-18 16:05
VLAI
Title
NamelessMC Has Lack of Length Validation for s Parameter in GET Requests
Summary
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-130 - Improper Handling of Length Parameter Inconsistency
  • CWE-20 - Improper Input Validation
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
NamelessMC Nameless Affected: < 2.2.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29784",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T16:05:26.830187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-18T16:05:30.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nameless",
          "vendor": "NamelessMC",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NamelessMC is a free, easy to use \u0026 powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-18T15:50:17.656Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm"
        },
        {
          "name": "https://github.com/NamelessMC/Nameless/commit/f5341e56930a98978171e0a871d60f19ab30ebdd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/NamelessMC/Nameless/commit/f5341e56930a98978171e0a871d60f19ab30ebdd"
        },
        {
          "name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0"
        }
      ],
      "source": {
        "advisory": "GHSA-4hrq-rf96-c2jm",
        "discovery": "UNKNOWN"
      },
      "title": "NamelessMC Has Lack of Length Validation for s Parameter in GET Requests"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-29784",
    "datePublished": "2025-04-18T15:50:17.656Z",
    "dateReserved": "2025-03-11T14:23:00.475Z",
    "dateUpdated": "2025-04-18T16:05:30.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data.

Mitigation
Implementation

Do not let the user control the size of the buffer.

Mitigation
Implementation

Validate that the length of the user-supplied data is consistent with the buffer size.

CAPEC-47: Buffer Overflow via Parameter Expansion

In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.