Common Weakness Enumeration

CWE-789

Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

CVE-2025-8696 (GCVE-0-2025-8696)

Vulnerability from cvelistv5 – Published: 2025-09-10 17:59 – Updated: 2025-11-04 21:15
VLAI
Title
DoS attack against the Stork UI from an unauthenticated user
Summary
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Memory Allocation with Excessive Size Value
  • CWE-779 - Logging of Excessive Data
Assigner
isc
Impacted products
Vendor Product Version
ISC Stork Affected: 1.0.0 , ≤ 2.3.0 (custom)
Create a notification for this product.
Date Public
2025-09-10 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8696",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-11T14:26:49.356453Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-11T14:42:42.595Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:15:10.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/10/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Stork",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "2.3.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-09-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.\nThis issue affects Stork versions 1.0.0 through 2.3.0."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Resource exhaustion. A sufficiently large input will cause Stork to allocate more memory than is available, leading to the failure of the `stork-server` process and/or other processes. Repeated smaller inputs may not exhaust memory but may fill log storage or force premature log rotation."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-779",
              "description": "CWE-779 Logging of Excessive Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-10T17:59:52.878Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2025-8696",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2025-8696"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of Stork: 2.2.1 or 2.3.1."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "DoS attack against the Stork UI from an unauthenticated user",
      "workarounds": [
        {
          "lang": "en",
          "value": "Placing the Stork server behind a firewall or proxy that only allows access from trusted clients, and/or enforces input size limits, is an effective workaround."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2025-8696",
    "datePublished": "2025-09-10T17:59:52.878Z",
    "dateReserved": "2025-08-07T09:49:55.542Z",
    "dateUpdated": "2025-11-04T21:15:10.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10142 (GCVE-0-2026-10142)

Vulnerability from cvelistv5 – Published: 2026-06-10 20:13 – Updated: 2026-06-23 16:13
VLAI
Title
kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length
Summary
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
Impacted products
Vendor Product Version
Dana Powers kafka-python Affected: 0 , < 2.3.2 (git)
Create a notification for this product.
Date Public
2026-06-10 00:00
Credits
Katriel Moses
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10142",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-11T14:12:48.592271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-11T14:13:01.933Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/dpkp/kafka-python",
          "defaultStatus": "unknown",
          "product": "kafka-python",
          "vendor": "Dana Powers",
          "versions": [
            {
              "lessThan": "2.3.2",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Katriel Moses"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ekafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart.\u003c/p\u003e"
            }
          ],
          "value": "kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T16:13:42.149Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-denial-of-service-via-protocol-parser-frame-length"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/dpkp/kafka-python/pull/3019"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/dpkp/kafka-python/pull/3026"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-10142",
    "datePublished": "2026-06-10T20:13:11.286Z",
    "dateReserved": "2026-05-29T21:38:32.287Z",
    "dateUpdated": "2026-06-23T16:13:42.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11946 (GCVE-0-2026-11946)

Vulnerability from cvelistv5 – Published: 2026-07-02 10:54 – Updated: 2026-07-02 12:15
VLAI
Title
GetEndpoints Memory Exhaustion in open62541
Summary
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configurations. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-770 - Allocation of resources without limits or throttling
  • CWE-789 - Memory allocation with excessive size value
Assigner
Impacted products
Vendor Product Version
open62541 project / o6 Automation GmbH open62541 Affected: 1.4.0 , ≤ 1.4.16 (semver)
Affected: 1.5.0 , ≤ 1.5.4 (semver)
Affected: master (custom)
Create a notification for this product.
Credits
Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T12:15:40.618622Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T12:15:49.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "open62541",
          "vendor": "open62541 project / o6 Automation GmbH",
          "versions": [
            {
              "lessThanOrEqual": "1.4.16",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.4",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "master",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eAn unauthenticated remote attacker can exhaust\nserver memory via the GetEndpoints Discovery Service in open62541. The\nendpointUrl field of GetEndpointsRequest is not validated for length. An\nattacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32\nlength field) delivered across intermediate chunks without ever sending the\nfinal chunk. The server buffers all chunks in RAM indefinitely until the\nSecureChannel times out. The attack is\npre-session and bypasses all encryption configurations.\u003c/span\u003e\n\n\n\n\u003cspan\u003eThe\u0026nbsp;\u003c/span\u003eissue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
            }
          ],
          "value": "An unauthenticated remote attacker can exhaust\nserver memory via the GetEndpoints Discovery Service in open62541. The\nendpointUrl field of GetEndpointsRequest is not validated for length. An\nattacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32\nlength field) delivered across intermediate chunks without ever sending the\nfinal chunk. The server buffers all chunks in RAM indefinitely until the\nSecureChannel times out. The attack is\npre-session and bypasses all encryption configurations.\n\n\n\nThe\u00a0issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of resources without limits or throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory allocation with excessive size value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T10:54:17.782Z",
        "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "shortName": "ENISA"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/open62541/open62541/pull/8142"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/open62541/open62541/pull/8142/changes/d253818d6c5e870e1db0e360b18138c8bdc809ae"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/open62541/open62541"
        }
      ],
      "source": {
        "advisory": "SA-2026-0002",
        "discovery": "UNKNOWN"
      },
      "title": "GetEndpoints Memory Exhaustion in open62541",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
    "assignerShortName": "ENISA",
    "cveId": "CVE-2026-11946",
    "datePublished": "2026-07-02T10:54:17.782Z",
    "dateReserved": "2026-06-10T21:38:14.592Z",
    "dateUpdated": "2026-07-02T12:15:49.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14683 (GCVE-0-2026-14683)

Vulnerability from cvelistv5 – Published: 2026-07-04 23:00 – Updated: 2026-07-04 23:00
VLAI
Title
HdrHistogram AbstractHistogram.java memory allocation
Summary
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CWE
  • CWE-789 - Uncontrolled Memory Allocation
  • CWE-400 - Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
n/a HdrHistogram Affected: 2.2.0
Affected: 2.2.1
Affected: 2.2.2
    cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*
Credits
sara11h (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*"
          ],
          "product": "HdrHistogram",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.0"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "sara11h (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-04T23:00:10.759Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376279 | HdrHistogram AbstractHistogram.java memory allocation",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/376279"
        },
        {
          "name": "VDB-376279 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376279/cti"
        },
        {
          "name": "CVE-2026-14683 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14683"
        },
        {
          "name": "Submit #846750 | HdrHistogram 2.2.2 Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/846750"
        },
        {
          "name": "Submit #846752 | HdrHistogram 2.2.2 Denial of Service (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/846752"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/HdrHistogram/HdrHistogram/issues/219"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/HdrHistogram/HdrHistogram/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-04T06:45:00.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "HdrHistogram AbstractHistogram.java memory allocation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14683",
    "datePublished": "2026-07-04T23:00:10.759Z",
    "dateReserved": "2026-07-04T04:39:55.742Z",
    "dateUpdated": "2026-07-04T23:00:10.759Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14684 (GCVE-0-2026-14684)

Vulnerability from cvelistv5 – Published: 2026-07-04 23:30 – Updated: 2026-07-04 23:30
VLAI
Title
HdrHistogram AbstractHistogram.java memory allocation
Summary
A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CWE
  • CWE-789 - Uncontrolled Memory Allocation
  • CWE-400 - Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
n/a HdrHistogram Affected: 2.2.0
Affected: 2.2.1
Affected: 2.2.2
    cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*
Credits
sara11h (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*"
          ],
          "product": "HdrHistogram",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.0"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "sara11h (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-04T23:30:10.875Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376280 | HdrHistogram AbstractHistogram.java memory allocation",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/376280"
        },
        {
          "name": "VDB-376280 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376280/cti"
        },
        {
          "name": "CVE-2026-14684 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14684"
        },
        {
          "name": "Submit #846754 | HdrHistogram 2.2.2 Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/846754"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/HdrHistogram/HdrHistogram/issues/220"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/HdrHistogram/HdrHistogram/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-04T06:45:14.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "HdrHistogram AbstractHistogram.java memory allocation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14684",
    "datePublished": "2026-07-04T23:30:10.875Z",
    "dateReserved": "2026-07-04T04:39:58.430Z",
    "dateUpdated": "2026-07-04T23:30:10.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20048 (GCVE-0-2026-20048)

Vulnerability from cvelistv5 – Published: 2026-02-25 16:26 – Updated: 2026-02-25 19:05
VLAI
Title
Cisco NX-OS Software SNMP Denial of Service Vulnerability
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries&nbsp;to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a&nbsp;DoS condition. Note: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit&nbsp;this vulnerability through SNMPv1 or&nbsp;SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Uncontrolled Memory Allocation
Assigner
Impacted products
Vendor Product Version
Cisco Cisco NX-OS System Software in ACI Mode Affected: 15.2(1g)
Affected: 15.2(2e)
Affected: 15.2(2f)
Affected: 15.2(2g)
Affected: 15.2(2h)
Affected: 15.2(3f)
Affected: 15.2(3e)
Affected: 15.2(3g)
Affected: 15.2(4d)
Affected: 15.2(4e)
Affected: 15.2(5c)
Affected: 15.2(5d)
Affected: 16.0(1g)
Affected: 15.2(5e)
Affected: 15.2(4f)
Affected: 15.2(6e)
Affected: 15.2(6h)
Affected: 16.0(1j)
Affected: 15.2(6g)
Affected: 15.2(7f)
Affected: 15.2(7g)
Affected: 16.0(2h)
Affected: 15.2(8d)
Affected: 16.0(2j)
Affected: 15.2(8e)
Affected: 16.0(3d)
Affected: 16.0(3e)
Affected: 15.2(8f)
Affected: 15.2(8g)
Affected: 15.3(1d)
Affected: 15.2(8h)
Affected: 16.0(4c)
Affected: 15.3(2a)
Affected: 15.2(8i)
Affected: 16.0(5h)
Affected: 15.3(2b)
Affected: 16.0(3g)
Affected: 16.0(5j)
Affected: 15.3(2c)
Affected: 16.0(6c)
Affected: 15.3(2d)
Affected: 16.1(1f)
Affected: 16.0(7e)
Affected: 16.0(8e)
Affected: 15.3(2e)
Affected: 16.0(8f)
Affected: 16.1(2f)
Affected: 16.1(2g)
Affected: 15.3(2f)
Affected: 16.0(9c)
Affected: 16.1(3f)
Affected: 16.0(9d)
Affected: 16.0(6h)
Affected: 16.0(8h)
Affected: 16.1(3g)
Affected: 16.0(9e)
Affected: 16.1(4h)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20048",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T18:18:11.351419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T19:05:48.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco NX-OS System Software in ACI Mode",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "15.2(1g)"
            },
            {
              "status": "affected",
              "version": "15.2(2e)"
            },
            {
              "status": "affected",
              "version": "15.2(2f)"
            },
            {
              "status": "affected",
              "version": "15.2(2g)"
            },
            {
              "status": "affected",
              "version": "15.2(2h)"
            },
            {
              "status": "affected",
              "version": "15.2(3f)"
            },
            {
              "status": "affected",
              "version": "15.2(3e)"
            },
            {
              "status": "affected",
              "version": "15.2(3g)"
            },
            {
              "status": "affected",
              "version": "15.2(4d)"
            },
            {
              "status": "affected",
              "version": "15.2(4e)"
            },
            {
              "status": "affected",
              "version": "15.2(5c)"
            },
            {
              "status": "affected",
              "version": "15.2(5d)"
            },
            {
              "status": "affected",
              "version": "16.0(1g)"
            },
            {
              "status": "affected",
              "version": "15.2(5e)"
            },
            {
              "status": "affected",
              "version": "15.2(4f)"
            },
            {
              "status": "affected",
              "version": "15.2(6e)"
            },
            {
              "status": "affected",
              "version": "15.2(6h)"
            },
            {
              "status": "affected",
              "version": "16.0(1j)"
            },
            {
              "status": "affected",
              "version": "15.2(6g)"
            },
            {
              "status": "affected",
              "version": "15.2(7f)"
            },
            {
              "status": "affected",
              "version": "15.2(7g)"
            },
            {
              "status": "affected",
              "version": "16.0(2h)"
            },
            {
              "status": "affected",
              "version": "15.2(8d)"
            },
            {
              "status": "affected",
              "version": "16.0(2j)"
            },
            {
              "status": "affected",
              "version": "15.2(8e)"
            },
            {
              "status": "affected",
              "version": "16.0(3d)"
            },
            {
              "status": "affected",
              "version": "16.0(3e)"
            },
            {
              "status": "affected",
              "version": "15.2(8f)"
            },
            {
              "status": "affected",
              "version": "15.2(8g)"
            },
            {
              "status": "affected",
              "version": "15.3(1d)"
            },
            {
              "status": "affected",
              "version": "15.2(8h)"
            },
            {
              "status": "affected",
              "version": "16.0(4c)"
            },
            {
              "status": "affected",
              "version": "15.3(2a)"
            },
            {
              "status": "affected",
              "version": "15.2(8i)"
            },
            {
              "status": "affected",
              "version": "16.0(5h)"
            },
            {
              "status": "affected",
              "version": "15.3(2b)"
            },
            {
              "status": "affected",
              "version": "16.0(3g)"
            },
            {
              "status": "affected",
              "version": "16.0(5j)"
            },
            {
              "status": "affected",
              "version": "15.3(2c)"
            },
            {
              "status": "affected",
              "version": "16.0(6c)"
            },
            {
              "status": "affected",
              "version": "15.3(2d)"
            },
            {
              "status": "affected",
              "version": "16.1(1f)"
            },
            {
              "status": "affected",
              "version": "16.0(7e)"
            },
            {
              "status": "affected",
              "version": "16.0(8e)"
            },
            {
              "status": "affected",
              "version": "15.3(2e)"
            },
            {
              "status": "affected",
              "version": "16.0(8f)"
            },
            {
              "status": "affected",
              "version": "16.1(2f)"
            },
            {
              "status": "affected",
              "version": "16.1(2g)"
            },
            {
              "status": "affected",
              "version": "15.3(2f)"
            },
            {
              "status": "affected",
              "version": "16.0(9c)"
            },
            {
              "status": "affected",
              "version": "16.1(3f)"
            },
            {
              "status": "affected",
              "version": "16.0(9d)"
            },
            {
              "status": "affected",
              "version": "16.0(6h)"
            },
            {
              "status": "affected",
              "version": "16.0(8h)"
            },
            {
              "status": "affected",
              "version": "16.1(3g)"
            },
            {
              "status": "affected",
              "version": "16.0(9e)"
            },
            {
              "status": "affected",
              "version": "16.1(4h)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries\u0026nbsp;to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a\u0026nbsp;DoS condition.\r\nNote: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit\u0026nbsp;this vulnerability through SNMPv1 or\u0026nbsp;SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T16:26:28.329Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-nxos-dsnmp-cNN39Uh",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dsnmp-cNN39Uh"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-dsnmp-cNN39Uh",
        "defects": [
          "CSCwq57598"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco NX-OS Software SNMP Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20048",
    "datePublished": "2026-02-25T16:26:28.329Z",
    "dateReserved": "2025-10-08T11:59:15.355Z",
    "dateUpdated": "2026-02-25T19:05:48.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21452 (GCVE-0-2026-21452)

Vulnerability from cvelistv5 – Published: 2026-01-02 20:47 – Updated: 2026-01-02 21:22
VLAI
Title
MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation
Summary
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only a few bytes can therefore trigger unbounded heap allocation, resulting in JVM heap exhaustion, process termination, or service unavailability. This vulnerability is triggered during model loading / deserialization, making it a model format vulnerability suitable for remote exploitation. The vulnerability enables a remote denial-of-service attack against applications that deserialize untrusted .msgpack model files using MessagePack for Java. A specially crafted but syntactically valid .msgpack file containing an EXT32 object with an attacker-controlled, excessively large payload length can trigger unbounded memory allocation during deserialization. When the model file is loaded, the library trusts the declared length metadata and attempts to allocate a byte array of that size, leading to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError. The attack requires no malformed bytes, user interaction, or elevated privileges and can be exploited remotely in real-world environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Because the malicious file is extremely small yet valid, it can bypass basic validation and scanning mechanisms, resulting in complete service unavailability and potential cascading failures in production systems. Version 0.9.11 fixes the vulnerability.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
Impacted products
Vendor Product Version
msgpack msgpack-java Affected: < 0.9.11
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21452",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-02T21:21:49.839128Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-02T21:22:01.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "msgpack-java",
          "vendor": "msgpack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.9.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only a few bytes can therefore trigger unbounded heap allocation, resulting in JVM heap exhaustion, process termination, or service unavailability. This vulnerability is triggered during model loading / deserialization, making it a model format vulnerability suitable for remote exploitation. The vulnerability enables a remote denial-of-service attack against applications that deserialize untrusted .msgpack model files using MessagePack for Java. A specially crafted but syntactically valid .msgpack file containing an EXT32 object with an attacker-controlled, excessively large payload length can trigger unbounded memory allocation during deserialization. When the model file is loaded, the library trusts the declared length metadata and attempts to allocate a byte array of that size, leading to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError. The attack requires no malformed bytes, user interaction, or elevated privileges and can be exploited remotely in real-world environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Because the malicious file is extremely small yet valid, it can bypass basic validation and scanning mechanisms, resulting in complete service unavailability and potential cascading failures in production systems. Version 0.9.11 fixes the vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789: Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T20:47:44.874Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/msgpack/msgpack-java/security/advisories/GHSA-cw39-r4h6-8j3x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/msgpack/msgpack-java/security/advisories/GHSA-cw39-r4h6-8j3x"
        },
        {
          "name": "https://github.com/msgpack/msgpack-java/commit/daa2ea6b2f11f500e22c70a22f689f7a9debdeae",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/msgpack/msgpack-java/commit/daa2ea6b2f11f500e22c70a22f689f7a9debdeae"
        },
        {
          "name": "https://github.com/msgpack/msgpack-java/releases/tag/v0.9.11",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/msgpack/msgpack-java/releases/tag/v0.9.11"
        }
      ],
      "source": {
        "advisory": "GHSA-cw39-r4h6-8j3x",
        "discovery": "UNKNOWN"
      },
      "title": "MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21452",
    "datePublished": "2026-01-02T20:47:44.874Z",
    "dateReserved": "2025-12-29T03:00:29.277Z",
    "dateUpdated": "2026-01-02T21:22:01.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22026 (GCVE-0-2026-22026)

Vulnerability from cvelistv5 – Published: 2026-01-10 00:22 – Updated: 2026-01-13 21:47
VLAI
Title
CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
Impacted products
Vendor Product Version
nasa CryptoLib Affected: < 1.4.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22026",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T21:47:49.912729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T21:47:52.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CryptoLib",
          "vendor": "nasa",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.4.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789: Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-10T00:22:35.480Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
        },
        {
          "name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
        },
        {
          "name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
        }
      ],
      "source": {
        "advisory": "GHSA-w9cm-q69w-34x7",
        "discovery": "UNKNOWN"
      },
      "title": "CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22026",
    "datePublished": "2026-01-10T00:22:35.480Z",
    "dateReserved": "2026-01-05T22:30:38.718Z",
    "dateUpdated": "2026-01-13T21:47:52.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22188 (GCVE-0-2026-22188)

Vulnerability from cvelistv5 – Published: 2026-01-07 20:26 – Updated: 2026-05-26 11:51
VLAI
Title
Panda3D <= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()
Summary
The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-457 - Use of Uninitialized Variable
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
Impacted products
Vendor Product Version
Panda3D Panda3D Affected: 0 , ≤ 1.10.16 (semver)
Create a notification for this product.
Credits
Ron Edgerson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22188",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T21:23:03.715506Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T21:23:15.544Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Panda3D",
          "repo": "https://github.com/panda3d/panda3d",
          "vendor": "Panda3D",
          "versions": [
            {
              "lessThanOrEqual": "1.10.16",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:cmu:panda3d:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.10.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ron Edgerson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior."
            }
          ],
          "value": "The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "CWE-457 Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-26T11:51:55.520Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://seclists.org/fulldisclosure/2026/Jan/9"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.panda3d.org/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/panda3d/panda3d"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/panda3d-deploy-stub-stack-exhaustion-via-unbounded-alloca"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Panda3D \u003c= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-22188",
    "datePublished": "2026-01-07T20:26:13.360Z",
    "dateReserved": "2026-01-06T16:47:17.183Z",
    "dateUpdated": "2026-05-26T11:51:55.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22803 (GCVE-0-2026-22803)

Vulnerability from cvelistv5 – Published: 2026-01-15 18:37 – Updated: 2026-01-15 19:06
VLAI
Title
SvelteKit has a memory amplification DoS in Remote Functions binary form deserializer
Summary
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
Impacted products
Vendor Product Version
sveltejs kit Affected: >= 2.49.0, < 2.49.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22803",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T19:06:02.781041Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T19:06:13.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kit",
          "vendor": "sveltejs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.49.0, \u003c 2.49.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789: Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T18:37:57.831Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/sveltejs/kit/security/advisories/GHSA-j2f3-wq62-6q46",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/sveltejs/kit/security/advisories/GHSA-j2f3-wq62-6q46"
        },
        {
          "name": "https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5"
        },
        {
          "name": "https://github.com/sveltejs/kit/releases/tag/@sveltejs%2Fadapter-node@5.5.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sveltejs/kit/releases/tag/@sveltejs%2Fadapter-node@5.5.1"
        }
      ],
      "source": {
        "advisory": "GHSA-j2f3-wq62-6q46",
        "discovery": "UNKNOWN"
      },
      "title": "SvelteKit has a memory amplification DoS in Remote Functions binary form deserializer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22803",
    "datePublished": "2026-01-15T18:37:57.831Z",
    "dateReserved": "2026-01-09T22:50:10.287Z",
    "dateUpdated": "2026-01-15T19:06:13.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation

Phases: Implementation, Architecture and Design

Description:

  • Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
Mitigation

Phase: Operation

Description:

  • Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page