Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

494 vulnerabilities reference this CWE, most recent first.

GHSA-2C7V-9W46-2RMW

Vulnerability from github – Published: 2026-05-04 18:30 – Updated: 2026-06-30 03:36
VLAI
Details

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-70071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T16:16:01Z",
    "severity": "MODERATE"
  },
  "details": "An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()",
  "id": "GHSA-2c7v-9w46-2rmw",
  "modified": "2026-06-30T03:36:29Z",
  "published": "2026-05-04T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70071"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-70071"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465675"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/GunP4ng/6d80919905037929ce9266ccd207b9ea"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70071.json"
    },
    {
      "type": "WEB",
      "url": "http://assimp.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CX4-58J3-2JR5

Vulnerability from github – Published: 2026-01-16 21:30 – Updated: 2026-01-16 21:30
VLAI
Details

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-16T19:16:06Z",
    "severity": "MODERATE"
  },
  "details": "DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.",
  "id": "GHSA-2cx4-58j3-2jr5",
  "modified": "2026-01-16T21:30:36Z",
  "published": "2026-01-16T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47818"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/projects/dupterminator"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/49917"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/dupterminator-denial-of-service"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2FHG-MFW9-PX88

Vulnerability from github – Published: 2026-03-21 15:33 – Updated: 2026-03-21 15:33
VLAI
Details

Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-25551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1282",
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-21T13:16:17Z",
    "severity": "MODERATE"
  },
  "details": "Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the \u0027Select or enter a program\u0027 field during program alert configuration to trigger an application crash.",
  "id": "GHSA-2fhg-mfw9-px88",
  "modified": "2026-03-21T15:33:23Z",
  "published": "2026-03-21T15:33:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25551"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46860"
    },
    {
      "type": "WEB",
      "url": "https://www.sandboxie.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/sandboxie-denial-of-service-via-program-alerts-buffer-overflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2G6F-P97F-GP43

Vulnerability from github – Published: 2026-05-04 21:30 – Updated: 2026-05-04 21:30
VLAI
Details

Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied POST parameters without validation or upper bound enforcement. Unauthenticated attackers can supply an arbitrarily large integer value through the REST API endpoint to cause unbounded loop execution with multiple preg_replace() operations, exhausting server memory and crashing the PHP process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T19:16:02Z",
    "severity": "HIGH"
  },
  "details": "Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied POST parameters without validation or upper bound enforcement. Unauthenticated attackers can supply an arbitrarily large integer value through the REST API endpoint to cause unbounded loop execution with multiple preg_replace() operations, exhausting server memory and crashing the PHP process.",
  "id": "GHSA-2g6f-p97f-gp43",
  "modified": "2026-05-04T21:30:24Z",
  "published": "2026-05-04T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25863"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/cf7-conditional-fields/#developers"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/conditional-fields-for-contact-form-7-dos-via-uncontrolled-resource-consumption"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2H6C-J3GF-XP9R

Vulnerability from github – Published: 2023-02-10 19:52 – Updated: 2023-02-10 19:52
VLAI
Summary
IPFS go-bitfield vulnerable to DoS via malformed size arguments
Details

Impact

When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics.

This happen when the size is a not a multiple of 8 or is negative. There were already a note in the NewBitfield documentation:

``` Panics if size is not a multiple of 8. ````

But it incomplete and missing from FromBytes's documentation.

This has been replaced by returning an (Bitfield, error) and returning a non nil error if the size is wrong.

Patches

  • https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579

Workarounds

  • Ensure size%8 == 0 && size >= 0 yourself before calling NewBitfield or FromBytes

References

  • https://github.com/ipfs/go-unixfs/security/advisories/GHSA-q264-w97q-q778
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ipfs/go-bitfield"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-23626"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-754"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-10T19:52:45Z",
    "nvd_published_at": "2023-02-09T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nWhen feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s.\n\nThis happen when the `size` is a not a multiple of `8` or is negative.\nThere were already a note in the `NewBitfield` documentation:\n\u003e ```\n\u003e Panics if size is not a multiple of 8.\n\u003e ````\n\nBut it incomplete and missing from `FromBytes`\u0027s documentation.\n\nThis has been replaced by returning an `(Bitfield, error)` and returning a non nil error if the size is wrong.\n\n### Patches\n- https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579\n\n### Workarounds\n- Ensure `size%8 == 0 \u0026\u0026 size \u003e= 0` yourself before calling `NewBitfield` or `FromBytes`\n\n### References\n- https://github.com/ipfs/go-unixfs/security/advisories/GHSA-q264-w97q-q778\n",
  "id": "GHSA-2h6c-j3gf-xp9r",
  "modified": "2023-02-10T19:52:45Z",
  "published": "2023-02-10T19:52:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ipfs/go-bitfield/security/advisories/GHSA-2h6c-j3gf-xp9r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23626"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ipfs/go-bitfield/commit/5e1d256fe043fc4163343ccca83862c69c52e579"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ipfs/go-bitfield"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2023-1558"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "IPFS go-bitfield vulnerable to DoS via malformed size arguments"
}

GHSA-2MJ3-6GRC-PX38

Vulnerability from github – Published: 2025-12-19 00:31 – Updated: 2025-12-19 21:04
VLAI
Summary
Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration
Details

Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/elastic/beats/v7"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.7.0"
            },
            {
              "fixed": "8.19.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/elastic/beats/v7"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.1.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/elastic/beats/v7"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.2.0"
            },
            {
              "fixed": "9.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/elastic/beats/v7"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0-alpha2.0.20251204214633-dd3af18220bf"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/elastic/beats"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "7.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120",
      "CWE-1284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-19T21:04:09Z",
    "nvd_published_at": "2025-12-18T22:16:02Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.",
  "id": "GHSA-2mj3-6grc-px38",
  "modified": "2025-12-19T21:04:09Z",
  "published": "2025-12-19T00:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68383"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elastic/beats/commit/27a168fb1c598d4a16748e9a7382bc0d197335a5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elastic/beats/commit/2f971a057eea68e057b47829950cd8c26805df30"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elastic/beats/commit/339fa3f887a14c91e0c955b50a3b8819393bd632"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/filebeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-32/384180"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elastic/elasticsearch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration"
}

GHSA-2PRH-76MQ-H4GX

Vulnerability from github – Published: 2022-11-11 12:00 – Updated: 2022-11-16 12:00
VLAI
Details

DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-125",
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-11T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.",
  "id": "GHSA-2prh-76mq-h4gx",
  "modified": "2022-11-16T12:00:20Z",
  "published": "2022-11-11T12:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36938"
    },
    {
      "type": "WEB",
      "url": "https://github.com/facebook/redex/commit/3b44c640346b77bfb7ef36e2413688dd460288d2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PW7-G86G-76Q7

Vulnerability from github – Published: 2026-05-27 00:31 – Updated: 2026-07-15 15:32
VLAI
Details

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-26T22:16:42Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.",
  "id": "GHSA-2pw7-g86g-76q7",
  "modified": "2026-07-15T15:32:42Z",
  "published": "2026-05-27T00:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42013"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13274"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20611"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20612"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:20613"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26319"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26409"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:29197"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30004"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30849"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30850"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:32962"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:33125"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-42013"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
    },
    {
      "type": "WEB",
      "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2R7G-MF5H-9GCW

Vulnerability from github – Published: 2022-05-01 23:40 – Updated: 2025-04-09 03:55
VLAI
Details

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-1440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-12T02:32:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the \"PGM Invalid Length Vulnerability.\"",
  "id": "GHSA-2r7g-mf5h-9gcw",
  "modified": "2025-04-09T03:55:23Z",
  "published": "2022-05-01T23:40:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1440"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:5473"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30587"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020230"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29508"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1783"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2RHX-838F-X5JW

Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 18:31
VLAI
Details

Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-13T17:15:20Z",
    "severity": "MODERATE"
  },
  "details": "Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the \"set temperature input selection\" command, potentially resulting in a loss of integrity and/or availability.",
  "id": "GHSA-2rhx-838f-x5jw",
  "modified": "2024-08-13T18:31:15Z",
  "published": "2024-08-13T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31310"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.