CWE-1284
AllowedImproper Validation of Specified Quantity in Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
493 vulnerabilities reference this CWE, most recent first.
GHSA-X5QV-8W36-GXH4
Vulnerability from github – Published: 2024-02-21 18:31 – Updated: 2024-03-06 18:30Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
{
"affected": [],
"aliases": [
"CVE-2024-1714"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-21T17:15:09Z",
"severity": "HIGH"
},
"details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"id": "GHSA-x5qv-8w36-gxh4",
"modified": "2024-03-06T18:30:37Z",
"published": "2024-02-21T18:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1714"
},
{
"type": "WEB",
"url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X9MR-W23G-RXQ7
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.
{
"affected": [],
"aliases": [
"CVE-2026-8047"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T08:16:22Z",
"severity": "HIGH"
},
"details": "The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.",
"id": "GHSA-x9mr-w23g-rxq7",
"modified": "2026-05-26T13:30:55Z",
"published": "2026-05-26T13:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8047"
},
{
"type": "WEB",
"url": "https://www.certvde.com/en/advisories/VDE-2026-057"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X9WG-93QJ-QHG4
Vulnerability from github – Published: 2022-12-26 03:30 – Updated: 2023-01-04 03:30OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
{
"affected": [],
"aliases": [
"CVE-2022-37312"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-26T02:15:00Z",
"severity": "MODERATE"
},
"details": "OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.",
"id": "GHSA-x9wg-93qj-qhg4",
"modified": "2023-01-04T03:30:32Z",
"published": "2022-12-26T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37312"
},
{
"type": "WEB",
"url": "https://open-xchange.com"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2022/Nov/18"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XFPH-VQ69-5WW2
Vulnerability from github – Published: 2026-03-19 18:31 – Updated: 2026-03-19 18:31Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.
{
"affected": [],
"aliases": [
"CVE-2026-26940"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-19T18:16:21Z",
"severity": "MODERATE"
},
"details": "Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.",
"id": "GHSA-xfph-vq69-5ww2",
"modified": "2026-03-19T18:31:19Z",
"published": "2026-03-19T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26940"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XG8P-34W2-J49J
Vulnerability from github – Published: 2022-09-16 17:41 – Updated: 2022-09-16 17:41Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::init_from_slice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method.
Initialization Functions
The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 * size_of::<usize> because of metadata write operations.
Heap::extend
This vulnerability impacts three specific uses of the Heap::extend method:
- When calling
Heap::extendwith a size smaller than twousizes (e.g., 16 onx86_64), the size was erroneously rounded up to the minimum size, which could result in an out-of-bounds write. - Calling
Heap::extendon an empty heap tried to construct a heap starting at address 0, which is also an out-of-bounds write. - One specific way to trigger this accidentally is to call
Heap::new(or a similar constructor) with a heap size that is smaller than twousizes. This was treated as an empty heap as well. - Calling
Heap::extendon a heap whose size is not a multiple of the size of twousizes resulted in unaligned writes. It also left the heap in an unexpected state, which might lead to subsequent issues. We did not find a way to exploit this undefined behavior yet (apart from DoS on platforms that fault on unaligned writes).
Patches
Has the problem been patched? What versions should users upgrade to?
We published a patch in version 0.10.2 and recommend all users to upgrade to it. This patch release includes the following changes:
- The initialization functions now panic if the given size is not large enough to store the necessary metadata. Depending on the alignment of the heap bottom pointer, the minimum size is between
2 * size_of::<usize>and3 * size_of::<usize>. - The
extendmethod now panics when trying to extend an unitialized heap. - Extend calls with a size smaller than
size_of::<usize>() * 2are now buffered internally and not added to the list directly. The buffered region will be merged with futureextendcalls. - The
size()method now returns the usable size of the heap, which might be slightly smaller than thetop() - bottom()difference because of alignment constraints.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
To avoid this issue, ensure that the heap is only initialized with a size larger than 3 * size_of::<usize> and that the Heap::extend method is only called with sizes larger than 2 * size_of::<usize>(). Also, ensure that the total heap size is (and stays) a multiple of 2 * size_of::<usize>().
For more information
If you have any questions or comments about this advisory: * Open an issue in this repository * Email @phil-opp at security@phil-opp.com
Acknowledgements
This issue was responsibly reported by Evan Richter at ForAllSecure and found with Mayhem and cargo fuzz.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.10.1"
},
"package": {
"ecosystem": "crates.io",
"name": "linked_list_allocator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-36086"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-1284"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T17:41:33Z",
"nvd_published_at": "2022-09-07T23:15:00Z",
"severity": "HIGH"
},
"details": "## Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nThis vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method.\n\n### Initialization Functions\n\nThe heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to **_out-of-bound writes_** when a heap was initialized with a size smaller than `3 * size_of::\u003cusize\u003e` because of metadata write operations.\n\n### `Heap::extend`\n\nThis vulnerability impacts three specific uses of the `Heap::extend` method:\n\n- When calling `Heap::extend` with a size smaller than two `usize`s (e.g., 16 on `x86_64`), the size was erroneously rounded up to the minimum size, which could result in an **_out-of-bounds write_**.\n- Calling `Heap::extend` on an empty heap tried to construct a heap starting at address 0, which is also an **_out-of-bounds write_**.\n - One specific way to trigger this accidentally is to call `Heap::new` (or a similar constructor) with a heap size that is smaller than two `usize`s. This was treated as an empty heap as well.\n- Calling `Heap::extend` on a heap whose size is not a multiple of the size of two `usize`s resulted in _unaligned writes_. It also left the heap in an unexpected state, which might lead to subsequent issues. We did not find a way to exploit this undefined behavior yet (apart from DoS on platforms that fault on unaligned writes).\n\n## Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nWe published a patch in version `0.10.2` and recommend all users to upgrade to it. This patch release includes the following changes:\n\n- The initialization functions now panic if the given size is not large enough to store the necessary metadata. Depending on the alignment of the heap bottom pointer, the minimum size is between `2 * size_of::\u003cusize\u003e` and `3 * size_of::\u003cusize\u003e`.\n- The `extend` method now panics when trying to extend an unitialized heap.\n- Extend calls with a size smaller than `size_of::\u003cusize\u003e() * 2` are now buffered internally and not added to the list directly. The buffered region will be merged with future `extend` calls.\n- The `size()` method now returns the _usable_ size of the heap, which might be slightly smaller than the `top() - bottom()` difference because of alignment constraints.\n\n## Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nTo avoid this issue, ensure that the heap is only initialized with a size larger than `3 * size_of::\u003cusize\u003e` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::\u003cusize\u003e()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size_of::\u003cusize\u003e()`.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in this repository\n* Email @phil-opp at [security@phil-opp.com](mailto:security@phil-opp.com)\n\n## Acknowledgements\n\nThis issue was responsibly reported by Evan Richter at ForAllSecure and found with [Mayhem](https://forallsecure.com/mayhem-for-code) and [cargo fuzz](https://github.com/rust-fuzz/cargo-fuzz).",
"id": "GHSA-xg8p-34w2-j49j",
"modified": "2022-09-16T17:41:33Z",
"published": "2022-09-16T17:41:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36086"
},
{
"type": "WEB",
"url": "https://github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbf"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-xg8p-34w2-j49j"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-osdev/linked-list-allocator"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2022-0063.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`"
}
GHSA-XGH5-7GP7-7MG3
Vulnerability from github – Published: 2025-07-30 03:30 – Updated: 2025-07-30 03:30Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of the HTTP Content-Length header. The issue results from the lack of proper validation of user-supplied data, which can result in memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26300.
{
"affected": [],
"aliases": [
"CVE-2025-8320"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-30T01:15:26Z",
"severity": "HIGH"
},
"details": "Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of the HTTP Content-Length header. The issue results from the lack of proper validation of user-supplied data, which can result in memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26300.",
"id": "GHSA-xgh5-7gp7-7mg3",
"modified": "2025-07-30T03:30:35Z",
"published": "2025-07-30T03:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8320"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-711"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XH69-987W-HRP8
Vulnerability from github – Published: 2025-07-15 14:37 – Updated: 2025-07-15 22:56A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby.
Details
The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.
An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.
This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
Affected Version
The vulnerability affects the resolv gem bundled with the following Ruby series: * Ruby 3.2 series: resolv version 0.2.2 and earlier * Ruby 3.3 series: resolv version 0.3.0 * Ruby 3.4 series: resolv version 0.6.1 and earlier
Credits
Thanks to Manu for discovering this issue.
History
Originally published at 2025-07-08 07:00:00 (UTC)
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "resolv"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "resolv"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.6.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "resolv"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.0"
},
{
"fixed": "0.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-24294"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-15T14:37:08Z",
"nvd_published_at": "2025-07-12T04:15:46Z",
"severity": "MODERATE"
},
"details": "A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby.\n\n## Details\nThe vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.\n\nAn attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting\nlength of the name.\n\nThis resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.\n\n## Affected Version\nThe vulnerability affects the resolv gem bundled with the following Ruby series:\n* Ruby 3.2 series: resolv version 0.2.2 and earlier\n* Ruby 3.3 series: resolv version 0.3.0\n* Ruby 3.4 series: resolv version 0.6.1 and earlier\n\n## Credits\nThanks to Manu for discovering this issue.\n\n## History\nOriginally published at 2025-07-08 07:00:00 (UTC)",
"id": "GHSA-xh69-987w-hrp8",
"modified": "2025-07-15T22:56:19Z",
"published": "2025-07-15T14:37:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24294"
},
{
"type": "WEB",
"url": "https://github.com/ruby/resolv/commit/4c2f71b5e80826506f78417d85b38481c058fb25"
},
{
"type": "PACKAGE",
"url": "https://github.com/ruby/resolv"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/resolv/CVE-2025-24294.yml"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "resolv vulnerable to DoS via insufficient DNS domain name length validation"
}
GHSA-XM68-4V8H-H9RF
Vulnerability from github – Published: 2022-05-02 03:55 – Updated: 2025-01-21 18:31** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely."
{
"affected": [],
"aliases": [
"CVE-2009-4488"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-01-13T20:30:00Z",
"severity": "MODERATE"
},
"details": "** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that \"This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.\"",
"id": "GHSA-xm68-4v8h-h9rf",
"modified": "2025-01-21T18:31:00Z",
"published": "2022-05-02T03:55:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4488"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37713"
},
{
"type": "WEB",
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XMGF-HQ76-4VX2
Vulnerability from github – Published: 2026-04-22 21:20 – Updated: 2026-04-27 16:41The *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.0"
},
{
"fixed": "0.10.78"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41677"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-1284"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T21:20:04Z",
"nvd_published_at": "2026-04-24T18:16:29Z",
"severity": "LOW"
},
"details": "The `*_from_pem_callback` APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this.",
"id": "GHSA-xmgf-hq76-4vx2",
"modified": "2026-04-27T16:41:58Z",
"published": "2026-04-22T21:20:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41677"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/pull/2605"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/commit/5af6895c907773699f37f583f409b862284062b1"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-openssl/rust-openssl"
},
{
"type": "WEB",
"url": "https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length"
}
GHSA-XMPC-X94Q-554F
Vulnerability from github – Published: 2022-12-13 21:30 – Updated: 2026-04-08 21:31The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.
{
"affected": [],
"aliases": [
"CVE-2022-4171"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T21:15:00Z",
"severity": "HIGH"
},
"details": "The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.",
"id": "GHSA-xmpc-x94q-554f",
"modified": "2026-04-08T21:31:46Z",
"published": "2022-12-13T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4171"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2830349%40demon-image-annotation\u0026new=2830349%40demon-image-annotation\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.