Common Weakness Enumeration

CWE-1285

Allowed

Improper Validation of Specified Index, Position, or Offset in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

95 vulnerabilities reference this CWE, most recent first.

GHSA-8F29-JV59-33JP

Vulnerability from github – Published: 2024-03-11 18:31 – Updated: 2024-03-11 18:31
VLAI
Details

An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23609"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-11T16:15:08Z",
    "severity": "HIGH"
  },
  "details": "An improper error handling vulnerability in LabVIEW may result in remote code execution.  Successful exploitation requires an attacker to provide a user with a specially crafted VI.  This vulnerability affects LabVIEW 2024 Q1 and prior versions.\n\n",
  "id": "GHSA-8f29-jv59-33jp",
  "modified": "2024-03-11T18:31:07Z",
  "published": "2024-03-11T18:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23609"
    },
    {
      "type": "WEB",
      "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9555-W25Q-R9W7

Vulnerability from github – Published: 2025-11-24 21:31 – Updated: 2025-11-24 21:31
VLAI
Details

Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-24T21:16:03Z",
    "severity": "MODERATE"
  },
  "details": "Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.",
  "id": "GHSA-9555-w25q-r9w7",
  "modified": "2025-11-24T21:31:00Z",
  "published": "2025-11-24T21:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48511"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9C7M-3M5M-PJ6V

Vulnerability from github – Published: 2026-02-02 09:30 – Updated: 2026-02-02 15:30
VLAI
Details

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T09:15:56Z",
    "severity": "MODERATE"
  },
  "details": "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.",
  "id": "GHSA-9c7m-3m5m-pj6v",
  "modified": "2026-02-02T15:30:33Z",
  "published": "2026-02-02T09:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20413"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9Q59-GXH2-Q9MF

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-24 03:31
VLAI
Details

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T16:44:08Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683.",
  "id": "GHSA-9q59-gxh2-q9mf",
  "modified": "2026-03-24T03:31:18Z",
  "published": "2026-03-10T18:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2399"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU95523788"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-05"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2025-022_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C85W-X26Q-CH87

Vulnerability from github – Published: 2025-03-01 00:11 – Updated: 2026-02-18 23:47
VLAI
Summary
Formwork improperly validates input of User role preventing site and panel availability
Details

Summary

Improper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable. This clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.

Details

The attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file. Proper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.

Patches

Impact

The condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well. Overall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getformwork/formwork"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0-beta.1"
            },
            {
              "fixed": "2.0.0-beta.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285",
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-01T00:11:52Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\nThe attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.",
  "id": "GHSA-c85w-x26q-ch87",
  "modified": "2026-02-18T23:47:37Z",
  "published": "2025-03-01T00:11:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getformwork/formwork/security/advisories/GHSA-c85w-x26q-ch87"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getformwork/formwork"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Formwork improperly validates input of User role preventing site and panel availability"
}

GHSA-F5W7-CJPW-QQ45

Vulnerability from github – Published: 2025-05-28 15:34 – Updated: 2025-06-09 21:30
VLAI
Details

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3357"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285",
      "CWE-129"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-28T15:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19\u00a0could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.",
  "id": "GHSA-f5w7-cjpw-qq45",
  "modified": "2025-06-09T21:30:44Z",
  "published": "2025-05-28T15:34:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3357"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7234923"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F62V-3898-QGWQ

Vulnerability from github – Published: 2025-07-30 00:32 – Updated: 2025-07-30 00:32
VLAI
Details

A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-29T22:15:25Z",
    "severity": "HIGH"
  },
  "details": "A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted VI.  This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.",
  "id": "GHSA-f62v-3898-qgwq",
  "modified": "2025-07-30T00:32:18Z",
  "published": "2025-07-30T00:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7848"
    },
    {
      "type": "WEB",
      "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-labview.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FCJQ-PRHJ-CC4C

Vulnerability from github – Published: 2026-03-23 15:30 – Updated: 2026-03-23 15:30
VLAI
Details

Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the application to crash and become unavailable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-25622"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-23T14:16:26Z",
    "severity": "MODERATE"
  },
  "details": "Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the application to crash and become unavailable.",
  "id": "GHSA-fcjq-prhj-cc4c",
  "modified": "2026-03-23T15:30:44Z",
  "published": "2026-03-23T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25622"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46126"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/paint-studio-denial-of-service-via-malformed-input"
    },
    {
      "type": "WEB",
      "url": "http://www.pixarra.com"
    },
    {
      "type": "WEB",
      "url": "http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpaintstudio_install.exe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FCXW-9X6M-FRW4

Vulnerability from github – Published: 2025-09-02 21:30 – Updated: 2025-09-02 21:30
VLAI
Details

There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerability affects all versions of DASYLab.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-57777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-02T19:15:32Z",
    "severity": "HIGH"
  },
  "details": "There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when parsing a DSB file with Digilent DASYLab.  This vulnerability may result in arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted DSB file.  The vulnerability affects all versions of DASYLab.",
  "id": "GHSA-fcxw-9x6m-frw4",
  "modified": "2025-09-02T21:30:58Z",
  "published": "2025-09-02T21:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57777"
    },
    {
      "type": "WEB",
      "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-digilent-dasylab.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FF23-PX5J-G8QQ

Vulnerability from github – Published: 2024-10-03 18:30 – Updated: 2024-10-03 18:30
VLAI
Details

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0123"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-03T17:15:14Z",
    "severity": "LOW"
  },
  "details": "NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.",
  "id": "GHSA-ff23-px5j-g8qq",
  "modified": "2024-10-03T18:30:36Z",
  "published": "2024-10-03T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0123"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5577"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.