CWE-1286
AllowedImproper Validation of Syntactic Correctness of Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
150 vulnerabilities reference this CWE, most recent first.
GHSA-MQV3-F225-3XW2
Vulnerability from github – Published: 2024-11-14 21:32 – Updated: 2025-12-23 18:30An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.
{
"affected": [],
"aliases": [
"CVE-2024-10396"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-14T20:15:20Z",
"severity": "HIGH"
},
"details": "An authenticated user can provide a malformed ACL to the fileserver\u0027s StoreACL\nRPC, causing the fileserver to crash, possibly expose uninitialized memory, and\npossibly store garbage data in the audit log.\nMalformed ACLs provided in responses to client FetchACL RPCs can cause client\nprocesses to crash and possibly expose uninitialized memory into other ACLs\nstored on the server.",
"id": "GHSA-mqv3-f225-3xw2",
"modified": "2025-12-23T18:30:19Z",
"published": "2024-11-14T21:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10396"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00019.html"
},
{
"type": "WEB",
"url": "https://openafs.org/pages/security/OPENAFS-SA-2024-002.txt"
},
{
"type": "WEB",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2024-002.txt"
},
{
"type": "WEB",
"url": "https://www.openafs.org/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MW4G-RRF9-RJRV
Vulnerability from github – Published: 2025-04-30 12:31 – Updated: 2025-04-30 12:31A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.
{
"affected": [],
"aliases": [
"CVE-2025-24347"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-30T12:15:18Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the \u201cNetwork Interfaces\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.",
"id": "GHSA-mw4g-rrf9-rjrv",
"modified": "2025-04-30T12:31:25Z",
"published": "2025-04-30T12:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24347"
},
{
"type": "WEB",
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MX7Q-4R64-VQPJ
Vulnerability from github – Published: 2026-06-02 00:31 – Updated: 2026-06-02 00:31Memory corruption while processing fastboot OEM commands.
{
"affected": [],
"aliases": [
"CVE-2026-24087"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T23:16:19Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing fastboot OEM commands.",
"id": "GHSA-mx7q-4r64-vqpj",
"modified": "2026-06-02T00:31:58Z",
"published": "2026-06-02T00:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24087"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P5H3-WWQF-F5RV
Vulnerability from github – Published: 2024-04-12 15:37 – Updated: 2025-02-06 18:31An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.
This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2;
Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;
This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO.
This is a related but separate issue than the one described in JSA79095.
{
"affected": [],
"aliases": [
"CVE-2024-21598"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-12T15:15:23Z",
"severity": "HIGH"
},
"details": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\n\nThis issue affects Juniper Networks\nJunos OS:\n * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2;\n\n\n\nJunos OS Evolved:\n * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\n * 21.2-EVO versions earlier than 21.2R3-S7-EVO;\n * 21.3-EVO versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S3-EVO;\n * 22.3-EVO versions earlier than 22.3R3-S1-EVO;\n * 22.4-EVO versions earlier than 22.4R3-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\n\n\n\nThis issue does not affect Juniper Networks\n * Junos OS versions earlier than 20.4R1;\n * Junos OS Evolved versions earlier than 20.4R1-EVO.\n\n\n\nThis is a related but separate issue than the one described in JSA79095.",
"id": "GHSA-p5h3-wwqf-f5rv",
"modified": "2025-02-06T18:31:01Z",
"published": "2024-04-12T15:37:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21598"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
},
{
"type": "WEB",
"url": "http://supportportal.juniper.net/JSA75739"
},
{
"type": "WEB",
"url": "http://supportportal.juniper.netJSA75739"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P5MV-GJ8J-XQGF
Vulnerability from github – Published: 2026-05-19 12:31 – Updated: 2026-06-04 15:36A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-saml-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.6.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-7307"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-04T15:36:05Z",
"nvd_published_at": "2026-05-19T12:16:19Z",
"severity": "HIGH"
},
"details": "A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable.",
"id": "GHSA-p5mv-gj8j-xqgf",
"modified": "2026-06-04T15:36:05Z",
"published": "2026-05-19T12:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7307"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/pull/49119"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/be84d28ce4c69c038d542f11405d5ede1d61f4a9"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19594"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19595"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19596"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19597"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-7307"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476526"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/releases/tag/26.6.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Keycloak: Denial of Service via specially crafted SAML input"
}
GHSA-P5QX-FWF5-Q388
Vulnerability from github – Published: 2026-01-21 15:31 – Updated: 2026-06-30 03:35Malformed BRID/HHIT records can cause named to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
{
"affected": [],
"aliases": [
"CVE-2025-13878"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-21T15:16:05Z",
"severity": "HIGH"
},
"details": "Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.",
"id": "GHSA-p5qx-fwf5-q388",
"modified": "2026-06-30T03:35:29Z",
"published": "2026-01-21T15:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13878"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-13878"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431600"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.18.44"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.20.18"
},
{
"type": "WEB",
"url": "https://downloads.isc.org/isc/bind9/9.21.17"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2025-13878"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13878.json"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/01/21/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ86-258H-QRVF
Vulnerability from github – Published: 2025-12-15 22:01 – Updated: 2026-06-08 19:53Impact
It was possible to trigger repository updates for many repositories via a crafted webhook payload.
Patches
- https://github.com/WeblateOrg/weblate/pull/17221
Workarounds
Disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.
References
Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to us.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Weblate"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-67492"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-15T22:01:04Z",
"nvd_published_at": "2025-12-16T01:15:51Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nIt was possible to trigger repository updates for many repositories via a crafted webhook payload.\n\n### Patches\n\n* https://github.com/WeblateOrg/weblate/pull/17221\n\n### Workarounds\n\nDisabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.\n\n### References\n\nThanks to Hector Ruiz Ruiz \u0026 NaxusAI for responsibly disclosing this vulnerability to us.",
"id": "GHSA-pj86-258h-qrvf",
"modified": "2026-06-08T19:53:33Z",
"published": "2025-12-15T22:01:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-pj86-258h-qrvf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67492"
},
{
"type": "WEB",
"url": "https://github.com/WeblateOrg/weblate/pull/17221"
},
{
"type": "PACKAGE",
"url": "https://github.com/WeblateOrg/weblate"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2025-232.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Weblate\u0027s over\u2011permissive webhook endpoint enables mass repository updates and component enumeration"
}
GHSA-Q2W6-R35R-2HXJ
Vulnerability from github – Published: 2026-07-10 00:31 – Updated: 2026-07-10 00:31An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered.
This issue affects Junos OS on MX Series with SPC3 and SRX Series:
- all versions before 23.2R2-S7,
- 23.4 versions before 23.4R2-S8,
- 24.2 versions before 24.2R2-S5,
- 24.4 versions before 24.4R2-S4,
- 25.2 versions before 25.2R2,
- 25.4 versions before 25.4R1-S2.
{
"affected": [],
"aliases": [
"CVE-2026-57026"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-09T22:17:07Z",
"severity": "HIGH"
},
"details": "An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered.\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 and SRX Series:\n\n\n * all versions before 23.2R2-S7,\n * 23.4 versions before 23.4R2-S8,\n * 24.2 versions before 24.2R2-S5,\n * 24.4 versions before 24.4R2-S4,\n * 25.2 versions before 25.2R2,\n * 25.4 versions before 25.4R1-S2.",
"id": "GHSA-q2w6-r35r-2hxj",
"modified": "2026-07-10T00:31:26Z",
"published": "2026-07-10T00:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57026"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA110086"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q559-6PC6-GXFH
Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS).
If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections.
This issue affects Junos OS on
SRX Series and MX Series:
- all versions before 22.4R3-S9,
- 23.2 version before 23.2R2-S6,
- 23.4 version before 23.4R2-S7,
- 24.2 versions before 24.2R2-S4,
- 24.4 versions before 24.4R2-S3,
- 25.2 versions before 25.2R1-S2, 25.2R2.
{
"affected": [],
"aliases": [
"CVE-2026-33778"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-09T22:16:26Z",
"severity": "HIGH"
},
"details": "An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS).\n\nIf an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections.\n\nThis issue affects Junos OS on \n\nSRX Series and MX Series:\n\n\n\n * all versions before 22.4R3-S9,\n * 23.2 version before 23.2R2-S6,\n * 23.4 version before 23.4R2-S7,\n * 24.2 versions before 24.2R2-S4,\n * 24.4 versions before 24.4R2-S3,\n * 25.2 versions before 25.2R1-S2, 25.2R2.",
"id": "GHSA-q559-6pc6-gxfh",
"modified": "2026-04-10T00:30:29Z",
"published": "2026-04-10T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33778"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA107868"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q5R6-9QWQ-G2WJ
Vulnerability from github – Published: 2025-10-09 22:15 – Updated: 2025-10-09 22:15Summary
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Impact
An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. This invalid input triggered an error condition in the parser that was handled improperly, resulting in an infinite loop.
Impacted versions:
<1.3.2
Patches
This issue has been addressed in Amazon.IonDotnet version 1.3.2. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.
Workarounds
Only accept data from trusted sources, written using a supported Ion library.
References
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Amazon.IonDotnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-11573"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-09T22:15:57Z",
"nvd_published_at": "2025-10-09T18:15:49Z",
"severity": "HIGH"
},
"details": "### Summary\nAmazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will not receive further updates.\n\n### Impact\nAn infinite loop issue in Amazon.IonDotnet library versions \u003cv1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. This invalid input triggered an error condition in the parser that was handled improperly, resulting in an infinite loop.\n\n### Impacted versions:\n\u003c1.3.2\n\n### Patches\nThis issue has been addressed in Amazon.IonDotnet version [1.3.2](https://www.nuget.org/packages/Amazon.IonDotnet/1.3.2). We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.\n\n### Workarounds\nOnly accept data from trusted sources, written using a supported Ion library.\n\n### References\nIf you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.",
"id": "GHSA-q5r6-9qwq-g2wj",
"modified": "2025-10-09T22:15:57Z",
"published": "2025-10-09T22:15:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-q5r6-9qwq-g2wj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11573"
},
{
"type": "WEB",
"url": "https://github.com/amazon-ion/ion-dotnet/pull/160"
},
{
"type": "WEB",
"url": "https://github.com/amazon-ion/ion-dotnet/commit/edaff75fe5abbb71e647bed812c608c0c5e2fbab"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-022"
},
{
"type": "PACKAGE",
"url": "https://github.com/amazon-ion/ion-dotnet"
},
{
"type": "WEB",
"url": "https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Amazon.IonDotnet is vulnerable to Denial of Service attacks"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-66: SQL Injection
This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.
CAPEC-676: NoSQL Injection
An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code.