CWE-789
AllowedMemory Allocation with Excessive Size Value
Abstraction: Variant · Status: Draft
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
321 vulnerabilities reference this CWE, most recent first.
CVE-2026-20048 (GCVE-0-2026-20048)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:26 – Updated: 2026-02-25 19:05- CWE-789 - Uncontrolled Memory Allocation
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco NX-OS System Software in ACI Mode |
Affected:
15.2(1g)
Affected: 15.2(2e) Affected: 15.2(2f) Affected: 15.2(2g) Affected: 15.2(2h) Affected: 15.2(3f) Affected: 15.2(3e) Affected: 15.2(3g) Affected: 15.2(4d) Affected: 15.2(4e) Affected: 15.2(5c) Affected: 15.2(5d) Affected: 16.0(1g) Affected: 15.2(5e) Affected: 15.2(4f) Affected: 15.2(6e) Affected: 15.2(6h) Affected: 16.0(1j) Affected: 15.2(6g) Affected: 15.2(7f) Affected: 15.2(7g) Affected: 16.0(2h) Affected: 15.2(8d) Affected: 16.0(2j) Affected: 15.2(8e) Affected: 16.0(3d) Affected: 16.0(3e) Affected: 15.2(8f) Affected: 15.2(8g) Affected: 15.3(1d) Affected: 15.2(8h) Affected: 16.0(4c) Affected: 15.3(2a) Affected: 15.2(8i) Affected: 16.0(5h) Affected: 15.3(2b) Affected: 16.0(3g) Affected: 16.0(5j) Affected: 15.3(2c) Affected: 16.0(6c) Affected: 15.3(2d) Affected: 16.1(1f) Affected: 16.0(7e) Affected: 16.0(8e) Affected: 15.3(2e) Affected: 16.0(8f) Affected: 16.1(2f) Affected: 16.1(2g) Affected: 15.3(2f) Affected: 16.0(9c) Affected: 16.1(3f) Affected: 16.0(9d) Affected: 16.0(6h) Affected: 16.0(8h) Affected: 16.1(3g) Affected: 16.0(9e) Affected: 16.1(4h) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:18:11.351419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:05:48.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS System Software in ACI Mode",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "15.2(1g)"
},
{
"status": "affected",
"version": "15.2(2e)"
},
{
"status": "affected",
"version": "15.2(2f)"
},
{
"status": "affected",
"version": "15.2(2g)"
},
{
"status": "affected",
"version": "15.2(2h)"
},
{
"status": "affected",
"version": "15.2(3f)"
},
{
"status": "affected",
"version": "15.2(3e)"
},
{
"status": "affected",
"version": "15.2(3g)"
},
{
"status": "affected",
"version": "15.2(4d)"
},
{
"status": "affected",
"version": "15.2(4e)"
},
{
"status": "affected",
"version": "15.2(5c)"
},
{
"status": "affected",
"version": "15.2(5d)"
},
{
"status": "affected",
"version": "16.0(1g)"
},
{
"status": "affected",
"version": "15.2(5e)"
},
{
"status": "affected",
"version": "15.2(4f)"
},
{
"status": "affected",
"version": "15.2(6e)"
},
{
"status": "affected",
"version": "15.2(6h)"
},
{
"status": "affected",
"version": "16.0(1j)"
},
{
"status": "affected",
"version": "15.2(6g)"
},
{
"status": "affected",
"version": "15.2(7f)"
},
{
"status": "affected",
"version": "15.2(7g)"
},
{
"status": "affected",
"version": "16.0(2h)"
},
{
"status": "affected",
"version": "15.2(8d)"
},
{
"status": "affected",
"version": "16.0(2j)"
},
{
"status": "affected",
"version": "15.2(8e)"
},
{
"status": "affected",
"version": "16.0(3d)"
},
{
"status": "affected",
"version": "16.0(3e)"
},
{
"status": "affected",
"version": "15.2(8f)"
},
{
"status": "affected",
"version": "15.2(8g)"
},
{
"status": "affected",
"version": "15.3(1d)"
},
{
"status": "affected",
"version": "15.2(8h)"
},
{
"status": "affected",
"version": "16.0(4c)"
},
{
"status": "affected",
"version": "15.3(2a)"
},
{
"status": "affected",
"version": "15.2(8i)"
},
{
"status": "affected",
"version": "16.0(5h)"
},
{
"status": "affected",
"version": "15.3(2b)"
},
{
"status": "affected",
"version": "16.0(3g)"
},
{
"status": "affected",
"version": "16.0(5j)"
},
{
"status": "affected",
"version": "15.3(2c)"
},
{
"status": "affected",
"version": "16.0(6c)"
},
{
"status": "affected",
"version": "15.3(2d)"
},
{
"status": "affected",
"version": "16.1(1f)"
},
{
"status": "affected",
"version": "16.0(7e)"
},
{
"status": "affected",
"version": "16.0(8e)"
},
{
"status": "affected",
"version": "15.3(2e)"
},
{
"status": "affected",
"version": "16.0(8f)"
},
{
"status": "affected",
"version": "16.1(2f)"
},
{
"status": "affected",
"version": "16.1(2g)"
},
{
"status": "affected",
"version": "15.3(2f)"
},
{
"status": "affected",
"version": "16.0(9c)"
},
{
"status": "affected",
"version": "16.1(3f)"
},
{
"status": "affected",
"version": "16.0(9d)"
},
{
"status": "affected",
"version": "16.0(6h)"
},
{
"status": "affected",
"version": "16.0(8h)"
},
{
"status": "affected",
"version": "16.1(3g)"
},
{
"status": "affected",
"version": "16.0(9e)"
},
{
"status": "affected",
"version": "16.1(4h)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries\u0026nbsp;to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a\u0026nbsp;DoS condition.\r\nNote: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit\u0026nbsp;this vulnerability through SNMPv1 or\u0026nbsp;SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "Uncontrolled Memory Allocation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:26:28.329Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nxos-dsnmp-cNN39Uh",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dsnmp-cNN39Uh"
}
],
"source": {
"advisory": "cisco-sa-nxos-dsnmp-cNN39Uh",
"defects": [
"CSCwq57598"
],
"discovery": "EXTERNAL"
},
"title": "Cisco NX-OS Software SNMP Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20048",
"datePublished": "2026-02-25T16:26:28.329Z",
"dateReserved": "2025-10-08T11:59:15.355Z",
"dateUpdated": "2026-02-25T19:05:48.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15053 (GCVE-0-2026-15053)
Vulnerability from cvelistv5 – Published: 2026-07-08 13:46 – Updated: 2026-07-08 14:27- CWE-789 - Memory Allocation with Excessive Size Value
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Server |
Affected:
7.7.3.8298 , < 7.7.3.8298
(custom)
Affected: 7.8.2.1198 , < 7.8.2.1198 (custom) Affected: 7.8.4.1327 , < 7.8.4.1327 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T14:27:30.302303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T14:27:37.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.7.3.8298",
"status": "affected",
"version": "7.7.3.8298",
"versionType": "custom"
},
{
"lessThan": "7.8.2.1198",
"status": "affected",
"version": "7.8.2.1198",
"versionType": "custom"
},
{
"lessThan": "7.8.4.1327",
"status": "affected",
"version": "7.8.4.1327",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-07-08T13:33:20.107Z",
"datePublic": "2026-07-07T20:17:39.951Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a denial of service vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T13:46:40.902Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-016",
"url": "https://security.tanium.com/TAN-2026-016"
}
],
"title": "Tanium addressed a denial of service vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-15053",
"datePublished": "2026-07-08T13:46:40.902Z",
"dateReserved": "2026-07-08T13:33:20.588Z",
"dateUpdated": "2026-07-08T14:27:37.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14684 (GCVE-0-2026-14684)
Vulnerability from cvelistv5 – Published: 2026-07-04 23:30 – Updated: 2026-07-06 16:50| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376280 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376280/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14684 | third-party-advisory |
| https://vuldb.com/submit/846754 | third-party-advisory |
| https://github.com/HdrHistogram/HdrHistogram/issues/220 | exploitissue-tracking |
| https://github.com/HdrHistogram/HdrHistogram/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HdrHistogram |
Affected:
2.2.0
Affected: 2.2.1 Affected: 2.2.2 cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14684",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T16:36:13.983720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T16:50:59.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*"
],
"product": "HdrHistogram",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.2.0"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "2.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sara11h (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T23:30:10.875Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376280 | HdrHistogram AbstractHistogram.java memory allocation",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376280"
},
{
"name": "VDB-376280 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376280/cti"
},
{
"name": "CVE-2026-14684 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14684"
},
{
"name": "Submit #846754 | HdrHistogram 2.2.2 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/846754"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/HdrHistogram/HdrHistogram/issues/220"
},
{
"tags": [
"product"
],
"url": "https://github.com/HdrHistogram/HdrHistogram/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T06:45:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "HdrHistogram AbstractHistogram.java memory allocation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14684",
"datePublished": "2026-07-04T23:30:10.875Z",
"dateReserved": "2026-07-04T04:39:58.430Z",
"dateUpdated": "2026-07-06T16:50:59.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14683 (GCVE-0-2026-14683)
Vulnerability from cvelistv5 – Published: 2026-07-04 23:00 – Updated: 2026-07-07 02:37| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376279 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376279/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14683 | third-party-advisory |
| https://vuldb.com/submit/846750 | third-party-advisory |
| https://vuldb.com/submit/846752 | third-party-advisory |
| https://github.com/HdrHistogram/HdrHistogram/issues/219 | exploitissue-tracking |
| https://github.com/HdrHistogram/HdrHistogram/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HdrHistogram |
Affected:
2.2.0
Affected: 2.2.1 Affected: 2.2.2 cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14683",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T02:37:45.632749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T02:37:54.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*"
],
"product": "HdrHistogram",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.2.0"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "2.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sara11h (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T23:00:10.759Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376279 | HdrHistogram AbstractHistogram.java memory allocation",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376279"
},
{
"name": "VDB-376279 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376279/cti"
},
{
"name": "CVE-2026-14683 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14683"
},
{
"name": "Submit #846750 | HdrHistogram 2.2.2 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/846750"
},
{
"name": "Submit #846752 | HdrHistogram 2.2.2 Denial of Service (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/846752"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/HdrHistogram/HdrHistogram/issues/219"
},
{
"tags": [
"product"
],
"url": "https://github.com/HdrHistogram/HdrHistogram/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T06:45:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "HdrHistogram AbstractHistogram.java memory allocation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14683",
"datePublished": "2026-07-04T23:00:10.759Z",
"dateReserved": "2026-07-04T04:39:55.742Z",
"dateUpdated": "2026-07-07T02:37:54.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14454 (GCVE-0-2026-14454)
Vulnerability from cvelistv5 – Published: 2026-07-08 12:30 – Updated: 2026-07-09 14:41{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-07-08T17:31:27.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/07/08/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-14454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:50:57.514385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:41:45.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Imager",
"product": "Imager",
"programFiles": [
"imexif.c"
],
"programRoutines": [
{
"name": "tiff_load_ifd"
}
],
"repo": "https://github.com/tonycoz/imager",
"vendor": "TONYC",
"versions": [
{
"lessThan": "1.033",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.\n\nImager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.\n\nAn attacker could craft an image with EXIF data that terminates a worker process."
}
],
"impacts": [
{
"capecId": "CAPEC-128",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-128 Integer Attacks"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-196",
"description": "CWE-196 Unsigned to Signed Conversion Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:30:20.230Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TONYC/Imager-1.033/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 1.033 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-14454",
"datePublished": "2026-07-08T12:30:20.230Z",
"dateReserved": "2026-07-02T08:18:50.542Z",
"dateUpdated": "2026-07-09T14:41:45.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11946 (GCVE-0-2026-11946)
Vulnerability from cvelistv5 – Published: 2026-07-02 10:54 – Updated: 2026-07-02 12:15| Vendor | Product | Version | |
|---|---|---|---|
| open62541 project / o6 Automation GmbH | open62541 |
Affected:
1.4.0 , ≤ 1.4.16
(semver)
Affected: 1.5.0 , ≤ 1.5.4 (semver) Affected: master (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:15:40.618622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:15:49.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "open62541",
"vendor": "open62541 project / o6 Automation GmbH",
"versions": [
{
"lessThanOrEqual": "1.4.16",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.4",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "master",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eAn unauthenticated remote attacker can exhaust\nserver memory via the GetEndpoints Discovery Service in open62541. The\nendpointUrl field of GetEndpointsRequest is not validated for length. An\nattacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32\nlength field) delivered across intermediate chunks without ever sending the\nfinal chunk. The server buffers all chunks in RAM indefinitely until the\nSecureChannel times out. The attack is\npre-session and bypasses all encryption configurations.\u003c/span\u003e\n\n\n\n\u003cspan\u003eThe\u0026nbsp;\u003c/span\u003eissue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
}
],
"value": "An unauthenticated remote attacker can exhaust\nserver memory via the GetEndpoints Discovery Service in open62541. The\nendpointUrl field of GetEndpointsRequest is not validated for length. An\nattacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32\nlength field) delivered across intermediate chunks without ever sending the\nfinal chunk. The server buffers all chunks in RAM indefinitely until the\nSecureChannel times out. The attack is\npre-session and bypasses all encryption configurations.\n\n\n\nThe\u00a0issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of resources without limits or throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory allocation with excessive size value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T10:54:17.782Z",
"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"shortName": "ENISA"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/open62541/open62541/pull/8142"
},
{
"tags": [
"patch"
],
"url": "https://github.com/open62541/open62541/pull/8142/changes/d253818d6c5e870e1db0e360b18138c8bdc809ae"
},
{
"tags": [
"product"
],
"url": "https://github.com/open62541/open62541"
}
],
"source": {
"advisory": "SA-2026-0002",
"discovery": "UNKNOWN"
},
"title": "GetEndpoints Memory Exhaustion in open62541",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"assignerShortName": "ENISA",
"cveId": "CVE-2026-11946",
"datePublished": "2026-07-02T10:54:17.782Z",
"dateReserved": "2026-06-10T21:38:14.592Z",
"dateUpdated": "2026-07-02T12:15:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10142 (GCVE-0-2026-10142)
Vulnerability from cvelistv5 – Published: 2026-06-10 20:13 – Updated: 2026-07-14 15:53- CWE-789 - Memory Allocation with Excessive Size Value
| URL | Tags |
|---|---|
| https://www.vulncheck.com/advisories/kafka-python… | technical-descriptionthird-party-advisory |
| https://github.com/dpkp/kafka-python/pull/3019 | issue-tracking |
| https://github.com/dpkp/kafka-python/pull/3026 | issue-tracking |
| https://github.com/dpkp/kafka-python/commit/6e483… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| Dana Powers | kafka-python |
Affected:
0 , < 2.3.2
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T14:12:48.592271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T14:13:01.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/dpkp/kafka-python",
"defaultStatus": "unknown",
"product": "kafka-python",
"vendor": "Dana Powers",
"versions": [
{
"lessThan": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dpkp:kafka-python:*:*:*:*:*:python:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Katriel Moses"
}
],
"datePublic": "2026-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ekafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart.\u003c/p\u003e"
}
],
"value": "kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:53:03.388Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-denial-of-service-via-protocol-parser-frame-length"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"tags": [
"patch"
],
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-10142",
"datePublished": "2026-06-10T20:13:11.286Z",
"dateReserved": "2026-05-29T21:38:32.287Z",
"dateUpdated": "2026-07-14T15:53:03.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9538 (GCVE-0-2026-9538)
Vulnerability from cvelistv5 – Published: 2026-05-26 00:18 – Updated: 2026-05-28 13:16- CWE-789 - Memory Allocation with Excessive Size Value
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-26T03:06:03.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/26/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-9538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:16:04.042321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:16:08.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_read_tar"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.\n\n_read_tar() reads each entry\u0027s payload with $handle-\u003eread($$data, $block), where $block is derived from the entry\u0027s 12-byte size field in the tar header with no upper bound on that value.\n\nA crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:18:43.704Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/f9af01426038e29d9578825a0cd3626946ab08c7.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.10/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.10 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-25T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-25T00:00:00.000Z",
"value": "Version 3.10 released."
}
],
"title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-9538",
"datePublished": "2026-05-26T00:18:43.704Z",
"dateReserved": "2026-05-25T23:04:04.116Z",
"dateUpdated": "2026-05-28T13:16:08.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8485 (GCVE-0-2026-8485)
Vulnerability from cvelistv5 – Published: 2026-05-20 14:06 – Updated: 2026-05-20 14:24- CWE-789 - Uncontrolled Memory Allocation
| URL | Tags |
|---|---|
| https://docs.progress.com/bundle/moveit-automatio… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software | MOVEit Automation |
Affected:
0 , < 2025.0.11
(semver)
Affected: 2025.1.0 , < 2025.1.7 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T14:24:42.780536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T14:24:51.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MOVEit Automation",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "2025.0.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2025.1.7",
"status": "affected",
"version": "2025.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Airbus SecLab"
},
{
"lang": "en",
"type": "finder",
"value": "Ana\u00efs Gantet"
},
{
"lang": "en",
"type": "finder",
"value": "Delphine Gourdou"
},
{
"lang": "en",
"type": "finder",
"value": "Quentin Liddell"
},
{
"lang": "en",
"type": "finder",
"value": "Matteo Ricordeau"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.\u003cp\u003eThis issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.\u003c/p\u003e"
}
],
"value": "Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.\n\nThis issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T14:06:57.546Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.progress.com/bundle/moveit-automation-release-notes-2026/page/Fixed-Issues-2026.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2026-8485",
"datePublished": "2026-05-20T14:06:57.546Z",
"dateReserved": "2026-05-13T14:50:39.764Z",
"dateUpdated": "2026-05-20T14:24:51.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6340 (GCVE-0-2026-6340)
Vulnerability from cvelistv5 – Published: 2026-05-18 07:08 – Updated: 2026-05-18 12:43- CWE-789 - Memory Allocation with Excessive Size Value
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.5.0 , ≤ 11.5.1
(semver)
Affected: 10.11.0 , ≤ 10.11.13 (semver) Affected: 11.4.0 , ≤ 11.4.3 (semver) Unaffected: 11.6.0 Unaffected: 11.5.2 Unaffected: 10.11.14 Unaffected: 11.4.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T12:43:23.193742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T12:43:56.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.5.1",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.13",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.4.3",
"status": "affected",
"version": "11.4.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.6.0"
},
{
"status": "unaffected",
"version": "11.5.2"
},
{
"status": "unaffected",
"version": "10.11.14"
},
{
"status": "unaffected",
"version": "11.4.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juho Fors\u00e9n"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13, 11.4.x \u003c= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder declarations.. Mattermost Advisory ID: MMSA-2026-00573"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T07:08:56.863Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"name": "MMSA-2026-00573",
"tags": [
"vendor-advisory"
],
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.6.0, 11.5.2, 10.11.14, 11.4.4 or higher."
}
],
"source": {
"advisory": "MMSA-2026-00573",
"defect": [
"https://mattermost.atlassian.net/browse/MM-65700"
],
"discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
},
"title": "Memory Exhaustion via Malicious 7zip File Upload",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2026-6340",
"datePublished": "2026-05-18T07:08:56.863Z",
"dateReserved": "2026-04-15T10:30:19.937Z",
"dateUpdated": "2026-05-18T12:43:56.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
Mitigation
Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
No CAPEC attack patterns related to this CWE.