Common Weakness Enumeration

CWE-789

Allowed

Memory Allocation with Excessive Size Value

Abstraction: Variant · Status: Draft

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

321 vulnerabilities reference this CWE, most recent first.

CVE-2026-20048 (GCVE-0-2026-20048)

Vulnerability from cvelistv5 – Published: 2026-02-25 16:26 – Updated: 2026-02-25 19:05
VLAI
Title
Cisco NX-OS Software SNMP Denial of Service Vulnerability
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a DoS condition. Note: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv1 or SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Uncontrolled Memory Allocation
Assigner
Impacted products
Vendor Product Version
Cisco Cisco NX-OS System Software in ACI Mode Affected: 15.2(1g)
Affected: 15.2(2e)
Affected: 15.2(2f)
Affected: 15.2(2g)
Affected: 15.2(2h)
Affected: 15.2(3f)
Affected: 15.2(3e)
Affected: 15.2(3g)
Affected: 15.2(4d)
Affected: 15.2(4e)
Affected: 15.2(5c)
Affected: 15.2(5d)
Affected: 16.0(1g)
Affected: 15.2(5e)
Affected: 15.2(4f)
Affected: 15.2(6e)
Affected: 15.2(6h)
Affected: 16.0(1j)
Affected: 15.2(6g)
Affected: 15.2(7f)
Affected: 15.2(7g)
Affected: 16.0(2h)
Affected: 15.2(8d)
Affected: 16.0(2j)
Affected: 15.2(8e)
Affected: 16.0(3d)
Affected: 16.0(3e)
Affected: 15.2(8f)
Affected: 15.2(8g)
Affected: 15.3(1d)
Affected: 15.2(8h)
Affected: 16.0(4c)
Affected: 15.3(2a)
Affected: 15.2(8i)
Affected: 16.0(5h)
Affected: 15.3(2b)
Affected: 16.0(3g)
Affected: 16.0(5j)
Affected: 15.3(2c)
Affected: 16.0(6c)
Affected: 15.3(2d)
Affected: 16.1(1f)
Affected: 16.0(7e)
Affected: 16.0(8e)
Affected: 15.3(2e)
Affected: 16.0(8f)
Affected: 16.1(2f)
Affected: 16.1(2g)
Affected: 15.3(2f)
Affected: 16.0(9c)
Affected: 16.1(3f)
Affected: 16.0(9d)
Affected: 16.0(6h)
Affected: 16.0(8h)
Affected: 16.1(3g)
Affected: 16.0(9e)
Affected: 16.1(4h)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20048",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T18:18:11.351419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T19:05:48.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco NX-OS System Software in ACI Mode",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "15.2(1g)"
            },
            {
              "status": "affected",
              "version": "15.2(2e)"
            },
            {
              "status": "affected",
              "version": "15.2(2f)"
            },
            {
              "status": "affected",
              "version": "15.2(2g)"
            },
            {
              "status": "affected",
              "version": "15.2(2h)"
            },
            {
              "status": "affected",
              "version": "15.2(3f)"
            },
            {
              "status": "affected",
              "version": "15.2(3e)"
            },
            {
              "status": "affected",
              "version": "15.2(3g)"
            },
            {
              "status": "affected",
              "version": "15.2(4d)"
            },
            {
              "status": "affected",
              "version": "15.2(4e)"
            },
            {
              "status": "affected",
              "version": "15.2(5c)"
            },
            {
              "status": "affected",
              "version": "15.2(5d)"
            },
            {
              "status": "affected",
              "version": "16.0(1g)"
            },
            {
              "status": "affected",
              "version": "15.2(5e)"
            },
            {
              "status": "affected",
              "version": "15.2(4f)"
            },
            {
              "status": "affected",
              "version": "15.2(6e)"
            },
            {
              "status": "affected",
              "version": "15.2(6h)"
            },
            {
              "status": "affected",
              "version": "16.0(1j)"
            },
            {
              "status": "affected",
              "version": "15.2(6g)"
            },
            {
              "status": "affected",
              "version": "15.2(7f)"
            },
            {
              "status": "affected",
              "version": "15.2(7g)"
            },
            {
              "status": "affected",
              "version": "16.0(2h)"
            },
            {
              "status": "affected",
              "version": "15.2(8d)"
            },
            {
              "status": "affected",
              "version": "16.0(2j)"
            },
            {
              "status": "affected",
              "version": "15.2(8e)"
            },
            {
              "status": "affected",
              "version": "16.0(3d)"
            },
            {
              "status": "affected",
              "version": "16.0(3e)"
            },
            {
              "status": "affected",
              "version": "15.2(8f)"
            },
            {
              "status": "affected",
              "version": "15.2(8g)"
            },
            {
              "status": "affected",
              "version": "15.3(1d)"
            },
            {
              "status": "affected",
              "version": "15.2(8h)"
            },
            {
              "status": "affected",
              "version": "16.0(4c)"
            },
            {
              "status": "affected",
              "version": "15.3(2a)"
            },
            {
              "status": "affected",
              "version": "15.2(8i)"
            },
            {
              "status": "affected",
              "version": "16.0(5h)"
            },
            {
              "status": "affected",
              "version": "15.3(2b)"
            },
            {
              "status": "affected",
              "version": "16.0(3g)"
            },
            {
              "status": "affected",
              "version": "16.0(5j)"
            },
            {
              "status": "affected",
              "version": "15.3(2c)"
            },
            {
              "status": "affected",
              "version": "16.0(6c)"
            },
            {
              "status": "affected",
              "version": "15.3(2d)"
            },
            {
              "status": "affected",
              "version": "16.1(1f)"
            },
            {
              "status": "affected",
              "version": "16.0(7e)"
            },
            {
              "status": "affected",
              "version": "16.0(8e)"
            },
            {
              "status": "affected",
              "version": "15.3(2e)"
            },
            {
              "status": "affected",
              "version": "16.0(8f)"
            },
            {
              "status": "affected",
              "version": "16.1(2f)"
            },
            {
              "status": "affected",
              "version": "16.1(2g)"
            },
            {
              "status": "affected",
              "version": "15.3(2f)"
            },
            {
              "status": "affected",
              "version": "16.0(9c)"
            },
            {
              "status": "affected",
              "version": "16.1(3f)"
            },
            {
              "status": "affected",
              "version": "16.0(9d)"
            },
            {
              "status": "affected",
              "version": "16.0(6h)"
            },
            {
              "status": "affected",
              "version": "16.0(8h)"
            },
            {
              "status": "affected",
              "version": "16.1(3g)"
            },
            {
              "status": "affected",
              "version": "16.0(9e)"
            },
            {
              "status": "affected",
              "version": "16.1(4h)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries\u0026nbsp;to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a\u0026nbsp;DoS condition.\r\nNote: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit\u0026nbsp;this vulnerability through SNMPv1 or\u0026nbsp;SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T16:26:28.329Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-nxos-dsnmp-cNN39Uh",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dsnmp-cNN39Uh"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-dsnmp-cNN39Uh",
        "defects": [
          "CSCwq57598"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco NX-OS Software SNMP Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20048",
    "datePublished": "2026-02-25T16:26:28.329Z",
    "dateReserved": "2025-10-08T11:59:15.355Z",
    "dateUpdated": "2026-02-25T19:05:48.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15053 (GCVE-0-2026-15053)

Vulnerability from cvelistv5 – Published: 2026-07-08 13:46 – Updated: 2026-07-08 14:27
VLAI
Title
Tanium addressed a denial of service vulnerability in Tanium Server.
Summary
Tanium addressed a denial of service vulnerability in Tanium Server.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
Impacted products
Vendor Product Version
Tanium Tanium Server Affected: 7.7.3.8298 , < 7.7.3.8298 (custom)
Affected: 7.8.2.1198 , < 7.8.2.1198 (custom)
Affected: 7.8.4.1327 , < 7.8.4.1327 (custom)
Create a notification for this product.
Date Public
2026-07-07 20:17
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15053",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-08T14:27:30.302303Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-08T14:27:37.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Tanium Server",
          "vendor": "Tanium",
          "versions": [
            {
              "lessThan": "7.7.3.8298",
              "status": "affected",
              "version": "7.7.3.8298",
              "versionType": "custom"
            },
            {
              "lessThan": "7.8.2.1198",
              "status": "affected",
              "version": "7.8.2.1198",
              "versionType": "custom"
            },
            {
              "lessThan": "7.8.4.1327",
              "status": "affected",
              "version": "7.8.4.1327",
              "versionType": "custom"
            }
          ]
        }
      ],
      "dateAssigned": "2026-07-08T13:33:20.107Z",
      "datePublic": "2026-07-07T20:17:39.951Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Tanium addressed a denial of service vulnerability in Tanium Server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T13:46:40.902Z",
        "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "shortName": "Tanium"
      },
      "references": [
        {
          "name": "TAN-2026-016",
          "url": "https://security.tanium.com/TAN-2026-016"
        }
      ],
      "title": "Tanium addressed a denial of service vulnerability in Tanium Server."
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
    "assignerShortName": "Tanium",
    "cveId": "CVE-2026-15053",
    "datePublished": "2026-07-08T13:46:40.902Z",
    "dateReserved": "2026-07-08T13:33:20.588Z",
    "dateUpdated": "2026-07-08T14:27:37.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14684 (GCVE-0-2026-14684)

Vulnerability from cvelistv5 – Published: 2026-07-04 23:30 – Updated: 2026-07-06 16:50
VLAI
Title
HdrHistogram AbstractHistogram.java memory allocation
Summary
A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Uncontrolled Memory Allocation
  • CWE-400 - Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
n/a HdrHistogram Affected: 2.2.0
Affected: 2.2.1
Affected: 2.2.2
    cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*
Credits
sara11h (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14684",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T16:36:13.983720Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T16:50:59.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*"
          ],
          "product": "HdrHistogram",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.0"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "sara11h (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-04T23:30:10.875Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376280 | HdrHistogram AbstractHistogram.java memory allocation",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/376280"
        },
        {
          "name": "VDB-376280 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376280/cti"
        },
        {
          "name": "CVE-2026-14684 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14684"
        },
        {
          "name": "Submit #846754 | HdrHistogram 2.2.2 Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/846754"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/HdrHistogram/HdrHistogram/issues/220"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/HdrHistogram/HdrHistogram/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-04T06:45:14.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "HdrHistogram AbstractHistogram.java memory allocation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14684",
    "datePublished": "2026-07-04T23:30:10.875Z",
    "dateReserved": "2026-07-04T04:39:58.430Z",
    "dateUpdated": "2026-07-06T16:50:59.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14683 (GCVE-0-2026-14683)

Vulnerability from cvelistv5 – Published: 2026-07-04 23:00 – Updated: 2026-07-07 02:37
VLAI
Title
HdrHistogram AbstractHistogram.java memory allocation
Summary
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Uncontrolled Memory Allocation
  • CWE-400 - Resource Consumption
Assigner
References
Impacted products
Vendor Product Version
n/a HdrHistogram Affected: 2.2.0
Affected: 2.2.1
Affected: 2.2.2
    cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*
Credits
sara11h (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14683",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-07T02:37:45.632749Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-07T02:37:54.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:*"
          ],
          "product": "HdrHistogram",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.0"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "sara11h (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-04T23:00:10.759Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376279 | HdrHistogram AbstractHistogram.java memory allocation",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/376279"
        },
        {
          "name": "VDB-376279 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376279/cti"
        },
        {
          "name": "CVE-2026-14683 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14683"
        },
        {
          "name": "Submit #846750 | HdrHistogram 2.2.2 Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/846750"
        },
        {
          "name": "Submit #846752 | HdrHistogram 2.2.2 Denial of Service (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/846752"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/HdrHistogram/HdrHistogram/issues/219"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/HdrHistogram/HdrHistogram/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-04T06:45:00.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "HdrHistogram AbstractHistogram.java memory allocation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14683",
    "datePublished": "2026-07-04T23:00:10.759Z",
    "dateReserved": "2026-07-04T04:39:55.742Z",
    "dateUpdated": "2026-07-07T02:37:54.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14454 (GCVE-0-2026-14454)

Vulnerability from cvelistv5 – Published: 2026-07-08 12:30 – Updated: 2026-07-09 14:41
VLAI
Title
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed
Summary
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. An attacker could craft an image with EXIF data that terminates a worker process.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-196 - Unsigned to Signed Conversion Error
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
Impacted products
Vendor Product Version
TONYC Imager Affected: 0 , < 1.033 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-07-08T17:31:27.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/07/08/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-14454",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-09T13:50:57.514385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-09T14:41:45.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Imager",
          "product": "Imager",
          "programFiles": [
            "imexif.c"
          ],
          "programRoutines": [
            {
              "name": "tiff_load_ifd"
            }
          ],
          "repo": "https://github.com/tonycoz/imager",
          "vendor": "TONYC",
          "versions": [
            {
              "lessThan": "1.033",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.\n\nImager mishandled large EXIF IFD entry count values, treating them as negative numbers.  This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.\n\nAn attacker could craft an image with EXIF data that terminates a worker process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-128",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-128 Integer Attacks"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-196",
              "description": "CWE-196 Unsigned to Signed Conversion Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T12:30:20.230Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://metacpan.org/release/TONYC/Imager-1.033/changes"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 1.033 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed",
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2026-14454",
    "datePublished": "2026-07-08T12:30:20.230Z",
    "dateReserved": "2026-07-02T08:18:50.542Z",
    "dateUpdated": "2026-07-09T14:41:45.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11946 (GCVE-0-2026-11946)

Vulnerability from cvelistv5 – Published: 2026-07-02 10:54 – Updated: 2026-07-02 12:15
VLAI
Title
GetEndpoints Memory Exhaustion in open62541
Summary
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configurations. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-770 - Allocation of resources without limits or throttling
  • CWE-789 - Memory allocation with excessive size value
Assigner
Impacted products
Vendor Product Version
open62541 project / o6 Automation GmbH open62541 Affected: 1.4.0 , ≤ 1.4.16 (semver)
Affected: 1.5.0 , ≤ 1.5.4 (semver)
Affected: master (custom)
Create a notification for this product.
Credits
Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T12:15:40.618622Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T12:15:49.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "open62541",
          "vendor": "open62541 project / o6 Automation GmbH",
          "versions": [
            {
              "lessThanOrEqual": "1.4.16",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.4",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "master",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lorenzo Cannella from Fondazione Ugo Bordoni (FUB)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eAn unauthenticated remote attacker can exhaust\nserver memory via the GetEndpoints Discovery Service in open62541. The\nendpointUrl field of GetEndpointsRequest is not validated for length. An\nattacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32\nlength field) delivered across intermediate chunks without ever sending the\nfinal chunk. The server buffers all chunks in RAM indefinitely until the\nSecureChannel times out. The attack is\npre-session and bypasses all encryption configurations.\u003c/span\u003e\n\n\n\n\u003cspan\u003eThe\u0026nbsp;\u003c/span\u003eissue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
            }
          ],
          "value": "An unauthenticated remote attacker can exhaust\nserver memory via the GetEndpoints Discovery Service in open62541. The\nendpointUrl field of GetEndpointsRequest is not validated for length. An\nattacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32\nlength field) delivered across intermediate chunks without ever sending the\nfinal chunk. The server buffers all chunks in RAM indefinitely until the\nSecureChannel times out. The attack is\npre-session and bypasses all encryption configurations.\n\n\n\nThe\u00a0issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of resources without limits or throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory allocation with excessive size value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T10:54:17.782Z",
        "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "shortName": "ENISA"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/open62541/open62541/pull/8142"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/open62541/open62541/pull/8142/changes/d253818d6c5e870e1db0e360b18138c8bdc809ae"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/open62541/open62541"
        }
      ],
      "source": {
        "advisory": "SA-2026-0002",
        "discovery": "UNKNOWN"
      },
      "title": "GetEndpoints Memory Exhaustion in open62541",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
    "assignerShortName": "ENISA",
    "cveId": "CVE-2026-11946",
    "datePublished": "2026-07-02T10:54:17.782Z",
    "dateReserved": "2026-06-10T21:38:14.592Z",
    "dateUpdated": "2026-07-02T12:15:49.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10142 (GCVE-0-2026-10142)

Vulnerability from cvelistv5 – Published: 2026-06-10 20:13 – Updated: 2026-07-14 15:53
VLAI
Title
kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length
Summary
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
Impacted products
Vendor Product Version
Dana Powers kafka-python Affected: 0 , < 2.3.2 (git)
Create a notification for this product.
Date Public
2026-06-10 00:00
Credits
Katriel Moses
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10142",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-11T14:12:48.592271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-11T14:13:01.933Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/dpkp/kafka-python",
          "defaultStatus": "unknown",
          "product": "kafka-python",
          "vendor": "Dana Powers",
          "versions": [
            {
              "lessThan": "2.3.2",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:dpkp:kafka-python:*:*:*:*:*:python:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Katriel Moses"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ekafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart.\u003c/p\u003e"
            }
          ],
          "value": "kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T15:53:03.388Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-denial-of-service-via-protocol-parser-frame-length"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/dpkp/kafka-python/pull/3019"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/dpkp/kafka-python/pull/3026"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-10142",
    "datePublished": "2026-06-10T20:13:11.286Z",
    "dateReserved": "2026-05-29T21:38:32.287Z",
    "dateUpdated": "2026-07-14T15:53:03.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9538 (GCVE-0-2026-9538)

Vulnerability from cvelistv5 – Published: 2026-05-26 00:18 – Updated: 2026-05-28 13:16
VLAI
Title
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Summary
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value. A crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
Impacted products
Vendor Product Version
BINGOS Archive::Tar Affected: 0 , < 3.10 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-26T03:06:03.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/26/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-9538",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T13:16:04.042321Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T13:16:08.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Archive-Tar",
          "product": "Archive::Tar",
          "programFiles": [
            "lib/Archive/Tar.pm"
          ],
          "programRoutines": [
            {
              "name": "Archive::Tar::_read_tar"
            }
          ],
          "repo": "https://github.com/jib/archive-tar-new",
          "vendor": "BINGOS",
          "versions": [
            {
              "lessThan": "3.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.\n\n_read_tar() reads each entry\u0027s payload with $handle-\u003eread($$data, $block), where $block is derived from the entry\u0027s 12-byte size field in the tar header with no upper bound on that value.\n\nA crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-26T00:18:43.704Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/jib/archive-tar-new/commit/f9af01426038e29d9578825a0cd3626946ab08c7.patch"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.10/changes"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to Archive::Tar 3.10 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-25T00:00:00.000Z",
          "value": "Issue reported."
        },
        {
          "lang": "en",
          "time": "2026-05-25T00:00:00.000Z",
          "value": "Version 3.10 released."
        }
      ],
      "title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header",
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2026-9538",
    "datePublished": "2026-05-26T00:18:43.704Z",
    "dateReserved": "2026-05-25T23:04:04.116Z",
    "dateUpdated": "2026-05-28T13:16:08.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8485 (GCVE-0-2026-8485)

Vulnerability from cvelistv5 – Published: 2026-05-20 14:06 – Updated: 2026-05-20 14:24
VLAI
Title
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation
Summary
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Uncontrolled Memory Allocation
Assigner
References
Impacted products
Vendor Product Version
Progress Software MOVEit Automation Affected: 0 , < 2025.0.11 (semver)
Affected: 2025.1.0 , < 2025.1.7 (semver)
Create a notification for this product.
Credits
Airbus SecLab Anaïs Gantet Delphine Gourdou Quentin Liddell Matteo Ricordeau
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-8485",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T14:24:42.780536Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T14:24:51.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MOVEit Automation",
          "vendor": "Progress Software",
          "versions": [
            {
              "lessThan": "2025.0.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "2025.1.7",
              "status": "affected",
              "version": "2025.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Airbus SecLab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Ana\u00efs Gantet"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Delphine Gourdou"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Quentin Liddell"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Matteo Ricordeau"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.\u003cp\u003eThis issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.\u003c/p\u003e"
            }
          ],
          "value": "Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.\n\nThis issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Uncontrolled Memory Allocation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T14:06:57.546Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.progress.com/bundle/moveit-automation-release-notes-2026/page/Fixed-Issues-2026.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2026-8485",
    "datePublished": "2026-05-20T14:06:57.546Z",
    "dateReserved": "2026-05-13T14:50:39.764Z",
    "dateUpdated": "2026-05-20T14:24:51.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6340 (GCVE-0-2026-6340)

Vulnerability from cvelistv5 – Published: 2026-05-18 07:08 – Updated: 2026-05-18 12:43
VLAI
Title
Memory Exhaustion via Malicious 7zip File Upload
Summary
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder declarations.. Mattermost Advisory ID: MMSA-2026-00573
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
URL Tags
https://mattermost.com/security-updates vendor-advisory
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 11.5.0 , ≤ 11.5.1 (semver)
Affected: 10.11.0 , ≤ 10.11.13 (semver)
Affected: 11.4.0 , ≤ 11.4.3 (semver)
Unaffected: 11.6.0
Unaffected: 11.5.2
Unaffected: 10.11.14
Unaffected: 11.4.4
Create a notification for this product.
Credits
Juho Forsén
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6340",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-18T12:43:23.193742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-18T12:43:56.170Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.5.1",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.11.13",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.4.3",
              "status": "affected",
              "version": "11.4.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.6.0"
            },
            {
              "status": "unaffected",
              "version": "11.5.2"
            },
            {
              "status": "unaffected",
              "version": "10.11.14"
            },
            {
              "status": "unaffected",
              "version": "11.4.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Juho Fors\u00e9n"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13, 11.4.x \u003c= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder declarations.. Mattermost Advisory ID: MMSA-2026-00573"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789: Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-18T07:08:56.863Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00573",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.6.0, 11.5.2, 10.11.14, 11.4.4 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00573",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-65700"
        ],
        "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
      },
      "title": "Memory Exhaustion via Malicious 7zip File Upload",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-6340",
    "datePublished": "2026-05-18T07:08:56.863Z",
    "dateReserved": "2026-04-15T10:30:19.937Z",
    "dateUpdated": "2026-05-18T12:43:56.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Implementation Architecture and Design

Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.

Mitigation
Operation

Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.

No CAPEC attack patterns related to this CWE.