Common Weakness Enumeration

CWE-839

Allowed

Numeric Range Comparison Without Minimum Check

Abstraction: Base · Status: Incomplete

The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.

10 vulnerabilities reference this CWE, most recent first.

CVE-2026-56968 (GCVE-0-2026-56968)

Vulnerability from cvelistv5 – Published: 2026-06-23 16:18 – Updated: 2026-06-23 17:31
VLAI
Summary
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-839 - Numeric Range Comparison Without Minimum Check
Assigner
Impacted products
Vendor Product Version
GNU GNU SASL Affected: 0 , < 2.2.4 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-56968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T17:31:41.785915Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T17:31:49.772Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GNU SASL",
          "vendor": "GNU",
          "versions": [
            {
              "lessThan": "2.2.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:gnu:gnu_sasl:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.2.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-839",
              "description": "CWE-839 Numeric Range Comparison Without Minimum Check",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T16:18:29.150Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html"
        },
        {
          "url": "https://lists.debian.org/debian-security-announce/2026/msg00259.html"
        },
        {
          "url": "https://ftp.gnu.org/gnu/gsasl/"
        },
        {
          "url": "https://www.gnu.org/software/gsasl/"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-56968",
    "datePublished": "2026-06-23T16:18:29.150Z",
    "dateReserved": "2026-06-23T16:18:28.745Z",
    "dateUpdated": "2026-06-23T17:31:49.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48840 (GCVE-0-2026-48840)

Vulnerability from cvelistv5 – Published: 2026-05-30 01:50 – Updated: 2026-06-05 09:07 X_Open Source
VLAI
Summary
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-839 - Numeric Range Comparison Without Minimum Check
Assigner
Impacted products
Vendor Product Version
Exim Exim Affected: 4.88 , < 4.99.4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-05T09:07:37.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/29/3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48840",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T12:51:07.836512Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T12:51:18.705Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Exim",
          "repo": "https://code.exim/org/exim/exim",
          "vendor": "Exim",
          "versions": [
            {
              "lessThan": "4.99.4",
              "status": "affected",
              "version": "4.88",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.99.4",
                  "versionStartIncluding": "4.88",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-839",
              "description": "CWE-839 Numeric Range Comparison Without Minimum Check",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-30T01:50:42.637Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://exim.org/static/doc/security/EXIM-Security-2026-05-19.1"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/05/29/3"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-48840",
    "datePublished": "2026-05-30T01:50:42.637Z",
    "dateReserved": "2026-05-25T17:51:46.146Z",
    "dateUpdated": "2026-06-05T09:07:37.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-0425 (GCVE-0-2023-0425)

Vulnerability from cvelistv5 – Published: 2023-08-07 05:06 – Updated: 2024-12-04 15:38
VLAI
Title
Buffer overflow in global memory region
Summary
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible.  Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-839 - Numeric Range Comparison Without Minimum Check
Assigner
ABB
Impacted products
Vendor Product Version
ABB Freelance controllers AC 700F Affected: 9.0;0 , ≤ V9.2 SP2 (custom)
Affected: 0 , ≤ Freelance 2013 (custom)
Affected: 0 , ≤ Freelance 2013SP1 (custom)
Affected: 0 , ≤ Freelance 2016 (custom)
Affected: 0 , ≤ Freelance 2016SP1 (custom)
Affected: 0 , ≤ Freelance 2019 (custom)
Affected: 0 , ≤ Freelance 2019 SP1 (custom)
Affected: 0 , ≤ Freelance 2019 SP1 FP1 (custom)
Create a notification for this product.
ABB Freelance controllers AC 900F Affected: 0 , ≤ Freelance 2013 (custom)
Affected: 0 , ≤ Freelance 2013SP1 (custom)
Affected: 0 , ≤ Freelance 2016 (custom)
Affected: 0 , ≤ Freelance 2016SP1 (custom)
Affected: 0 , ≤ Freelance 2019 (custom)
Affected: 0 , ≤ Freelance 2019 SP1 (custom)
Affected: 0 , ≤ Freelance 2019 SP1 FP1 (custom)
Create a notification for this product.
abb freelance_controllers_ac_700f Affected: 9.0.0 , ≤ 9.2_sp2 (custom)
Affected: 0 , ≤ freelance2013 (custom)
Affected: 0 , ≤ freelance2013sp1 (custom)
Affected: 0 , ≤ freelance2016 (custom)
Affected: 0 , ≤ freelance2016sp1 (custom)
Affected: 0 , ≤ freelance2019 (custom)
Affected: 0 , ≤ freelance2019sp1 (custom)
Affected: 0 , ≤ freelance2019sp1_fp1 (custom)
    cpe:2.3:h:abb:freelance_controllers_ac_700f:*:*:*:*:*:*:*:*
Create a notification for this product.
abb freelance_controllers_ac_900f Affected: 0 , ≤ freelance2013 (custom)
Affected: 0 , ≤ freelance2013sp1 (custom)
Affected: 0 , ≤ freelance2016 (custom)
Affected: 0 , ≤ freelance2016sp1 (custom)
Affected: 0 , ≤ freelance2019 (custom)
Affected: 0 , ≤ freelance2019sp1 (custom)
Affected: 0 , ≤ freelance2019sp1_fp1 (custom)
    cpe:2.3:h:abb:freelance_controllers_ac_900f:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-08-03 18:30
Credits
ABB thanks Nataliya Tlyapova and Denis Goryushev (Positive Technologies) for responsibly reporting the vulnerabilities and working with us as we addressed them.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:55.771Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.68514131.339223974.1691382343-1911411808.1686627590"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:abb:freelance_controllers_ac_700f:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "freelance_controllers_ac_700f",
            "vendor": "abb",
            "versions": [
              {
                "lessThanOrEqual": "9.2_sp2",
                "status": "affected",
                "version": "9.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2013",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2013sp1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2016",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2016sp1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2019",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2019sp1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2019sp1_fp1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:abb:freelance_controllers_ac_900f:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "freelance_controllers_ac_900f",
            "vendor": "abb",
            "versions": [
              {
                "lessThanOrEqual": "freelance2013",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2013sp1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2016",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2016sp1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2019",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2019sp1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "freelance2019sp1_fp1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0425",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T15:30:40.983809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T15:38:30.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Controller"
          ],
          "product": " Freelance controllers AC 700F",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "V9.2 SP2",
              "status": "affected",
              "version": "9.0;0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2013",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2013SP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2016",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2016SP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2019",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2019 SP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2019 SP1 FP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "controller"
          ],
          "product": " Freelance controllers AC 900F",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "Freelance 2013",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2013SP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2016",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2016SP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2019",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2019 SP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Freelance 2019 SP1 FP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "ABB thanks Nataliya Tlyapova and Denis Goryushev (Positive Technologies) for responsibly reporting the vulnerabilities and working with us as we addressed them."
        }
      ],
      "datePublic": "2023-08-03T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves\nthe reported vulnerabilities in the product versions under maintenance.\nAn attacker who successfully exploited one or more of these vulnerabilities could cause the product to\nstop or make the product inaccessible.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eNumeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eFreelance controllers AC 700F:\u0026nbsp;\u003c/p\u003e\u003cp\u003efrom 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;\u0026nbsp;\u003c/p\u003e\u003cp\u003eFreelance controllers AC 900F:\u0026nbsp;\u003c/p\u003e\u003cp\u003eFreelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.\u003c/p\u003e"
            }
          ],
          "value": "\nABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves\nthe reported vulnerabilities in the product versions under maintenance.\nAn attacker who successfully exploited one or more of these vulnerabilities could cause the product to\nstop or make the product inaccessible.\u00a0\n\nNumeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:\n\nFreelance controllers AC 700F:\u00a0\n\nfrom 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;\u00a0\n\nFreelance controllers AC 900F:\u00a0\n\nFreelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-839",
              "description": "CWE-839 Numeric Range Comparison Without Minimum Check",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-07T05:23:54.031Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.68514131.339223974.1691382343-1911411808.1686627590"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Buffer overflow in global memory region",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nABB has tested the following workarounds. Although these workarounds will not correct the underlying\nvulnerabilities, they can help block known attack vectors.\nCVE-2023-0425: Buffer Overflow\nWe recommend disabling the webserver when not needed. The webserver is disabled by default\nfrom Freelance 2019 SP1 FP1 on (see Release Notes 2PAA124716-112).\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nABB has tested the following workarounds. Although these workarounds will not correct the underlying\nvulnerabilities, they can help block known attack vectors.\nCVE-2023-0425: Buffer Overflow\nWe recommend disabling the webserver when not needed. The webserver is disabled by default\nfrom Freelance 2019 SP1 FP1 on (see Release Notes 2PAA124716-112).\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2023-0425",
    "datePublished": "2023-08-07T05:06:46.584Z",
    "dateReserved": "2023-01-20T10:59:16.973Z",
    "dateUpdated": "2024-12-04T15:38:30.902Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-20925 (GCVE-0-2019-20925)

Vulnerability from cvelistv5 – Published: 2020-11-24 11:00 – Updated: 2024-09-16 23:45
VLAI
Title
Denial of service via malformed network packet
Summary
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.
CWE
  • CWE-839 - Numeric Range Comparison Without Minimum Check
Assigner
References
Impacted products
Vendor Product Version
MongoDB Inc. MongoDB Server Affected: 4.2 , < 4.2.1 (custom)
Affected: 4.0 , < 4.0.13 (custom)
Affected: 3.6 , < 3.6.15 (custom)
Affected: 3.4 , < 3.4.24 (custom)
Create a notification for this product.
Date Public
2020-11-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:00:17.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-43751"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc.",
          "versions": [
            {
              "lessThan": "4.2.1",
              "status": "affected",
              "version": "4.2",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0.13",
              "status": "affected",
              "version": "4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.6.15",
              "status": "affected",
              "version": "3.6",
              "versionType": "custom"
            },
            {
              "lessThan": "3.4.24",
              "status": "affected",
              "version": "3.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-11-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.\u003c/p\u003e"
            }
          ],
          "value": "An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-839",
              "description": "CWE-839: Numeric Range Comparison Without Minimum Check",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T15:04:48.719Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.mongodb.org/browse/SERVER-43751"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Denial of service via malformed network packet",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@mongodb.com",
          "DATE_PUBLIC": "2020-11-24T17:00:00.000Z",
          "ID": "CVE-2019-20925",
          "STATE": "PUBLIC",
          "TITLE": "Denial of service via malformed network packet"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MongoDB Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.2",
                            "version_value": "4.2.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.0",
                            "version_value": "4.0.13"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.6",
                            "version_value": "3.6.15"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.4",
                            "version_value": "3.4.24"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "MongoDB Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-839: Numeric Range Comparison Without Minimum Check"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.mongodb.org/browse/SERVER-43751",
              "refsource": "MISC",
              "url": "https://jira.mongodb.org/browse/SERVER-43751"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2019-20925",
    "datePublished": "2020-11-24T11:00:16.027Z",
    "dateReserved": "2020-10-06T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:45:46.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2463-G988-QQPJ

Vulnerability from github – Published: 2023-08-07 06:30 – Updated: 2024-04-04 06:35
VLAI
Details

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. 

Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:

Freelance controllers AC 700F: 

from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; 

Freelance controllers AC 900F: 

Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-839"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-07T06:15:10Z",
    "severity": "HIGH"
  },
  "details": "\nABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves\nthe reported vulnerabilities in the product versions under maintenance.\nAn attacker who successfully exploited one or more of these vulnerabilities could cause the product to\nstop or make the product inaccessible.\u00a0\n\nNumeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:\n\nFreelance controllers AC 700F:\u00a0\n\nfrom 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;\u00a0\n\nFreelance controllers AC 900F:\u00a0\n\nFreelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.\n\n",
  "id": "GHSA-2463-g988-qqpj",
  "modified": "2024-04-04T06:35:32Z",
  "published": "2023-08-07T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0425"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007517\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.68514131.339223974.1691382343-1911411808.1686627590"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2QGP-6C6G-CMWV

Vulnerability from github – Published: 2026-06-23 18:31 – Updated: 2026-06-23 18:31
VLAI
Details

GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-839",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-23T17:17:09Z",
    "severity": "LOW"
  },
  "details": "GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.",
  "id": "GHSA-2qgp-6c6g-cmwv",
  "modified": "2026-06-23T18:31:43Z",
  "published": "2026-06-23T18:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56968"
    },
    {
      "type": "WEB",
      "url": "https://ftp.gnu.org/gnu/gsasl"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-security-announce/2026/msg00259.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://www.gnu.org/software/gsasl"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CM56-MVX6-66QM

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-30 03:37
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN

In drivers/infiniband/ulp/isert/ib_isert.c, isert_login_recv_done() computes the login request payload length as wc->byte_len minus ISER_HEADERS_LEN with no lower bound, and login_req_len is a signed int. A remote iSER initiator can post a login Send work request carrying fewer than ISER_HEADERS_LEN (76) bytes, so the subtraction underflows and login_req_len becomes negative.

isert_rx_login_req() then reads that negative length back into a signed int, takes size = min(rx_buflen, MAX_KEY_VALUE_PAIRS), and because the min() is signed it keeps the negative value; the value is then passed as the memcpy() length and sign-extended to a multi-gigabyte size_t. The copy into the 8192-byte login->req_buf runs far out of bounds and faults, crashing the target node. The login phase precedes iSCSI authentication, so no credentials are required to reach this path.

Reject any login PDU shorter than ISER_HEADERS_LEN before the subtraction, mirroring the existing early return on a failed work completion, so login_req_len can never go negative. The upper bound was already safe: a posted login buffer cannot deliver more than ISER_RX_PAYLOAD_SIZE, so the difference stays at or below MAX_KEY_VALUE_PAIRS and the existing min() clamps it; only the missing lower bound needs to be added.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53176"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191",
      "CWE-839"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:34Z",
    "severity": "CRITICAL"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN\n\nIn drivers/infiniband/ulp/isert/ib_isert.c, isert_login_recv_done()\ncomputes the login request payload length as wc-\u003ebyte_len minus\nISER_HEADERS_LEN with no lower bound, and login_req_len is a signed int.\nA remote iSER initiator can post a login Send work request carrying\nfewer than ISER_HEADERS_LEN (76) bytes, so the subtraction underflows\nand login_req_len becomes negative.\n\nisert_rx_login_req() then reads that negative length back into a signed\nint, takes size = min(rx_buflen, MAX_KEY_VALUE_PAIRS), and because the\nmin() is signed it keeps the negative value; the value is then passed as\nthe memcpy() length and sign-extended to a multi-gigabyte size_t. The\ncopy into the 8192-byte login-\u003ereq_buf runs far out of bounds and\nfaults, crashing the target node. The login phase precedes iSCSI\nauthentication, so no credentials are required to reach this path.\n\nReject any login PDU shorter than ISER_HEADERS_LEN before the\nsubtraction, mirroring the existing early return on a failed work\ncompletion, so login_req_len can never go negative. The upper bound was\nalready safe: a posted login buffer cannot deliver more than\nISER_RX_PAYLOAD_SIZE, so the difference stays at or below\nMAX_KEY_VALUE_PAIRS and the existing min() clamps it; only the missing\nlower bound needs to be added.",
  "id": "GHSA-cm56-mvx6-66qm",
  "modified": "2026-06-30T03:37:13Z",
  "published": "2026-06-25T09:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53176"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-53176"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492741"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ca40b243277c9e88be5e00bd3e083f71aefb93e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29e7b925ae6df64894e82ab6419994dc25580a8a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75ee6e4aa096aa9e7b2dd5c8ff98356e30aceefb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd22740d7f14cb1c0289444cfd2c8d2938667c1d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1234229399f4af12c553b1b0ffd978eeba65548"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5584e089b5af7b3bf8bd5e8ca0560cbf32b0a47"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df422fd273c96c2ee5beb80fc21adc8c70c29260"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8a013c0c3ca2f6708341a56612a3f6d6921620a"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53176.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q4WJ-8854-JVXQ

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-01-23 15:30
VLAI
Details

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-20925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-697",
      "CWE-839"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-24T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.",
  "id": "GHSA-q4wj-8854-jvxq",
  "modified": "2024-01-23T15:30:56Z",
  "published": "2022-05-24T17:34:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20925"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-43751"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7Q7-XC84-HCQJ

Vulnerability from github – Published: 2023-02-13 18:30 – Updated: 2023-02-23 21:30
VLAI
Details

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-839"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-13T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.",
  "id": "GHSA-q7q7-xc84-hcqj",
  "modified": "2023-02-23T21:30:17Z",
  "published": "2023-02-13T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22854"
    },
    {
      "type": "WEB",
      "url": "https://www.mitel.com/support/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGRP-2W9F-FMVG

Vulnerability from github – Published: 2026-05-30 03:30 – Updated: 2026-06-05 12:31
VLAI
Details

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-48840"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-839"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-30T02:16:19Z",
    "severity": "MODERATE"
  },
  "details": "Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.",
  "id": "GHSA-wgrp-2w9f-fmvg",
  "modified": "2026-06-05T12:31:45Z",
  "published": "2026-05-30T03:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48840"
    },
    {
      "type": "WEB",
      "url": "https://exim.org/static/doc/security/EXIM-Security-2026-05-19.1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/29/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/29/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Strategy: Enforcement by Conversion

If the number to be used is always expected to be positive, change the variable type from signed to unsigned or size_t.

Mitigation
Implementation

Strategy: Input Validation

If the number to be used could have a negative value based on the specification (thus requiring a signed value), but the number should only be positive to preserve code correctness, then include a check to ensure that the value is positive.

No CAPEC attack patterns related to this CWE.