CWE-1284
AllowedImproper Validation of Specified Quantity in Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
493 vulnerabilities reference this CWE, most recent first.
GHSA-XPV7-VM32-P7WV
Vulnerability from github – Published: 2026-06-23 18:31 – Updated: 2026-06-29 21:31GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.
{
"affected": [],
"aliases": [
"CVE-2026-57053"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-23T18:18:10Z",
"severity": "MODERATE"
},
"details": "GNU libidn before 1.44 is prone to out-of-bounds reads of\u00a0uninitialized memory in the ToUnicode APIs because of mishandling in\u00a0idna_to_unicode_internal. The affected code is not present in libidn2.",
"id": "GHSA-xpv7-vm32-p7wv",
"modified": "2026-06-29T21:31:55Z",
"published": "2026-06-23T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57053"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/help-libidn/2026-05/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/help-libidn/2026-06/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XVGG-9H29-4G34
Vulnerability from github – Published: 2025-09-15 18:31 – Updated: 2025-09-15 22:01Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, which allows remote attackers who control a website that share the same TLD to read cookies set by the application.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:com.liferay.portal.impl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "96.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:com.liferay.portal.kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "130.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43793"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-15T22:01:51Z",
"nvd_published_at": "2025-09-15T16:15:37Z",
"severity": "MODERATE"
},
"details": "Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, which allows remote attackers who control a website that share the same TLD to read cookies set by the application.",
"id": "GHSA-xvgg-9h29-4g34",
"modified": "2025-09-15T22:01:51Z",
"published": "2025-09-15T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43793"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43793"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Liferay Portal has Improper Validation of Specified Quantity in Input"
}
GHSA-XWRW-2CRP-46Q4
Vulnerability from github – Published: 2025-12-08 21:30 – Updated: 2025-12-11 15:30NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary data.
{
"affected": [],
"aliases": [
"CVE-2025-65548"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T19:15:50Z",
"severity": "CRITICAL"
},
"details": "NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint\u0027s db nd disk with arbitrary data.",
"id": "GHSA-xwrw-2crp-46q4",
"modified": "2025-12-11T15:30:31Z",
"published": "2025-12-08T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65548"
},
{
"type": "WEB",
"url": "https://bitcointalk.org/index.php?topic=5564329"
},
{
"type": "WEB",
"url": "https://delvingbitcoin.org/t/public-disclosure-denial-of-service-using-htlc-in-cashu/2090"
},
{
"type": "WEB",
"url": "https://github.com/cashubtc/nuts/blob/main/07.md"
},
{
"type": "WEB",
"url": "https://github.com/cashubtc/nuts/blob/main/14.md"
},
{
"type": "WEB",
"url": "https://github.com/jamesob/delving-bitcoin-archive/blob/master/archive/rendered-topics/2025-11-November/2025-11-02-public-disclosure-denial-of-service-using-htlc-in-cashu-id2090.md"
},
{
"type": "WEB",
"url": "https://preimage007.github.io"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.