CWE-130
AllowedImproper Handling of Length Parameter Inconsistency
Abstraction: Base · Status: Incomplete
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
160 vulnerabilities reference this CWE, most recent first.
GHSA-5V34-G2PX-J4FW
Vulnerability from github – Published: 2021-08-02 16:56 – Updated: 2024-03-01 20:27When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.ant:ant"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.ant:ant"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-36374"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-15T19:18:28Z",
"nvd_published_at": "2021-07-14T07:15:00Z",
"severity": "MODERATE"
},
"details": "When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.",
"id": "GHSA-5v34-g2px-j4fw",
"modified": "2024-03-01T20:27:26Z",
"published": "2021-08-02T16:56:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36374"
},
{
"type": "WEB",
"url": "https://ant.apache.org/security.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210819-0007"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Handling of Length Parameter Inconsistency in Apache Ant"
}
GHSA-5V95-J4RR-6F3C
Vulnerability from github – Published: 2022-09-27 00:00 – Updated: 2026-05-29 20:49rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length "username" field. This can result in excess memory consumption, or memory corruption, leading to a Denial of Service (DoS). This issue is patched in version 2.4.8. There are no known workarounds.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "rdiffweb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-3290"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-30T00:51:30Z",
"nvd_published_at": "2022-09-26T19:15:00Z",
"severity": "HIGH"
},
"details": "rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length \"username\" field. This can result in excess memory consumption, or memory corruption, leading to a Denial of Service (DoS). This issue is patched in version 2.4.8. There are no known workarounds.",
"id": "GHSA-5v95-j4rr-6f3c",
"modified": "2026-05-29T20:49:26Z",
"published": "2022-09-27T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3290"
},
{
"type": "WEB",
"url": "https://github.com/ikus060/rdiffweb/commit/667657c6fe2b336c90be37f37fb92f65df4feee3"
},
{
"type": "PACKAGE",
"url": "https://github.com/ikus060/rdiffweb"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-292.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43184.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/d8b8519d-96a5-484c-8141-624c54290bf5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "rdiffweb\u0027s unlimited username field length can lead to DoS"
}
GHSA-624C-2H52-GF7F
Vulnerability from github – Published: 2025-07-28 00:30 – Updated: 2025-07-28 15:08Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-6ggr-cwv4-g7qg. This link is maintained to preserve external references.
Original Description
The rosenpass crate before 0.2.1 for Rust allows remote attackers to cause a denial of service (panic) via a one-byte UDP packet.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rosenpass"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-28T15:08:01Z",
"nvd_published_at": "2025-07-28T00:15:25Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-6ggr-cwv4-g7qg. This link is maintained to preserve external references.\n\n### Original Description\nThe rosenpass crate before 0.2.1 for Rust allows remote attackers to cause a denial of service (panic) via a one-byte UDP packet.",
"id": "GHSA-624c-2h52-gf7f",
"modified": "2025-07-28T15:08:01Z",
"published": "2025-07-28T00:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53157"
},
{
"type": "WEB",
"url": "https://github.com/rosenpass/rosenpass/commit/93439858d1c44294a7b377f775c4fc897a370bb2"
},
{
"type": "WEB",
"url": "https://crates.io/crates/rosenpass"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-6ggr-cwv4-g7qg"
},
{
"type": "PACKAGE",
"url": "https://github.com/rosenpass/rosenpass"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0077.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Remotely exploitable denial of service in Rosenpass",
"withdrawn": "2025-07-28T15:08:01Z"
}
GHSA-6GGR-CWV4-G7QG
Vulnerability from github – Published: 2023-12-21 23:15 – Updated: 2025-07-28 15:08Affected versions of this crate did not validate the size of buffers when attempting to decode messages.
This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.
This flaw was corrected by validating the size of the buffers before attempting to decode the message.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rosenpass"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-53157"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-21T23:15:57Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Affected versions of this crate did not validate the size of buffers when attempting to decode messages.\n\nThis allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.\n\nThis flaw was corrected by validating the size of the buffers before attempting to decode the message.",
"id": "GHSA-6ggr-cwv4-g7qg",
"modified": "2025-07-28T15:08:43Z",
"published": "2023-12-21T23:15:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53157"
},
{
"type": "WEB",
"url": "https://github.com/rosenpass/rosenpass/commit/93439858d1c44294a7b377f775c4fc897a370bb2"
},
{
"type": "PACKAGE",
"url": "https://github.com/rosenpass/rosenpass"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0077.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Remotely exploitable denial of service in Rosenpass"
}
GHSA-795C-9XPC-XW6G
Vulnerability from github – Published: 2024-08-07 15:30 – Updated: 2025-11-04 19:50An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "5.0"
},
{
"fixed": "5.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "4.2"
},
{
"fixed": "4.2.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-41990"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-07T19:02:12Z",
"nvd_published_at": "2024-08-07T15:15:56Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.",
"id": "GHSA-795c-9xpc-xw6g",
"modified": "2025-11-04T19:50:38Z",
"published": "2024-08-07T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41990"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88"
},
{
"type": "WEB",
"url": "https://docs.djangoproject.com/en/dev/releases/security"
},
{
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240905-0007"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Django vulnerable to a denial-of-service attack"
}
GHSA-7FGC-89CX-W8J5
Vulnerability from github – Published: 2023-12-13 23:08 – Updated: 2023-12-13 23:08Impact
When submitting a POST request to the /dataset/new endpoint (including either the auth cookie or the Authorization header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server.
To trigger this error the user needs to have permissions to create or edit datasets.
Patches
This vulnerability has been patched in CKAN 2.10.3 and 2.9.10
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ckan"
},
"ranges": [
{
"events": [
{
"introduced": "2.0"
},
{
"fixed": "2.9.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ckan"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-50248"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-13T23:08:35Z",
"nvd_published_at": "2023-12-13T21:15:08Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nWhen submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server.\n\nTo trigger this error the user needs to have permissions to create or edit datasets.\n\n### Patches\n\nThis vulnerability has been patched in CKAN 2.10.3 and 2.9.10",
"id": "GHSA-7fgc-89cx-w8j5",
"modified": "2023-12-13T23:08:35Z",
"published": "2023-12-13T23:08:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50248"
},
{
"type": "WEB",
"url": "https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be"
},
{
"type": "PACKAGE",
"url": "https://github.com/ckan/ckan"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Out of memory error when submitting the dataset form with a specially-crafted field"
}
GHSA-7R42-PPXW-235F
Vulnerability from github – Published: 2024-07-17 18:31 – Updated: 2024-07-17 18:31A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.
{
"affected": [],
"aliases": [
"CVE-2024-20416"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-17T17:15:13Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.\n\n This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.",
"id": "GHSA-7r42-ppxw-235f",
"modified": "2024-07-17T18:31:00Z",
"published": "2024-07-17T18:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20416"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8PWQ-5WX2-R2FC
Vulnerability from github – Published: 2022-12-12 09:30 – Updated: 2022-12-14 18:30Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.
{
"affected": [],
"aliases": [
"CVE-2022-20689"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-130",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-12T09:15:00Z",
"severity": "HIGH"
},
"details": "Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.",
"id": "GHSA-8pwq-5wx2-r2fc",
"modified": "2022-12-14T18:30:28Z",
"published": "2022-12-12T09:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20689"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-932W-96J4-J35V
Vulnerability from github – Published: 2026-04-11 00:31 – Updated: 2026-04-13 15:31Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass.
_pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of 17 bytes, misaligning the IPv4 part of the address.
The wrong length causes incorrect results in mask operations (bitwise AND truncates to the shorter operand) and in find() / bin_find() which use Perl string comparison (lt/gt). This can cause find() to incorrectly match or miss addresses.
Example:
my $cidr = Net::CIDR::Lite->new("::ffff:192.168.1.0/120"); $cidr->find("::ffff:192.168.2.0"); # incorrectly returns true
This is triggered by valid RFC 4291 IPv4 mapped addresses (::ffff:x.x.x.x).
See also CVE-2026-40198, a related issue in the same function affecting malformed IPv6 addresses.
{
"affected": [],
"aliases": [
"CVE-2026-40199"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-10T22:16:21Z",
"severity": "MODERATE"
},
"details": "Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass.\n\n_pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of 17 bytes, misaligning the IPv4 part of the address.\n\nThe wrong length causes incorrect results in mask operations (bitwise AND truncates to the shorter operand) and in find() / bin_find() which use Perl string comparison (lt/gt). This can cause find() to incorrectly match or miss addresses.\n\nExample:\n\n my $cidr = Net::CIDR::Lite-\u003enew(\"::ffff:192.168.1.0/120\");\n $cidr-\u003efind(\"::ffff:192.168.2.0\"); # incorrectly returns true\n\nThis is triggered by valid RFC 4291 IPv4 mapped addresses (::ffff:x.x.x.x).\n\nSee also CVE-2026-40198, a related issue in the same function affecting malformed IPv6 addresses.",
"id": "GHSA-932w-96j4-j35v",
"modified": "2026-04-13T15:31:36Z",
"published": "2026-04-11T00:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40199"
},
{
"type": "WEB",
"url": "https://github.com/stigtsp/Net-CIDR-Lite/commit/b7166b1fa17b3b14b4c795ace5b3fbf71a0bd04a.patch"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.23/changes"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40198"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-977X-G7H5-7QGW
Vulnerability from github – Published: 2024-08-02 09:31 – Updated: 2025-11-04 16:52In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.5.6"
},
"package": {
"ecosystem": "npm",
"name": "elliptic"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "6.5.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-42460"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-05T13:51:05Z",
"nvd_published_at": "2024-08-02T07:16:10Z",
"severity": "LOW"
},
"details": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.",
"id": "GHSA-977x-g7h5-7qgw",
"modified": "2025-11-04T16:52:43Z",
"published": "2024-08-02T09:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42460"
},
{
"type": "WEB",
"url": "https://github.com/indutny/elliptic/pull/317"
},
{
"type": "WEB",
"url": "https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11"
},
{
"type": "WEB",
"url": "https://github.com/indutny/elliptic/commit/b6ff1758d9a6d1a7aec177ff6df9f586492a6315"
},
{
"type": "PACKAGE",
"url": "https://github.com/indutny/elliptic"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241004-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Elliptic\u0027s ECDSA missing check for whether leading bit of r and s is zero"
}
Mitigation
When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data.
Mitigation
Do not let the user control the size of the buffer.
Mitigation
Validate that the length of the user-supplied data is consistent with the buffer size.
CAPEC-47: Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.