CWE-130
AllowedImproper Handling of Length Parameter Inconsistency
Abstraction: Base · Status: Incomplete
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
160 vulnerabilities reference this CWE, most recent first.
GHSA-R836-HH6V-RG5G
Vulnerability from github – Published: 2024-08-07 15:30 – Updated: 2025-11-04 19:51An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "5.0"
},
{
"fixed": "5.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "4.2"
},
{
"fixed": "4.2.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-41991"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-130",
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-07T19:03:05Z",
"nvd_published_at": "2024-08-07T15:15:56Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.",
"id": "GHSA-r836-hh6v-rg5g",
"modified": "2025-11-04T19:51:04Z",
"published": "2024-08-07T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41991"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f"
},
{
"type": "WEB",
"url": "https://docs.djangoproject.com/en/dev/releases/security"
},
{
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240905-0007"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Django vulnerable to denial-of-service attack"
}
GHSA-R8VJ-9QGR-M84X
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-30 03:36A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
{
"affected": [],
"aliases": [
"CVE-2026-5367"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T13:16:21Z",
"severity": "HIGH"
},
"details": "A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker\u0027s virtual machine port.",
"id": "GHSA-r8vj-9qgr-m84x",
"modified": "2026-06-30T03:36:23Z",
"published": "2026-04-24T15:32:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5367"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11694"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11695"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11696"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11698"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11700"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11701"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11702"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22110"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22111"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-5367"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455863"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5367.json"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/20/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/20/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VH4M-MW8W-G4W8
Vulnerability from github – Published: 2022-09-07 00:01 – Updated: 2022-09-15 03:20RosarioSIS Student Information System prior to version 10.1 is vulnerable to Improper Handling of Length Parameter Inconsistency.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "francoisjacquet/rosariosis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-2714"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-15T03:20:14Z",
"nvd_published_at": "2022-09-06T11:15:00Z",
"severity": "HIGH"
},
"details": "RosarioSIS Student Information System prior to version 10.1 is vulnerable to Improper Handling of Length Parameter Inconsistency.",
"id": "GHSA-vh4m-mw8w-g4w8",
"modified": "2022-09-15T03:20:14Z",
"published": "2022-09-07T00:01:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2714"
},
{
"type": "WEB",
"url": "https://github.com/francoisjacquet/rosariosis/commit/4022954c3f41462bf6225c302a28b0429f6f4df3"
},
{
"type": "PACKAGE",
"url": "https://github.com/francoisjacquet/rosariosis"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/430aedac-c7d9-4acb-9bab-bcc0595d9e95"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "RosarioSIS before 10.1 vulnerable to Improper Handling of Length Parameter Inconsistency"
}
GHSA-W26R-RMM8-9C29
Vulnerability from github – Published: 2026-05-05 18:33 – Updated: 2026-06-06 00:27An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit, potentially loading large files into memory and causing service degradation.
As a reminder, Django expects a limit to be configured at the web server level rather than solely relying on FILE_UPLOAD_MAX_MEMORY_SIZE. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django thanks Kyle Agronick for reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "6.0"
},
{
"fixed": "6.0.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "5.2"
},
{
"fixed": "5.2.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-5766"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T22:14:39Z",
"nvd_published_at": "2026-05-05T16:16:17Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially loading large files into memory and causing service degradation.\n \nAs a reminder, Django expects a limit to be configured at the web server level rather than solely relying on `FILE_UPLOAD_MAX_MEMORY_SIZE`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango thanks Kyle Agronick for reporting this issue.",
"id": "GHSA-w26r-rmm8-9c29",
"modified": "2026-06-06T00:27:41Z",
"published": "2026-05-05T18:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5766"
},
{
"type": "WEB",
"url": "https://docs.djangoproject.com/en/dev/releases/security"
},
{
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-54.yaml"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/django-announce"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2026/may/05/security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Django has an Improper Handling of Length Parameter Inconsistency"
}
GHSA-W962-82J2-HQWW
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30Secure Boot Security Feature Bypass Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38011"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:26Z",
"severity": "HIGH"
},
"details": "Secure Boot Security Feature Bypass Vulnerability",
"id": "GHSA-w962-82j2-hqww",
"modified": "2024-07-09T18:30:51Z",
"published": "2024-07-09T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38011"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WCC2-HC4J-M2WC
Vulnerability from github – Published: 2022-09-28 00:00 – Updated: 2025-11-04 21:30Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
{
"affected": [],
"aliases": [
"CVE-2021-27861"
],
"database_specific": {
"cwe_ids": [
"CWE-130",
"CWE-290"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)",
"id": "GHSA-wcc2-hc4j-m2wc",
"modified": "2025-11-04T21:30:27Z",
"published": "2022-09-28T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27861"
},
{
"type": "WEB",
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"type": "WEB",
"url": "https://standards.ieee.org/ieee/802.1Q/10323"
},
{
"type": "WEB",
"url": "https://standards.ieee.org/ieee/802.2/1048"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WCR3-8JHG-V89R
Vulnerability from github – Published: 2022-12-12 09:30 – Updated: 2022-12-14 18:30Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.
{
"affected": [],
"aliases": [
"CVE-2022-20690"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-130",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-12T09:15:00Z",
"severity": "HIGH"
},
"details": "Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.",
"id": "GHSA-wcr3-8jhg-v89r",
"modified": "2022-12-14T18:30:28Z",
"published": "2022-12-12T09:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20690"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WHR7-6788-JG2P
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 06:30When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual packet buffer size. A VM can send a short packet with an inflated IP length field that triggers an ICMP error (e.g., by hitting a reject ACL), causing ovn-controller to read heap memory beyond the valid packet data and include it in the ICMP response sent back to the VM.
{
"affected": [],
"aliases": [
"CVE-2026-5265"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T13:16:21Z",
"severity": "MODERATE"
},
"details": "When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header\u0027s self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the actual packet buffer size. A VM can send a short packet with an inflated IP length field that triggers an ICMP error (e.g., by hitting a reject ACL), causing ovn-controller to read heap memory beyond the valid packet data and include it in the ICMP response sent back to the VM.",
"id": "GHSA-whr7-6788-jg2p",
"modified": "2026-06-01T06:30:25Z",
"published": "2026-04-24T15:32:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5265"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11694"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11695"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11696"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11698"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11700"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11701"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11702"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22110"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22111"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-5265"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453458"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/20/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/20/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X6MF-V8VJ-P4H5
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30Secure Boot Security Feature Bypass Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38010"
],
"database_specific": {
"cwe_ids": [
"CWE-130"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:26Z",
"severity": "HIGH"
},
"details": "Secure Boot Security Feature Bypass Vulnerability",
"id": "GHSA-x6mf-v8vj-p4h5",
"modified": "2024-07-09T18:30:51Z",
"published": "2024-07-09T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38010"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XQFJ-VM6H-2X34
Vulnerability from github – Published: 2021-08-02 16:55 – Updated: 2022-02-08 21:02When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.commons:commons-compress"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-35517"
],
"database_specific": {
"cwe_ids": [
"CWE-130",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-14T18:12:57Z",
"nvd_published_at": "2021-07-13T08:15:00Z",
"severity": "HIGH"
},
"details": "When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress\u0027 tar package.",
"id": "GHSA-xqfj-vm6h-2x34",
"modified": "2022-02-08T21:02:55Z",
"published": "2021-08-02T16:55:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35517"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211022-0001"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra393ffdc7c90a4a37ea023946f390285693795013a642d80fba20203@%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46@%3Cuser.ant.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r457b2ed564860996b20d938566fe8bd4bfb7c37be8e205448ccb5975@%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r31f75743ac173b0a606f8ea6ea53f351f386c44e7bcf78ae04007c29@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://commons.apache.org/proper/commons-compress/security-reports.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/07/13/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/07/13/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Handling of Length Parameter Inconsistency in Compress"
}
Mitigation
When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data.
Mitigation
Do not let the user control the size of the buffer.
Mitigation
Validate that the length of the user-supplied data is consistent with the buffer size.
CAPEC-47: Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.