Common Weakness Enumeration

CWE-248

Allowed

Uncaught Exception

Abstraction: Base · Status: Draft

An exception is thrown from a function, but it is not caught.

420 vulnerabilities reference this CWE, most recent first.

GHSA-M744-JHQ9-PPW6

Vulnerability from github – Published: 2026-06-19 20:46 – Updated: 2026-06-19 20:46
VLAI
Summary
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
Details

Impact

A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic.

Preconditions

The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits anonymous publishes, no authentication is required.

Patches

Fixed in CoreWCF v1.8.1 and v1.9.1

Workarounds

Only allow authenticated writes to a topic

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CoreWCF.Kafka"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "CoreWCF.Kafka"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.9.0"
            },
            {
              "fixed": "1.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-754",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T20:46:49Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nA CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic.\n\n#### Preconditions\nThe attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits anonymous publishes, no authentication is required. \n\n### Patches\nFixed in CoreWCF v1.8.1 and v1.9.1\n\n### Workarounds\nOnly allow authenticated writes to a topic",
  "id": "GHSA-m744-jhq9-ppw6",
  "modified": "2026-06-19T20:46:49Z",
  "published": "2026-06-19T20:46:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-m744-jhq9-ppw6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/CoreWCF/CoreWCF"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service."
}

GHSA-M758-WJHJ-P3JQ

Vulnerability from github – Published: 2026-04-09 20:22 – Updated: 2026-04-24 21:03
VLAI
Summary
Wasmtime has a possible panic when lifting `flags` component value
Details

Impact

Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This panic only affects wasmtime's implementation of lifting into Val, not when using the flags! macro. This additionally only affects flags-typed values which are part of a WIT interface.

This has the risk of being a guest-controlled panic within the host which Wasmtime considers a DoS vector.

Patches

Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.

Workarounds

There is no workaround for this bug if a host meets the criteria to be affected. To be affected a host must be using wasmtime::component::Val and possibly work with a flags type in the component model.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "24.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "25.0.0"
            },
            {
              "fixed": "36.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "37.0.0"
            },
            {
              "fixed": "42.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "wasmtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "43.0.0"
            },
            {
              "fixed": "43.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "43.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-09T20:22:34Z",
    "nvd_published_at": "2026-04-09T19:16:24Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWasmtime contains a possible panic which can happen when a `flags`-typed component model value is lifted with the `Val` type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This panic only affects wasmtime\u0027s implementation of lifting into `Val`, not when using the `flags!` macro. This additionally only affects `flags`-typed values which are part of a WIT interface. \n\nThis has the risk of being a guest-controlled panic within the host which Wasmtime considers a DoS vector.\n\n### Patches\n\nWasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.\n\n### Workarounds\n\nThere is no workaround for this bug if a host meets the criteria to be affected. To be affected a host must be using `wasmtime::component::Val` and possibly work with a `flags` type in the component model.",
  "id": "GHSA-m758-wjhj-p3jq",
  "modified": "2026-04-24T21:03:43Z",
  "published": "2026-04-09T20:22:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m758-wjhj-p3jq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34943"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bytecodealliance/wasmtime"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0085.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Wasmtime has a possible panic when lifting `flags` component value"
}

GHSA-M8VH-V6R6-W7P6

Vulnerability from github – Published: 2025-12-02 00:46 – Updated: 2025-12-02 00:46
VLAI
Summary
Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter
Details

Endpoint: admin/config/system
Submenu: Languages
Parameter: Supported
Application: Grav v 1.7.48


Summary

A Denial of Service (DoS) vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel (/admin/config/system). Specifically, the Supported parameter fails to properly validate user input. If a malformed value is inserted—such as a single forward slash (/) or an XSS test string—it causes a fatal regular expression parsing error on the server.

This leads to application-wide failure due to the use of the preg_match() function with an improperly constructed regular expression, resulting in the following error:

preg_match(): Unknown modifier 'o' File: /system/src/Grav/Common/Language/Language.php line 244

Once triggered, the site becomes completely unavailable to all users.


Details

  • Vulnerable Endpoint: POST /admin/config/system

  • Submenu: Languages

  • Parameter: Supported

The application dynamically constructs a regular expression using the contents of the Supported field without escaping the input using preg_quote() or proper validation. This allows attackers to inject invalid syntax into the regex engine, crashing the application during language resolution.

Stack trace excerpt:

Whoops \ Exception \ ErrorException (E_WARNING) preg_match(): Unknown modifier 'o' /system/src/Grav/Common/Language/Language.php244


Proof of Concept (PoC)

Payloads:

/

Steps to Reproduce:

  1. Log into the Grav Admin Panel.

  2. Navigate to: ConfigurationSystemLanguages.

  3. Locate the Supported field.

  4. Insert one of the payloads above (e.g., a single slash /).

  5. Click Save.

Pasted image 20250719183223

  1. Observe: All pages in the application begin throwing a fatal error and become inaccessible.

Pasted image 20250719175229


Impact

  • Application-wide Denial of Service (DoS)

  • All login and admin views crash with the same error

  • Potentially exploitable by:

    • Admin panel users

    • CSRF if misconfigured


References

  • CWE-1333: Improper Regular Expression

  • CWE-20: Improper Input Validation

Discoverer

Marcelo Queiroz

by CVE-Hunters

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getgrav/grav"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.0-beta.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-02T00:46:05Z",
    "nvd_published_at": "2025-12-01T22:15:50Z",
    "severity": "HIGH"
  },
  "details": "**Endpoint**: `admin/config/system`  \n**Submenu**: `Languages`  \n**Parameter**: `Supported`  \n**Application**: Grav v 1.7.48\n\n---\n\n## Summary\n\nA Denial of Service (DoS) vulnerability was identified in the **\"Languages\"** submenu of the Grav **admin configuration panel** (`/admin/config/system`). Specifically, the `Supported` parameter fails to properly validate user input. If a malformed value is inserted\u2014such as a single forward slash (`/`) or an XSS test string\u2014it causes a fatal regular expression parsing error on the server.\n\nThis leads to application-wide failure due to the use of the `preg_match()` function with an **improperly constructed regular expression**, resulting in the following error:\n\n`preg_match(): Unknown modifier \u0027o\u0027 File: /system/src/Grav/Common/Language/Language.php line 244`\n\nOnce triggered, the site becomes completely unavailable to all users.\n\n---\n\n## Details\n\n- **Vulnerable Endpoint**: `POST /admin/config/system`\n    \n- **Submenu**: `Languages`\n    \n- **Parameter**: `Supported`  \n    \n\nThe application dynamically constructs a regular expression using the contents of the `Supported` field without escaping the input using `preg_quote()` or proper validation. This allows attackers to inject invalid syntax into the regex engine, crashing the application during language resolution.\n\n**Stack trace excerpt**:\n\n`Whoops \\ Exception \\ ErrorException (E_WARNING) preg_match(): Unknown modifier \u0027o\u0027 /system/src/Grav/Common/Language/Language.php244`\n\n---\n\n## Proof of Concept (PoC)\n\n### Payloads:\n\n`/ `\n\n### Steps to Reproduce:\n\n1. Log into the Grav Admin Panel.\n    \n2. Navigate to: **Configuration** \u2192 **System** \u2192 **Languages**.\n    \n3. Locate the `Supported` field.\n    \n4. Insert one of the payloads above (e.g., a single slash `/`).\n    \n5. Click **Save**.\n\n\u003cimg width=\"1897\" height=\"639\" alt=\"Pasted image 20250719183223\" src=\"https://github.com/user-attachments/assets/d3a54a20-d30d-46c6-9015-722f80701cfb\" /\u003e\n\n1. Observe: All pages in the application begin throwing a fatal error and become inaccessible.\n\n\u003cimg width=\"1802\" height=\"998\" alt=\"Pasted image 20250719175229\" src=\"https://github.com/user-attachments/assets/b16750c2-507f-4c30-a9bb-d07fa92bb777\" /\u003e\n\n---\n\n## Impact\n\n- Application-wide Denial of Service (DoS)\n    \n- All login and admin views crash with the same error\n    \n- Potentially exploitable by:\n    \n    - Admin panel users\n        \n    - CSRF if misconfigured        \n    \n\n---\n\n## References\n\n- **CWE-1333**: Improper Regular Expression\n    \n- **CWE-20**: Improper Input Validation\n\n\n## Discoverer\n\n[Marcelo Queiroz](www.linkedin.com/in/marceloqueirozjr) \n\nby [CVE-Hunters](https://github.com/Sec-Dojo-Cyber-House/cve-hunters)",
  "id": "GHSA-m8vh-v6r6-w7p6",
  "modified": "2025-12-02T00:46:05Z",
  "published": "2025-12-02T00:46:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-m8vh-v6r6-w7p6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66305"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getgrav/grav"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Grav vulnerable to Denial of Service via Improper Input Handling in \u0027Supported\u0027 Parameter"
}

GHSA-M9X3-4G44-FW28

Vulnerability from github – Published: 2025-04-07 06:30 – Updated: 2025-04-07 15:31
VLAI
Details

In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T04:15:20Z",
    "severity": "HIGH"
  },
  "details": "In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773.",
  "id": "GHSA-m9x3-4g44-fw28",
  "modified": "2025-04-07T15:31:16Z",
  "published": "2025-04-07T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20664"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/April-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MFFW-J524-MRJP

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15796"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.",
  "id": "GHSA-mffw-j524-mrjp",
  "modified": "2022-05-24T17:36:16Z",
  "published": "2022-05-24T17:36:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15796"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MHGM-R3R5-6CWP

Vulnerability from github – Published: 2025-04-14 12:30 – Updated: 2025-10-28 18:30
VLAI
Details

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error message. Since this parameter is sent as part of a session cookie, the issue persists until the session expires or the user deletes cookies manually.  Similar effect might be achieved when a user tries to change platform language to an unimplemented one. This vulnerability has been patched in version 79.0

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-14T12:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error message. Since this parameter is sent as part of a session cookie, the issue persists until the session expires or the user deletes cookies manually.\u00a0\nSimilar effect might be achieved when\u00a0a user tries to change platform language to an unimplemented one.\nThis vulnerability has been patched in version 79.0",
  "id": "GHSA-mhgm-r3r5-6cwp",
  "modified": "2025-10-28T18:30:25Z",
  "published": "2025-04-14T12:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49705"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2025/04/CVE-2024-10087"
    },
    {
      "type": "WEB",
      "url": "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MJV8-W698-V8WQ

Vulnerability from github – Published: 2025-04-07 06:30 – Updated: 2025-04-07 15:31
VLAI
Details

In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T04:15:20Z",
    "severity": "HIGH"
  },
  "details": "In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031.",
  "id": "GHSA-mjv8-w698-v8wq",
  "modified": "2025-04-07T15:31:16Z",
  "published": "2025-04-07T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20663"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/April-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MJW4-JJ88-V687

Vulnerability from github – Published: 2024-07-09 14:13 – Updated: 2024-11-18 16:26
VLAI
Summary
panic on parsing crafted phonenumber inputs
Details

Impact

The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string.

In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form +dwPAA;phone-context=AA, where the "number" part potentially parses as a number larger than 2^56.

Since f69abee1/0.3.4/#52.

0.2.x series is not affected.

Patches

Upgrade to 0.3.6 or higher.

Workarounds

n/a

References

Whereas https://github.com/whisperfish/rust-phonenumber/issues/69 did not provide an example code path, property testing found a few: +dwPAA;phone-context=AA.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "phonenumber"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.4"
            },
            {
              "fixed": "0.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-39697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-248",
      "CWE-392"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-09T14:13:48Z",
    "nvd_published_at": "2024-07-09T15:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nThe phonenumber parsing code may panic due to a reachable `assert!` guard on the phonenumber string.\n\nIn a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the \"number\" part potentially parses as a number larger than 2^56.\n\nSince f69abee1/0.3.4/#52.\n\n0.2.x series is not affected.\n\n### Patches\nUpgrade to 0.3.6 or higher.\n\n### Workarounds\nn/a\n\n### References\nWhereas https://github.com/whisperfish/rust-phonenumber/issues/69 did not provide an example code path, property testing found a few: `+dwPAA;phone-context=AA`.\n",
  "id": "GHSA-mjw4-jj88-v687",
  "modified": "2024-11-18T16:26:50Z",
  "published": "2024-07-09T14:13:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-mjw4-jj88-v687"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39697"
    },
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/issues/69"
    },
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/pull/52"
    },
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/commit/b792151b17fc90231c232a23935830c2266f3203"
    },
    {
      "type": "WEB",
      "url": "https://github.com/whisperfish/rust-phonenumber/commit/f69abee1481fac0d6d531407bae90020e39c6407"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/whisperfish/rust-phonenumber"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0369.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "panic on parsing crafted phonenumber inputs"
}

GHSA-MR7R-M37J-HFQC

Vulnerability from github – Published: 2025-12-02 03:31 – Updated: 2025-12-02 15:30
VLAI
Details

In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20754"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-02T03:16:16Z",
    "severity": "MODERATE"
  },
  "details": "In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.",
  "id": "GHSA-mr7r-m37j-hfqc",
  "modified": "2025-12-02T15:30:30Z",
  "published": "2025-12-02T03:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20754"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MW3Q-R9WH-H2FF

Vulnerability from github – Published: 2026-05-21 19:50 – Updated: 2026-06-10 13:41
VLAI
Summary
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
Details

Impact

A remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes).

A malicious peer can respond to a RequestChunk with a ResponseChunk::Chunk whose first TrieItem.key is the empty (ROOT) key. The chunk passes sorting, range, and Merkle-proof validation, but when put_raw tries to store a value at the root node, it calls TrieNode::put_value(...).unwrap(), which returns Err(RootCantHaveValue) and panics, aborting the node process. The panic fires on the first malicious chunk the victim commits; no rate limit or authentication gate caps the attack.

Impacted: any node running state sync against untrusted peers — this includes fresh nodes performing initial download and existing nodes recovering from data loss. Honest nodes never construct ROOT-keyed items, so non-syncing operation is unaffected.

Patches

See PR.

Workarounds

There is no safe in-process workaround: any peer serving state-sync data can trigger the crash and the code path is not guarded by a feature flag.

Resources

  • Fix commit: (link to the merged PR commit, once merged)
  • Affected code: primitives/trie/src/trie.rsput_chunk (around line 819) and put_raw (around line 351)
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "nimiq-primitives"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-21T19:50:31Z",
    "nvd_published_at": "2026-06-10T00:16:54Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA remote, unauthenticated denial-of-service vulnerability in `MerkleRadixTrie::put_chunk` allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes).\n\nA malicious peer can respond to a `RequestChunk` with a `ResponseChunk::Chunk` whose first `TrieItem.key` is the empty (ROOT) key. The chunk passes sorting, range, and Merkle-proof validation, but when `put_raw` tries to store a value at the root node, it calls `TrieNode::put_value(...).unwrap()`, which returns `Err(RootCantHaveValue)` and panics, aborting the node process. The panic fires on the first malicious chunk the victim commits; no rate limit or authentication gate caps the attack.\n\nImpacted: any node running state sync against untrusted peers \u2014 this includes fresh nodes performing initial download and existing nodes recovering from data loss. Honest nodes never construct ROOT-keyed items, so non-syncing operation is unaffected.\n\n### Patches\n\nSee [PR](https://github.com/nimiq/core-rs-albatross/pull/3762).\n\n### Workarounds\n\nThere is no safe in-process workaround: any peer serving state-sync data can trigger the crash and the code path is not guarded by a feature flag.\n\n### Resources\n\n- Fix commit: (link to the merged PR commit, once merged)\n- Affected code: [`primitives/trie/src/trie.rs`](https://github.com/nimiq/core-rs-albatross/blob/albatross/primitives/trie/src/trie.rs) \u2014 `put_chunk` (around line 819) and `put_raw` (around line 351)",
  "id": "GHSA-mw3q-r9wh-h2ff",
  "modified": "2026-06-10T13:41:41Z",
  "published": "2026-05-21T19:50:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-mw3q-r9wh-h2ff"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46545"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/pull/3762"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/commit/0fb8766adea91e038af00e635a6eb92756e50172"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nimiq/core-rs-albatross"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.