CWE-703
DiscouragedImproper Check or Handling of Exceptional Conditions
Abstraction: Pillar · Status: Incomplete
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
212 vulnerabilities reference this CWE, most recent first.
GHSA-9XW9-PVGV-6P76
Vulnerability from github – Published: 2018-11-09 17:47 – Updated: 2023-09-13 19:36Affected versions of http-proxy are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash.
Recommendation
Update to version 0.7.0 or later.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.6.6"
},
"package": {
"ecosystem": "npm",
"name": "http-proxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-16014"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:29:54Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of `http-proxy` are vulnerable to a denial of service attack, wherein an attacker can force an error which will cause the server to crash.\n\n\n## Recommendation\n\nUpdate to version 0.7.0 or later.",
"id": "GHSA-9xw9-pvgv-6p76",
"modified": "2023-09-13T19:36:45Z",
"published": "2018-11-09T17:47:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16014"
},
{
"type": "WEB",
"url": "https://github.com/nodejitsu/node-http-proxy/pull/101"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9xw9-pvgv-6p76"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/323"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Insufficient Error Handling in http-proxy"
}
GHSA-C2MC-MH9M-R94V
Vulnerability from github – Published: 2024-09-02 06:30 – Updated: 2024-09-03 18:31In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.
{
"affected": [],
"aliases": [
"CVE-2024-20089"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-02T05:15:15Z",
"severity": "HIGH"
},
"details": "In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.",
"id": "GHSA-c2mc-mh9m-r94v",
"modified": "2024-09-03T18:31:32Z",
"published": "2024-09-02T06:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20089"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/September-2024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C32P-WCQJ-J677
Vulnerability from github – Published: 2026-01-23 16:56 – Updated: 2026-02-27 21:37CSA-2026-001: Tachyon
Description
Name: CSA-2026-001: Tachyon
Criticality: Critical (Catastrophic Impact; Possible Likelihood per ACMv1.2)
Affected versions: All versions of CometBFT
Affected users: Validators and protocols relying on block timestamps
Description
A consensus-level vulnerability was discovered in CometBFT's "BFT Time" implementation due to an inconsistency between how commit signatures are verified and how block time is derived.
This breaks a core BFT Time guarantee: "A faulty process cannot arbitrarily increase the Time value."
Impact
Downstream impact on chains affects any module, smart contract, or system that relies on the block timestamp.
Patches
The new CometBFT releases v0.38.21 and v0.37.18 fix this issue. The main unreleased branch is also patched.
Workarounds
There are no effective workarounds for this vulnerability. Upgrading to patched versions is required.
Timeline
- January 8, 2026, 5:27PM UTC: Issue reported to Cosmos Bug Bounty Program
- January 9, 2026, 4:55AM UTC: Issue triaged and validated by core team
- January 12, 2026, 10:25PM UTC: Core team completes patch for the issue
- January 13, 2026 4:41PM UTC: Pre-notification delivered to ecosystem partners
- January 23, 2026, 3:00PM UTC: Patch made available
Credits
This issue was reported to the Cosmos Bug Bounty Program on HackerOne. Credit to SEAL 911 and QED Audit for the discovery and help with the patch.
If you believe you have found a bug in the Cosmos Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.
If you have questions about Cosmos security efforts, please reach out to our official communication channel at security@cosmoslabs.io.
A Github Security Advisory for this issue is available in the CometBFT repository. For more information about CometBFT, see https://docs.cometbft.com/.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.38.20"
},
"package": {
"ecosystem": "Go",
"name": "github.com/cometbft/cometbft"
},
"ranges": [
{
"events": [
{
"introduced": "0.38.0-alpha.1"
},
{
"fixed": "0.38.21"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.37.17"
},
"package": {
"ecosystem": "Go",
"name": "github.com/cometbft/cometbft"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.37.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-23T16:56:23Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "# CSA-2026-001: Tachyon\n\n## Description\n\n**Name:** CSA-2026-001: Tachyon\n\n**Criticality:** Critical (Catastrophic Impact; Possible Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md))\n\n**Affected versions:** All versions of CometBFT\n\n**Affected users:** Validators and protocols relying on block timestamps\n\n## Description\n\nA consensus-level vulnerability was discovered in CometBFT\u0027s \"BFT Time\" implementation due to an inconsistency between how commit signatures are verified and how block time is derived.\n\nThis breaks a core BFT Time guarantee: \"A faulty process cannot arbitrarily increase the Time value.\"\n\n## Impact\n\nDownstream impact on chains affects any module, smart contract, or system that relies on the block timestamp.\n\n## Patches\n\nThe new CometBFT releases [v0.38.21](https://github.com/cometbft/cometbft/releases/tag/v0.38.21) and [v0.37.18](https://github.com/cometbft/cometbft/releases/tag/v0.37.18) fix this issue. The `main` unreleased branch is also patched.\n\n## Workarounds\n\nThere are no effective workarounds for this vulnerability. Upgrading to patched versions is required.\n\n## Timeline\n\n- January 8, 2026, 5:27PM UTC: Issue reported to Cosmos Bug Bounty Program\n- January 9, 2026, 4:55AM UTC: Issue triaged and validated by core team\n- January 12, 2026, 10:25PM UTC: Core team completes patch for the issue\n- January 13, 2026 4:41PM UTC: Pre-notification delivered to ecosystem partners\n- January 23, 2026, 3:00PM UTC: Patch made available\n\n## Credits\n\nThis issue was reported to the Cosmos Bug Bounty Program on HackerOne. Credit to SEAL 911 and [QED Audit](https://x.com/QED_Audit) for the discovery and help with the patch.\n\nIf you believe you have found a bug in the Cosmos Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n\nIf you have questions about Cosmos security efforts, please reach out to our official communication channel at security@cosmoslabs.io.\n\nA Github Security Advisory for this issue is available in the CometBFT repository. For more information about CometBFT, see https://docs.cometbft.com/.",
"id": "GHSA-c32p-wcqj-j677",
"modified": "2026-02-27T21:37:55Z",
"published": "2026-01-23T16:56:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-c32p-wcqj-j677"
},
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/commit/bf8274fcdbcab2bc652660ae627196a90a6efb97"
},
{
"type": "PACKAGE",
"url": "https://github.com/cometbft/cometbft"
},
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/releases/tag/v0.37.18"
},
{
"type": "WEB",
"url": "https://github.com/cometbft/cometbft/releases/tag/v0.38.21"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4361"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "CometBFT has inconsistencies between how commit signatures are verified and how block time is derived"
}
GHSA-C4Q4-J9GC-FPQ4
Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-29 15:30In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A
{
"affected": [],
"aliases": [
"CVE-2023-21036"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-24T20:15:00Z",
"severity": "MODERATE"
},
"details": "In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A",
"id": "GHSA-c4q4-j9gc-fpq4",
"modified": "2023-03-29T15:30:18Z",
"published": "2023-03-24T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21036"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2023-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C5VQ-9HF6-G7CW
Vulnerability from github – Published: 2024-06-10 21:30 – Updated: 2026-04-02 21:31The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
{
"affected": [],
"aliases": [
"CVE-2024-27832"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-10T21:15:51Z",
"severity": "HIGH"
},
"details": "The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.",
"id": "GHSA-c5vq-9hf6-g7cw",
"modified": "2026-04-02T21:31:46Z",
"published": "2024-06-10T21:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27832"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120901"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120902"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120903"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120905"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120906"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214101"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214102"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214104"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214106"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214108"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214101"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214102"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214104"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214106"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214108"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jun/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5X8-2V3C-Q27C
Vulnerability from github – Published: 2023-04-18 00:32 – Updated: 2024-04-04 03:31An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by an attacker on the local broadcast domain. Packets routed to the device are unable to trigger this crash. This issue affects Juniper Networks Junos OS on JRR200: All versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S2, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.
{
"affected": [],
"aliases": [
"CVE-2023-28970"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-17T22:15:09Z",
"severity": "MODERATE"
},
"details": "An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by an attacker on the local broadcast domain. Packets routed to the device are unable to trigger this crash. This issue affects Juniper Networks Junos OS on JRR200: All versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S2, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.",
"id": "GHSA-c5x8-2v3c-q27c",
"modified": "2024-04-04T03:31:29Z",
"published": "2023-04-18T00:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28970"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA70594"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C65R-538M-2H3F
Vulnerability from github – Published: 2022-11-16 12:00 – Updated: 2022-11-22 15:30A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
{
"affected": [],
"aliases": [
"CVE-2022-20924"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-15T21:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.",
"id": "GHSA-c65r-538m-2h3f",
"modified": "2022-11-22T15:30:26Z",
"published": "2022-11-16T12:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20924"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmp-dos-qsqBNM6x"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmp-dos-qsqBNM6x"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C799-GC59-CQR9
Vulnerability from github – Published: 2025-10-11 09:30 – Updated: 2025-10-11 09:30A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
{
"affected": [],
"aliases": [
"CVE-2025-11594"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-11T09:15:32Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.",
"id": "GHSA-c799-gc59-cqr9",
"modified": "2025-10-11T09:30:23Z",
"published": "2025-10-11T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11594"
},
{
"type": "WEB",
"url": "https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.327915"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.327915"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.671737"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CC37-9Q2J-3HFV
Vulnerability from github – Published: 2026-06-08 19:02 – Updated: 2026-06-12 19:29When decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls header.retainedSlice(header.readerIndex(), length) and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException. HAProxyMessageDecoder only catches HAProxyProtocolException around this call, so the IOOBE propagates and the retained slice on the pooled cumulation buffer is never released.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.14.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-haproxy"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0.Final"
},
{
"fixed": "4.2.15.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.134.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-haproxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.135.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44893"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-08T19:02:21Z",
"nvd_published_at": "2026-06-12T15:16:26Z",
"severity": "HIGH"
},
"details": "When decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex(), length)` and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException. HAProxyMessageDecoder only catches HAProxyProtocolException around this call, so the IOOBE propagates and the retained slice on the pooled cumulation buffer is never released.",
"id": "GHSA-cc37-9q2j-3hfv",
"modified": "2026-06-12T19:29:14Z",
"published": "2026-06-08T19:02:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44893"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length"
}
GHSA-CFR4-R47J-2Q46
Vulnerability from github – Published: 2023-12-22 21:30 – Updated: 2023-12-22 21:30An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
{
"affected": [],
"aliases": [
"CVE-2023-32230"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-18T13:15:06Z",
"severity": "HIGH"
},
"details": "An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.",
"id": "GHSA-cfr4-r47j-2q46",
"modified": "2023-12-22T21:30:21Z",
"published": "2023-12-22T21:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32230"
},
{
"type": "WEB",
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.