Common Weakness Enumeration

CWE-754

Allowed-with-Review

Improper Check for Unusual or Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

905 vulnerabilities reference this CWE, most recent first.

GHSA-W4PW-P565-4P8W

Vulnerability from github – Published: 2025-01-08 18:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check

The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-08T18:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check\n\nThe return value of drm_atomic_get_crtc_state() needs to be\nchecked. To avoid use of error pointer \u0027crtc_state\u0027 in case\nof the failure.",
  "id": "GHSA-w4pw-p565-4p8w",
  "modified": "2025-11-03T21:32:05Z",
  "published": "2025-01-08T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56777"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3cf2e7c448e246f7e700c7aa47450d1e27579559"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/997b64c3f4c1827c5cfda8ae7f5d13f78d28b541"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b79612ed6bc1a184c45427105c851b5b2d4342ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e965e771b069421c233d674c3c8cd8c7f7245f42"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5804567cf9605d6e5ec46c0bb786f7d50f18c13"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W5H8-GJ7C-WR5P

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28
VLAI
Details

In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-17T16:15:00Z",
    "severity": "LOW"
  },
  "details": "In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488",
  "id": "GHSA-w5h8-gj7c-wr5p",
  "modified": "2022-05-24T17:28:46Z",
  "published": "2022-05-24T17:28:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0382"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2020-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-W64J-JXCJ-2F8P

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved versions prior to 18.4R1-EVO.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved versions prior to 18.4R1-EVO.",
  "id": "GHSA-w64j-jxcj-2f8p",
  "modified": "2022-05-24T17:48:11Z",
  "published": "2022-05-24T17:48:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0236"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11131"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-W6C6-C85G-MMV6

Vulnerability from github – Published: 2026-04-08 00:15 – Updated: 2026-04-08 00:15
VLAI
Summary
Cosign's verify-blob-attestation reports false positive when payload parsing fails
Details

Description

cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For new-format bundles, the predicate type validation was bypassed completely.

Impact

When cosign verify-blob-attestation is used without --check-claims set to true, an attestation that has a valid signature but a malformed or unparsable payload would be incorrectly validated. Additionally, systems relying on --type <predicate type> to reject attestations with mismatched types would be lead to trust the unexpected attestation type.

Patches

v3.0.6, v2.6.3

Workarounds

Always set --check-claims=true for attestation verification.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sigstore/cosign"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sigstore/cosign"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-39395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-08T00:15:44Z",
    "nvd_published_at": "2026-04-07T20:16:33Z",
    "severity": "MODERATE"
  },
  "details": "## Description\n\n`cosign verify-blob-attestation` may erroneously report a \"Verified OK\" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For new-format bundles, the predicate type validation was bypassed completely.\n\n## Impact\n\nWhen `cosign verify-blob-attestation` is used without `--check-claims` set to `true`, an attestation that has a valid signature but a malformed or unparsable payload would be incorrectly validated. Additionally, systems relying on `--type \u003cpredicate type\u003e` to reject attestations with mismatched types would be lead to trust the unexpected attestation type.\n\n## Patches\n\nv3.0.6, v2.6.3\n\n## Workarounds\n\nAlways set `--check-claims=true` for attestation verification.",
  "id": "GHSA-w6c6-c85g-mmv6",
  "modified": "2026-04-08T00:15:44Z",
  "published": "2026-04-08T00:15:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-w6c6-c85g-mmv6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39395"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sigstore/cosign"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cosign\u0027s verify-blob-attestation reports false positive when payload parsing fails"
}

GHSA-W7HM-HMXV-PVHF

Vulnerability from github – Published: 2024-04-05 15:06 – Updated: 2024-04-05 15:06
VLAI
Summary
HPACK decoder panics on invalid input
Details

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error.

Example code that triggers this vulnerability looks like this:

use hpack::Decoder;

pub fn main() {
  let input = &[0x3f];
  let mut decoder = Decoder::new();
  let _ = decoder.decode(input);
}

hpack is unmaintained. A crate with the panics fixed has been published as hpack-patched.

Also consider using fluke-hpack or httlib-huffman as an alternative.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "hpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-05T15:06:27Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Due to insufficient checking of input data, decoding certain data sequences can lead to _Decoder::decode_ panicking rather than returning an error.\n\nExample code that triggers this vulnerability looks like this:\n\n```rust\nuse hpack::Decoder;\n\npub fn main() {\n  let input = \u0026[0x3f];\n  let mut decoder = Decoder::new();\n  let _ = decoder.decode(input);\n}\n```\n\nhpack is unmaintained. A crate with the panics fixed has been published as [hpack-patched](https://crates.io/crates/hpack-patched).\n\nAlso consider using [fluke-hpack](https://crates.io/crates/fluke-hpack) or [httlib-huffman](https://crates.io/crates/httlib-huffman) as an alternative.",
  "id": "GHSA-w7hm-hmxv-pvhf",
  "modified": "2024-04-05T15:06:27Z",
  "published": "2024-04-05T15:06:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mlalic/hpack-rs/issues/11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sno2/hpack-rs-patched/commit/d669282924a95311599e9e7dd53869ee96b3a2f5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mlalic/hpack-rs"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2023-0085.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "HPACK decoder panics on invalid input"
}

GHSA-W7PP-M8WF-VJ6R

Vulnerability from github – Published: 2023-02-07 20:54 – Updated: 2025-11-04 16:43
VLAI
Summary
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
Details

Previously, Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers:

>>> outbuf = b"\x00" * 32
>>> c = ciphers.Cipher(AES(b"\x00" * 32), modes.ECB()).encryptor()
>>> c.update_into(b"\x00" * 16, outbuf)
16
>>> outbuf
b'\xdc\x95\xc0x\xa2@\x89\x89\xadH\xa2\x14\x92\x84 \x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.

This now correctly raises an exception.

This issue has been present since update_into was originally introduced in cryptography 1.8.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "cryptography"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8"
            },
            {
              "fixed": "39.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-23931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-07T20:54:10Z",
    "nvd_published_at": "2023-02-07T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers:\n\n```pycon\n\u003e\u003e\u003e outbuf = b\"\\x00\" * 32\n\u003e\u003e\u003e c = ciphers.Cipher(AES(b\"\\x00\" * 32), modes.ECB()).encryptor()\n\u003e\u003e\u003e c.update_into(b\"\\x00\" * 16, outbuf)\n16\n\u003e\u003e\u003e outbuf\nb\u0027\\xdc\\x95\\xc0x\\xa2@\\x89\\x89\\xadH\\xa2\\x14\\x92\\x84 \\x87\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n```\n\nThis would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.\n\nThis now correctly raises an exception.\n\nThis issue has been present since `update_into` was originally introduced in cryptography 1.8.",
  "id": "GHSA-w7pp-m8wf-vj6r",
  "modified": "2025-11-04T16:43:33Z",
  "published": "2023-02-07T20:54:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyca/cryptography/pull/8230"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pyca/cryptography"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230324-0007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf"
}

GHSA-W7W4-RH54-5RF6

Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30
VLAI
Details

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).

When a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again.

This issue affects Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600: 

  • 23.2 versions before 23.2R2-S6,
  • 23.4 versions before 23.4R2-S7
  • 24.2 versions before 24.2R2-S2,
  • 24.4 versions before 24.4R2,
  • 25.2 versions before 25.2R1-S1, 25.2R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-33787"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-09T22:16:28Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).\n\nWhen a specific \u0027show chassis\u0027 CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again.\n\n\n\nThis issue affects Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600:\u00a0\n\n\n\n  *  23.2 versions before\u00a023.2R2-S6,\n  *  23.4 versions before\u00a023.4R2-S7\n  *  24.2 versions before 24.2R2-S2,\n  *  24.4 versions before 24.4R2,\n  *  25.2 versions before 25.2R1-S1, 25.2R2.",
  "id": "GHSA-w7w4-rh54-5rf6",
  "modified": "2026-04-10T00:30:29Z",
  "published": "2026-04-10T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33787"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA107873"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W8G3-QR9Q-HVHV

Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-18 12:00
VLAI
Details

On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Authority (CA) server, leading to crash. A restart is required to restore services. This issue affects: Juniper Networks Junos OS on SRX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-18T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Authority (CA) server, leading to crash. A restart is required to restore services. This issue affects: Juniper Networks Junos OS on SRX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.",
  "id": "GHSA-w8g3-qr9q-hvhv",
  "modified": "2022-10-18T12:00:31Z",
  "published": "2022-10-18T12:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22218"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA69901"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W8G6-3PW6-4HXR

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-10 15:31
VLAI
Details

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14322"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T16:17:39Z",
    "severity": "HIGH"
  },
  "details": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox \u003c 146, Firefox ESR \u003c 115.31, and Firefox ESR \u003c 140.6.",
  "id": "GHSA-w8g6-3pw6-4hxr",
  "modified": "2025-12-10T15:31:22Z",
  "published": "2025-12-09T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14322"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1996473"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-92"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-93"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-94"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-95"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-96"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W8H6-MG97-8MQ2

Vulnerability from github – Published: 2024-12-12 12:31 – Updated: 2024-12-12 12:31
VLAI
Details

Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T12:15:27Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-bounds access vulnerability in playback in the DASH module\nImpact: Successful exploitation of this vulnerability will affect availability.",
  "id": "GHSA-w8h6-mg97-8mq2",
  "modified": "2024-12-12T12:31:16Z",
  "published": "2024-12-12T12:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54114"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248).
Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is expected.

Mitigation
Implementation

If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).

Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
  • Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS.
Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-38
Architecture and Design Implementation

If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.

Mitigation
Architecture and Design

Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.

No CAPEC attack patterns related to this CWE.