Medium severityNVD Advisory· Published Jan 27, 2026· Updated Apr 15, 2026
CVE-2026-24819
CVE-2026-24819
Description
Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java.
This issue affects weixin4j.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.foxinmy:weixin4j-baseMaven | <= 1.10.2 | — |
Affected products
1Patches
1d1c825835802Fix Integer Overflow Vulnerability in Buffer Capacity Calculation
1 file changed · +9 −1
weixin4j-base/src/main/java/com/foxinmy/weixin4j/util/CharArrayBuffer.java+9 −1 modified@@ -306,7 +306,15 @@ public void ensureCapacity(final int required) { } final int available = this.buffer.length - this.len; if (required > available) { - expand(this.len + required); + // Use long arithmetic to prevent integer overflow + final long newCapacity = (long)this.len + required; + + // Check against maximum capacity + if (newCapacity > MAXIMUM_CAPACITY) { + throw new IllegalStateException("Required capacity exceeds maximum: " + + newCapacity + " > " + MAXIMUM_CAPACITY); + } + expand(this.len + required); } }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.