CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
Description
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
Hierarchy (View 1000)
CVEs mapped to this weakness (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3755 | Cri | 0.59 | 9.1 | 0.01 | May 29, 2025 | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in… | ||
| CVE-2024-36342 | — | Hig | 0.57 | 8.8 | 0.00 | Sep 6, 2025 | Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution. | |
| CVE-2024-41928 | — | Hig | 0.55 | 8.4 | 0.00 | Sep 5, 2024 | Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available… | |
| CVE-2026-33557 | Cri | 0.52 | 9.1 | 0.01 | Apr 20, 2026 | A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating… | ||
| CVE-2024-51564 | Hig | 0.49 | 7.5 | 0.00 | Nov 12, 2024 | A guest can trigger an infinite loop in the hda audio driver. | ||
| CVE-2026-8036 | Hig | 0.46 | 7.1 | 0.00 | Jun 2, 2026 | Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux. | ||
| CVE-2026-41907 | Hig | 0.42 | 7.5 | 0.00 | Apr 24, 2026 | uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is… | ||
| CVE-2024-51566 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2024 | The NVMe driver queue processing is vulernable to guest-induced infinite loops. | ||
| CVE-2026-9100 | Med | 0.38 | 5.9 | 0.00 | May 20, 2026 | The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or… | ||
| CVE-2018-25232 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2026 | Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location… | ||
| CVE-2019-25593 | Med | 0.36 | 5.5 | 0.00 | Mar 22, 2026 | jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then… | ||
| CVE-2025-8291 | Med | 0.28 | 4.3 | 0.00 | Oct 7, 2025 | The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could… | ||
| CVE-2026-45352 | Med | 0.27 | 5.3 | 0.00 | May 29, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::read_payload function in cpp-httplib (httplib.h) parses… |
- risk 0.59cvss 9.1epss 0.01
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in…
- risk 0.57cvss 8.8epss 0.00
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
- risk 0.55cvss 8.4epss 0.00
Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available…
- risk 0.52cvss 9.1epss 0.01
A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating…
- risk 0.49cvss 7.5epss 0.00
A guest can trigger an infinite loop in the hda audio driver.
- risk 0.46cvss 7.1epss 0.00
Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
- risk 0.42cvss 7.5epss 0.00
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is…
- risk 0.42cvss 6.5epss 0.00
The NVMe driver queue processing is vulernable to guest-induced infinite loops.
- risk 0.38cvss 5.9epss 0.00
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or…
- risk 0.36cvss 5.5epss 0.00
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location…
- risk 0.36cvss 5.5epss 0.00
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then…
- risk 0.28cvss 4.3epss 0.00
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could…
- risk 0.27cvss 5.3epss 0.00
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::read_payload function in cpp-httplib (httplib.h) parses…