VYPR

CWE-130

Improper Handling of Length Parameter Inconsistency

BaseIncomplete

Description

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-47

CVEs mapped to this weakness (46)

page 1 of 3
  • CVE-2026-9054CriMay 22, 2026
    risk 0.60cvss epss 0.00

    An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.

  • CVE-2026-3868HigApr 27, 2026
    risk 0.57cvss epss 0.00

    An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted…

  • CVE-2026-41898CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the…

  • CVE-2026-5367HigApr 24, 2026
    risk 0.56cvss 8.6epss 0.01

    A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds…

  • CVE-2026-45615HigMay 29, 2026
    risk 0.53cvss 8.2epss 0.00

    mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsing a maliciously crafted, zero-length OER payload for a variable-length,…

  • CVE-2026-35547HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.00

    When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an…

  • CVE-2018-5453HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.01

    An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.

  • CVE-2023-5393HigApr 11, 2024
    risk 0.48cvss 7.4epss 0.01

    Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations…

  • CVE-2024-37305HigJun 17, 2024
    risk 0.46cvss 8.2epss 0.00

    oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at…

  • CVE-2025-8531MedSep 19, 2025
    risk 0.44cvss 6.8epss 0.01

    Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with the first 5 digits of serial No. "24082" to "27081"…

  • CVE-2026-48685MedMay 26, 2026
    risk 0.42cvss 6.5epss 0.00

    FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set…

  • CVE-2026-33846HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.01

    A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the…

  • CVE-2026-31635HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgk_verify_response() decodes auth_len from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted,…

  • CVE-2026-5265MedApr 24, 2026
    risk 0.42cvss 6.5epss 0.01

    When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip_tot_len for IPv4, ip6_plen for IPv6) without validating it against the…

  • CVE-2024-53856HigDec 5, 2024
    risk 0.42cvss 7.5epss 0.00

    rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

  • CVE-2024-20416MedJul 17, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP…

  • CVE-2026-41035HigApr 16, 2026
    risk 0.41cvss 7.4epss 0.00

    In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are…

  • CVE-2024-35313HigMay 17, 2024
    risk 0.40cvss 7.3epss 0.00

    In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004.

  • CVE-2026-40199MedApr 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces…

  • CVE-2025-5514MedAug 25, 2025
    risk 0.34cvss 5.3epss 0.01

    Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and prevent legitimate users from…