VYPR

CWE-130

Improper Handling of Length Parameter Inconsistency

BaseIncomplete

Description

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-47

CVEs mapped to this weakness (46)

page 2 of 3
  • CVE-2026-45681MedJun 2, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch…

  • CVE-2025-32366MedApr 5, 2025
    risk 0.31cvss 4.8epss 0.00

    In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen) without a check for whether the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be larger…

  • CVE-2026-5766MedMay 5, 2026
    risk 0.27cvss 5.3epss 0.00

    An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially loading large files into memory and causing service degradation. As a…

  • CVE-2026-33936MedMar 27, 2026
    risk 0.27cvss 5.3epss 0.00

    The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2,…

  • CVE-2026-48487medJun 22, 2026
    risk 0.26cvss epss

    ### Impact `_read_character_string` and `_read_string` in `src/zeroconf/_protocol/incoming.py` sliced `self.data[self.offset : self.offset + length]` and advanced `self.offset` by the declared `length` without checking it against `self._data_len`. Python's slice silently…

  • CVE-2026-34831MedApr 2, 2026
    risk 0.24cvss 4.8epss 0.00

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When the response body contains multibyte UTF-8 characters, the declared…

  • CVE-2026-33555MedApr 13, 2026
    risk 0.19cvss 4.0epss 0.00

    An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend…

  • CVE-2025-53604MedJul 5, 2025
    risk 0.19cvss 4.0epss 0.00

    The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.

  • CVE-2023-53157Jul 27, 2025
    risk 0.00cvss epss 0.01

    The rosenpass crate before 0.2.1 for Rust allows remote attackers to cause a denial of service (panic) via a one-byte UDP packet.

  • CVE-2024-41990Aug 7, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

  • CVE-2024-41991Aug 7, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

  • CVE-2024-42460Aug 2, 2024
    risk 0.00cvss epss 0.00

    In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.

  • CVE-2024-38875Jul 10, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

  • CVE-2024-39614Jul 10, 2024
    risk 0.00cvss epss 0.29

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

  • CVE-2023-50248Dec 13, 2023
    risk 0.00cvss epss 0.01

    CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization`…

  • CVE-2023-40167Sep 15, 2023
    risk 0.00cvss epss 0.01

    Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely…

  • CVE-2023-33192May 27, 2023
    risk 0.00cvss epss 0.01

    ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The…

  • CVE-2022-3290Sep 26, 2022
    risk 0.00cvss epss 0.01

    Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.

  • CVE-2022-3272Sep 26, 2022
    risk 0.00cvss epss 0.01

    Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.

  • CVE-2022-2714Sep 6, 2022
    risk 0.00cvss epss 0.01

    Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.