VYPR

CWE-1325

Improperly Controlled Sequential Memory Allocation

BaseIncomplete

Description

The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-130

CVEs mapped to this weakness (12)

  • CVE-2024-27796HigMay 14, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An attacker may be able to elevate privileges.

  • CVE-2026-34183HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.01

    Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the…

  • CVE-2026-8199MedMay 13, 2026
    risk 0.42cvss 6.5epss 0.00

    An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0…

  • CVE-2025-2240HigMar 12, 2025
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

  • CVE-2024-27804MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination.

  • CVE-2026-24819MedJan 27, 2026
    risk 0.34cvss epss 0.00

    Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects weixin4j.

  • CVE-2023-52891MedJul 9, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1).…

  • CVE-2024-2511MedApr 8, 2024
    risk 0.32cvss 5.9epss 0.54

    Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This…

  • CVE-2026-6869MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-6867MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-6535MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-6533MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service