VYPR

CWE-135

Incorrect Calculation of Multi-Byte String Length

BaseDraft

Description

The product does not correctly calculate the length of strings that can contain wide or multi-byte characters.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (1)

  • CVE-2026-34831MedApr 2, 2026
    risk 0.24cvss 4.8epss 0.00

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When the response body contains multibyte UTF-8 characters, the declared…