VYPR

CWE-789

Memory Allocation with Excessive Size Value

VariantDraft

Description

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (105)

page 1 of 6
  • CVE-2025-62600HigFeb 3, 2026
    risk 0.56cvss 8.6epss 0.00

    eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a…

  • CVE-2025-62599HigFeb 3, 2026
    risk 0.56cvss 8.6epss 0.00

    eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a…

  • CVE-2024-20260HigOct 23, 2024
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to…

  • CVE-2026-20048HigFeb 25, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to…

  • CVE-2018-25368HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger…

  • CVE-2021-47973HigMay 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a…

  • CVE-2021-47972HigMay 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger…

  • CVE-2021-47971HigMay 16, 2026
    risk 0.49cvss 7.5epss 0.00

    My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note…

  • CVE-2021-47970HigMay 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger…

  • CVE-2021-47969HigMay 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to…

  • CVE-2026-42582HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for a string literal before…

  • CVE-2021-47944HigMay 10, 2026
    risk 0.49cvss 7.5epss 0.00

    memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note…

  • CVE-2026-42440HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.01

    OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed…

  • CVE-2026-24146HigApr 7, 2026
    risk 0.49cvss 7.5epss 0.01

    NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2026-39312HigApr 7, 2026
    risk 0.49cvss 7.5epss 0.00

    SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and likely earlier versions of Developer Edition). An unauthenticated…

  • CVE-2025-61910HigOct 7, 2025
    risk 0.49cvss 7.5epss 0.00

    The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread termination and a…

  • CVE-2025-61600HigOct 2, 2025
    risk 0.49cvss 7.5epss 0.01

    Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory (OOM) killer and…

  • CVE-2025-8696HigSep 10, 2025
    risk 0.49cvss 7.5epss 0.00

    If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.

  • CVE-2017-7652HigApr 25, 2018
    risk 0.49cvss 7.5epss 0.02

    In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets…

  • CVE-2017-7651HigApr 24, 2018
    risk 0.49cvss 7.5epss 0.05

    In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.