VYPR

CWE-789

Memory Allocation with Excessive Size Value

VariantDraft

Description

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (105)

page 2 of 6
  • CVE-2026-27887MedFeb 26, 2026
    risk 0.45cvss epss 0.00

    Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size (e.g. tables with many rows or large content…

  • CVE-2026-10142HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation.…

  • CVE-2026-49975HigJun 8, 2026
    risk 0.42cvss 7.5epss 0.11

    Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

  • CVE-2026-9538HigMay 26, 2026
    risk 0.42cvss 7.5epss 0.00

    Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header…

  • CVE-2026-5740HigMay 22, 2026
    risk 0.42cvss 7.5epss 0.00

    Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service…

  • CVE-2026-44375HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension…

  • CVE-2026-42946MedMay 13, 2026
    risk 0.42cvss 6.5epss 0.01

    A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to…

  • CVE-2026-42189HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive…

  • CVE-2026-42154HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.01

    Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated…

  • CVE-2026-33524HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.00

    Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error (Denial of Service). This…

  • CVE-2026-40303HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is…

  • CVE-2026-35186HigApr 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the…

  • CVE-2026-35549MedApr 3, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because…

  • CVE-2026-32941MedMar 20, 2026
    risk 0.42cvss 6.5epss 0.00

    Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions…

  • CVE-2025-30211HigMar 28, 2025
    risk 0.42cvss 7.5epss 0.00

    Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64…

  • CVE-2018-25378MedMay 25, 2026
    risk 0.40cvss 6.2epss 0.00

    Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content…

  • CVE-2018-25295MedApr 26, 2026
    risk 0.40cvss 6.2epss 0.00

    ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and…

  • CVE-2018-25279MedApr 26, 2026
    risk 0.40cvss 6.2epss 0.00

    jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application…

  • CVE-2018-25274MedApr 26, 2026
    risk 0.40cvss 6.2epss 0.00

    InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function…

  • CVE-2024-2494MedMar 21, 2024
    risk 0.40cvss 6.2epss 0.00

    A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the…