VYPR

CWE-789

Memory Allocation with Excessive Size Value

VariantDraft

Description

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (105)

page 3 of 6
  • CVE-2025-26618HigFeb 20, 2025
    risk 0.39cvss epss 0.00

    Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in…

  • CVE-2022-20845MedNov 15, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process. This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could…

  • CVE-2026-8485MedMay 20, 2026
    risk 0.38cvss 5.9epss 0.00

    Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

  • CVE-2026-52759MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser…

  • CVE-2026-52753MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes…

  • CVE-2026-22188MedJan 7, 2026
    risk 0.36cvss 5.5epss 0.00

    The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc…

  • CVE-2026-41314MedApr 22, 2026
    risk 0.35cvss 6.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been…

  • CVE-2026-41312MedApr 22, 2026
    risk 0.35cvss 6.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal…

  • CVE-2025-25186MedFeb 10, 2025
    risk 0.35cvss 6.5epss 0.01

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time…

  • CVE-2026-24030MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC…

  • CVE-2026-47319MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd.

  • CVE-2026-32836MedMar 17, 2026
    risk 0.33cvss 6.2epss 0.00

    dr_libs dr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, 4f5a4cd, and 663239a) contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE…

  • CVE-2026-42348MedMay 12, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes…

  • CVE-2026-47734MedJun 10, 2026
    risk 0.30cvss 5.7epss 0.00

    Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack (~174 bytes) whose delta header declares a huge dest_size. When dulwich ingested…

  • CVE-2026-34944MedApr 9, 2026
    risk 0.30cvss 5.7epss 0.00

    Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are…

  • CVE-2026-47313MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-42146MedMay 4, 2026
    risk 0.29cvss 5.5epss 0.00

    CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nb_colors value…

  • CVE-2024-37168MedJun 10, 2024
    risk 0.28cvss 5.3epss 0.01

    @grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length`…

  • CVE-2026-44967MedJun 12, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured…

  • CVE-2026-41178MedJun 4, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the…