VYPR

CWE-789

Memory Allocation with Excessive Size Value

VariantDraft

Description

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (105)

page 5 of 6
  • CVE-2025-11579Oct 10, 2025
    risk 0.00cvss epss 0.00

    github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.

  • CVE-2025-54801Aug 5, 2025
    risk 0.00cvss epss 0.00

    Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index (e.g., test.18446744073704), the application crashes due to an out-of-bounds…

  • CVE-2025-53893Jul 15, 2025
    risk 0.00cvss epss 0.00

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulnerability exists in the file processing logic when reading a file on endpoint …

  • CVE-2025-27533May 7, 2025
    risk 0.00cvss epss 0.09

    Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by…

  • CVE-2025-43857Apr 28, 2025
    risk 0.00cvss epss 0.00

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is…

  • CVE-2025-32386Apr 9, 2025
    risk 0.00cvss epss 0.00

    Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to…

  • CVE-2024-52791Jan 16, 2025
    risk 0.00cvss epss 0.01

    Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large…

  • CVE-2024-41132Jul 22, 2024
    risk 0.00cvss epss 0.01

    ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are…

  • CVE-2024-32035Apr 15, 2024
    risk 0.00cvss epss 0.01

    ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are…

  • CVE-2023-3223Sep 27, 2023
    risk 0.00cvss epss 0.02

    A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size,…

  • CVE-2023-43632Sep 21, 2023
    risk 0.00cvss epss 0.01

    As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication…

  • CVE-2023-37279Sep 20, 2023
    risk 0.00cvss epss 0.01

    Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query…

  • CVE-2023-33953Aug 9, 2023
    risk 0.00cvss epss 0.00

    gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser -…

  • CVE-2023-30837May 8, 2023
    risk 0.00cvss epss 0.01

    Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

  • CVE-2022-4741Dec 25, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to…

  • CVE-2022-34917Sep 20, 2022
    risk 0.00cvss epss 0.01

    A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial…

  • CVE-2022-36078Sep 2, 2022
    risk 0.00cvss epss 0.01

    Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program.…

  • CVE-2022-29863Jun 16, 2022
    risk 0.00cvss epss 0.01

    OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation.

  • CVE-2021-31811Jun 12, 2021
    risk 0.00cvss epss 0.03

    In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

  • CVE-2021-27906Mar 19, 2021
    risk 0.00cvss epss 0.03

    A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.