CWE-1284
AllowedImproper Validation of Specified Quantity in Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
500 vulnerabilities reference this CWE, most recent first.
GHSA-68C6-W8Q5-F84G
Vulnerability from github – Published: 2026-01-31 00:30 – Updated: 2026-01-31 00:30IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled.
{
"affected": [],
"aliases": [
"CVE-2025-36428"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-30T22:15:55Z",
"severity": "MODERATE"
},
"details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled.",
"id": "GHSA-68c6-w8q5-f84g",
"modified": "2026-01-31T00:30:28Z",
"published": "2026-01-31T00:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36428"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7257697"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68XF-4W7R-P3V5
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 15:32In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217
{
"affected": [],
"aliases": [
"CVE-2022-20488"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "HIGH"
},
"details": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217",
"id": "GHSA-68xf-4w7r-p3v5",
"modified": "2022-12-15T15:32:12Z",
"published": "2022-12-13T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20488"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6973-8887-87FF
Vulnerability from github – Published: 2026-04-22 19:13 – Updated: 2026-04-27 16:22Impact
SkipBlockProof::verify computes its quorum check using BitSet.len(), then iterates BitSet indices and casts each usize index to u16 (slot as u16) for slot lookup. If an attacker can get a SkipBlockProof verified where MultiSignature.signers contains out-of-range indices spaced by 65536, these indices inflate len() but collide onto the same in-range u16 slot during aggregation.
This makes it possible for a malicious validator with far fewer than 2f+1 real signer slots to pass skip block proof verification by multiplying a single BLS signature by the same factor.
Patches
The patch for this vulnerability is included as part of v1.3.0.
Workarounds
No known workarounds.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "nimiq-block"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33471"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-190",
"CWE-20",
"CWE-345"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T19:13:47Z",
"nvd_published_at": "2026-04-22T20:16:40Z",
"severity": "CRITICAL"
},
"details": "### Impact\n`SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. If an attacker can get a `SkipBlockProof` verified where `MultiSignature.signers` contains out-of-range indices spaced by 65536, these indices inflate `len()` but collide onto the same in-range `u16` slot during aggregation.\n\nThis makes it possible for a malicious validator with far fewer than `2f+1` real signer slots to pass skip block proof verification by multiplying a single BLS signature by the same factor.\n\n### Patches\n[The patch for this vulnerability](https://github.com/nimiq/core-rs-albatross/pull/3657) is included as part of [v1.3.0](https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0).\n\n### Workarounds\nNo known workarounds.",
"id": "GHSA-6973-8887-87ff",
"modified": "2026-04-27T16:22:04Z",
"published": "2026-04-22T19:13:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-6973-8887-87ff"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33471"
},
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/pull/3657"
},
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/commit/d02059053181ed8ddad6b59a0adfd661ef5cd823"
},
{
"type": "PACKAGE",
"url": "https://github.com/nimiq/core-rs-albatross"
},
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "nimiq-block has skip block quorum bypass via out-of-range BitSet indices \u0026 u16 truncation"
}
GHSA-6C49-6XV3-MCQ8
Vulnerability from github – Published: 2025-06-06 15:30 – Updated: 2026-04-01 18:35Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder allows Phishing. This issue affects Profile Builder: from n/a through 3.13.8.
{
"affected": [],
"aliases": [
"CVE-2025-49292"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-06T13:15:45Z",
"severity": "MODERATE"
},
"details": "Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder allows Phishing. This issue affects Profile Builder: from n/a through 3.13.8.",
"id": "GHSA-6c49-6xv3-mcq8",
"modified": "2026-04-01T18:35:22Z",
"published": "2025-06-06T15:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49292"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/profile-builder/vulnerability/wordpress-profile-builder-3-13-8-content-spoofing-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6CFX-8GFV-H75G
Vulnerability from github – Published: 2025-09-12 06:30 – Updated: 2025-09-12 06:30An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names.
{
"affected": [],
"aliases": [
"CVE-2025-10094"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-12T05:15:31Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names.",
"id": "GHSA-6cfx-8gfv-h75g",
"modified": "2025-09-12T06:30:25Z",
"published": "2025-09-12T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10094"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3049089"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/528469"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6F46-73V7-W4MR
Vulnerability from github – Published: 2025-05-28 00:30 – Updated: 2025-05-28 00:30n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:
- Packets which should be permitted may be dropped and,
- Packets which should be dropped may be permitted.
{
"affected": [],
"aliases": [
"CVE-2025-2826"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-27T23:15:21Z",
"severity": "LOW"
},
"details": "n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:\n\n * Packets which should be permitted may be dropped and,\n * Packets which should be dropped may be permitted.",
"id": "GHSA-6f46-73v7-w4mr",
"modified": "2025-05-28T00:30:35Z",
"published": "2025-05-28T00:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2826"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21414-security-advisory-0120"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6GXC-86MW-M4H8
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2026-04-01 18:36Improper Validation of Specified Quantity in Input vulnerability in ThemesGrove WP SmartPay. This issue affects WP SmartPay: from n/a through 2.7.13.
{
"affected": [],
"aliases": [
"CVE-2025-32689"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:15:43Z",
"severity": "HIGH"
},
"details": "Improper Validation of Specified Quantity in Input vulnerability in ThemesGrove WP SmartPay. This issue affects WP SmartPay: from n/a through 2.7.13.",
"id": "GHSA-6gxc-86mw-m4h8",
"modified": "2026-04-01T18:36:07Z",
"published": "2025-09-09T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32689"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/smartpay/vulnerability/wordpress-download-manager-and-payment-form-2-7-12-other-vulnerability-type-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6HJ5-4CV5-F46X
Vulnerability from github – Published: 2026-05-27 00:31 – Updated: 2026-07-15 15:32A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-5260"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T22:16:44Z",
"severity": "HIGH"
},
"details": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.",
"id": "GHSA-6hj5-4cv5-f46x",
"modified": "2026-07-15T15:32:42Z",
"published": "2026-05-27T00:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5260"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13274"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20611"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20612"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20613"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26319"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26409"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30004"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30850"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:32962"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33125"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-5260"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
},
{
"type": "WEB",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6QVP-P2RF-M5FM
Vulnerability from github – Published: 2025-07-21 15:30 – Updated: 2025-07-21 15:30Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged in the application and even if the access permissions have been revoked.
{
"affected": [],
"aliases": [
"CVE-2025-41100"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-21T13:15:26Z",
"severity": "MODERATE"
},
"details": "Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged in the application and even if the access permissions have been revoked.",
"id": "GHSA-6qvp-p2rf-m5fm",
"modified": "2025-07-21T15:30:30Z",
"published": "2025-07-21T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41100"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-authentication-parkingdoor"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6V7F-H3QG-WWPP
Vulnerability from github – Published: 2026-07-17 12:31 – Updated: 2026-07-17 12:31Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price.
When the mpp Elixir library is configured as fee payer (fee_payer: true), MPP.Tempo.Transaction.cosign_fee_payer/3 re-signs the client-supplied base fields of the 0x76 AASigned envelope verbatim, including max_fee_per_gas and max_priority_fee_per_gas, without validating that they are within reasonable bounds. A malicious client embeds arbitrarily large values for these fields in the signed envelope. The server co-signs and broadcasts the transaction. The effective_gas_price billed against the fee-payer wallet is derived from the attacker-supplied ceilings, so the server pays those inflated per-gas rates out of its own wallet. A single crafted request can drain the wallet entirely, after which the server can no longer sponsor gas for legitimate payment requests.
This issue affects mpp: from 0.2.0 before 0.6.0.
{
"affected": [],
"aliases": [
"CVE-2026-59695"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-17T11:17:14Z",
"severity": "HIGH"
},
"details": "Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price.\n\nWhen the mpp Elixir library is configured as fee payer (fee_payer: true), MPP.Tempo.Transaction.cosign_fee_payer/3 re-signs the client-supplied base fields of the 0x76 AASigned envelope verbatim, including max_fee_per_gas and max_priority_fee_per_gas, without validating that they are within reasonable bounds. A malicious client embeds arbitrarily large values for these fields in the signed envelope. The server co-signs and broadcasts the transaction. The effective_gas_price billed against the fee-payer wallet is derived from the attacker-supplied ceilings, so the server pays those inflated per-gas rates out of its own wallet. A single crafted request can drain the wallet entirely, after which the server can no longer sponsor gas for legitimate payment requests.\n\nThis issue affects mpp: from 0.2.0 before 0.6.0.",
"id": "GHSA-6v7f-h3qg-wwpp",
"modified": "2026-07-17T12:31:29Z",
"published": "2026-07-17T12:31:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ZenHive/mpp/security/advisories/GHSA-vv77-66rf-pm86"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59695"
},
{
"type": "WEB",
"url": "https://github.com/ZenHive/mpp/commit/5d6338e2334084c5f2a78cfcca474830733ed7e8"
},
{
"type": "WEB",
"url": "https://cna.erlef.org/cves/CVE-2026-59695.html"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-59695"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.