CWE-1284
AllowedImproper Validation of Specified Quantity in Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
497 vulnerabilities reference this CWE, most recent first.
GHSA-927H-58V2-FQV5
Vulnerability from github – Published: 2025-06-17 15:31 – Updated: 2025-08-06 18:31Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
{
"affected": [],
"aliases": [
"CVE-2025-5349"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-17T13:15:21Z",
"severity": "HIGH"
},
"details": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway",
"id": "GHSA-927h-58v2-fqv5",
"modified": "2025-08-06T18:31:10Z",
"published": "2025-06-17T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5349"
},
{
"type": "WEB",
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-92X6-4GF8-7HCJ
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2025-10-22 03:30The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
{
"affected": [],
"aliases": [
"CVE-2010-3904"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-12-06T20:13:00Z",
"severity": "HIGH"
},
"details": "The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.",
"id": "GHSA-92x6-4gf8-7hcj",
"modified": "2025-10-22T03:30:29Z",
"published": "2022-05-13T01:23:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3904"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642896"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3904"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44677"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=799c10559d60f159ab2232203f222f18fa3c4a5f"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/46397"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024613"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/362983"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0792.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"type": "WEB",
"url": "http://www.vsecurity.com/download/tools/linux-rds-exploit.c"
},
{
"type": "WEB",
"url": "http://www.vsecurity.com/resources/advisory/20101019-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0298"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9398-5GHF-7PR6
Vulnerability from github – Published: 2022-10-31 18:44 – Updated: 2022-10-31 18:44Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::to_bytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocation failed for that request.
In version 0.4.2, conduit-hyper sets an internal limit of 128 MiB per request, otherwise returning status 400 ("Bad Request").
This crate is part of the implementation of Rust's crates.io, but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, conduit-hyper is not recommended for production use, nor to directly serve the public Internet.
The vulnerability was discovered by Ori Hollander from the JFrog Security Research team.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "conduit-hyper"
},
"ranges": [
{
"events": [
{
"introduced": "0.2.0-alpha.3"
},
{
"fixed": "0.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39294"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-31T18:44:47Z",
"nvd_published_at": "2022-10-31T19:15:00Z",
"severity": "HIGH"
},
"details": "Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request\u0027s length before calling [`hyper::body::to_bytes`](https://docs.rs/hyper/latest/hyper/body/fn.to_bytes.html). An attacker could send a malicious request with an abnormally large `Content-Length`, which could lead to a panic if memory allocation failed for that request.\n\nIn version 0.4.2, `conduit-hyper` sets an internal limit of 128 MiB per request, otherwise returning status 400 (\"Bad Request\").\n\nThis crate is part of the implementation of Rust\u0027s [crates.io](https://crates.io/), but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, `conduit-hyper` is not recommended for production use, nor to directly serve the public Internet.\n\nThe vulnerability was discovered by Ori Hollander from the JFrog Security Research team.",
"id": "GHSA-9398-5ghf-7pr6",
"modified": "2022-10-31T18:44:47Z",
"published": "2022-10-31T18:44:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/conduit-rust/conduit-hyper/security/advisories/GHSA-9398-5ghf-7pr6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39294"
},
{
"type": "WEB",
"url": "https://github.com/conduit-rust/conduit-hyper/commit/4d225a53206505d39438ec6694e15f49c038baff"
},
{
"type": "PACKAGE",
"url": "https://github.com/conduit-rust/conduit-hyper"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2022-0066.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "conduit-hyper vulnerable to Denial of Service from unchecked request length"
}
GHSA-93PR-W682-79XH
Vulnerability from github – Published: 2026-02-17 18:32 – Updated: 2026-02-17 18:32IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.
{
"affected": [],
"aliases": [
"CVE-2025-14689"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-17T18:20:29Z",
"severity": "MODERATE"
},
"details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.",
"id": "GHSA-93pr-w682-79xh",
"modified": "2026-02-17T18:32:58Z",
"published": "2026-02-17T18:32:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14689"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7259964"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9558-P79R-V8WJ
Vulnerability from github – Published: 2025-12-03 21:31 – Updated: 2025-12-03 21:31NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-33211"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-03T19:15:56Z",
"severity": "HIGH"
},
"details": "NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.",
"id": "GHSA-9558-p79r-v8wj",
"modified": "2025-12-03T21:31:05Z",
"published": "2025-12-03T21:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33211"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5734"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33211"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-97C7-FXWG-RJ4C
Vulnerability from github – Published: 2025-07-23 06:33 – Updated: 2025-07-23 06:33Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product.
{
"affected": [],
"aliases": [
"CVE-2025-43881"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-23T05:15:30Z",
"severity": "MODERATE"
},
"details": "Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product.",
"id": "GHSA-97c7-fxwg-rj4c",
"modified": "2025-07-23T06:33:50Z",
"published": "2025-07-23T06:33:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43881"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN21177718"
},
{
"type": "WEB",
"url": "https://www.synck.com/downloads/cgi-perl/buslocationsystem/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9F52-HPVW-V96W
Vulnerability from github – Published: 2022-02-10 20:22 – Updated: 2021-04-19 23:18In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.4.0"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.hono:hono-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-27217"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-19T23:18:06Z",
"nvd_published_at": "2020-11-13T20:15:00Z",
"severity": "HIGH"
},
"details": "In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception.",
"id": "GHSA-9f52-hpvw-v96w",
"modified": "2021-04-19T23:18:06Z",
"published": "2022-02-10T20:22:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27217"
},
{
"type": "WEB",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=567068"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Validation of Specified Quantity in Input in Eclipse Hono"
}
GHSA-9FVF-9V35-97QV
Vulnerability from github – Published: 2024-04-04 21:30 – Updated: 2025-11-05 00:31Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
This issue affects Apache HTTP Server: through 2.4.58.
{
"affected": [],
"aliases": [
"CVE-2023-38709"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-04T20:15:08Z",
"severity": "HIGH"
},
"details": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\n\nThis issue affects Apache HTTP Server: through 2.4.58.",
"id": "GHSA-9fvf-9v35-97qv",
"modified": "2025-11-05T00:31:17Z",
"published": "2024-04-04T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38709"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240415-0013"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214119"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/04/04/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9HG8-8WQ3-MHHG
Vulnerability from github – Published: 2022-03-04 00:00 – Updated: 2025-11-04 18:30Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.
{
"affected": [],
"aliases": [
"CVE-2022-26125"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-03T18:15:00Z",
"severity": "HIGH"
},
"details": "Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.",
"id": "GHSA-9hg8-8wq3-mhhg",
"modified": "2025-11-04T18:30:38Z",
"published": "2022-03-04T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26125"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/issues/10507"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9M5V-M5WP-XCM2
Vulnerability from github – Published: 2022-05-03 00:00 – Updated: 2024-09-25 09:30A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.; 12.2.; 12.4.; 12.6.; 12.7.; 13.2..
{
"affected": [],
"aliases": [
"CVE-2022-28613"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-02T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*.",
"id": "GHSA-9m5v-m5wp-xcm2",
"modified": "2024-09-25T09:30:46Z",
"published": "2022-05-03T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28613"
},
{
"type": "WEB",
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000103\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000103\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.