CWE-789
Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
CVE-2025-8696 (GCVE-0-2025-8696)
Vulnerability from cvelistv5 – Published: 2025-09-10 17:59 – Updated: 2025-11-04 21:15
VLAI
Title
DoS attack against the Stork UI from an unauthenticated user
Summary
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.
This issue affects Stork versions 1.0.0 through 2.3.0.
Severity
7.5 (High)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/cve-2025-8696 | vendor-advisory |
Date Public
2025-09-10 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T14:26:49.356453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T14:42:42.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:15:10.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/10/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Stork",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.\nThis issue affects Stork versions 1.0.0 through 2.3.0."
}
],
"exploits": [
{
"lang": "en",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Resource exhaustion. A sufficiently large input will cause Stork to allocate more memory than is available, leading to the failure of the `stork-server` process and/or other processes. Repeated smaller inputs may not exhaust memory but may fill log storage or force premature log rotation."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-779",
"description": "CWE-779 Logging of Excessive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T17:59:52.878Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-8696",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-8696"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of Stork: 2.2.1 or 2.3.1."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DoS attack against the Stork UI from an unauthenticated user",
"workarounds": [
{
"lang": "en",
"value": "Placing the Stork server behind a firewall or proxy that only allows access from trusted clients, and/or enforces input size limits, is an effective workaround."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-8696",
"datePublished": "2025-09-10T17:59:52.878Z",
"dateReserved": "2025-08-07T09:49:55.542Z",
"dateUpdated": "2025-11-04T21:15:10.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20048 (GCVE-0-2026-20048)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:26 – Updated: 2026-02-25 19:05
VLAI
Title
Cisco NX-OS Software SNMP Denial of Service Vulnerability
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a DoS condition.
Note: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv1 or SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
Severity
7.7 (High)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco NX-OS System Software in ACI Mode |
Affected:
15.2(1g)
Affected: 15.2(2e) Affected: 15.2(2f) Affected: 15.2(2g) Affected: 15.2(2h) Affected: 15.2(3f) Affected: 15.2(3e) Affected: 15.2(3g) Affected: 15.2(4d) Affected: 15.2(4e) Affected: 15.2(5c) Affected: 15.2(5d) Affected: 16.0(1g) Affected: 15.2(5e) Affected: 15.2(4f) Affected: 15.2(6e) Affected: 15.2(6h) Affected: 16.0(1j) Affected: 15.2(6g) Affected: 15.2(7f) Affected: 15.2(7g) Affected: 16.0(2h) Affected: 15.2(8d) Affected: 16.0(2j) Affected: 15.2(8e) Affected: 16.0(3d) Affected: 16.0(3e) Affected: 15.2(8f) Affected: 15.2(8g) Affected: 15.3(1d) Affected: 15.2(8h) Affected: 16.0(4c) Affected: 15.3(2a) Affected: 15.2(8i) Affected: 16.0(5h) Affected: 15.3(2b) Affected: 16.0(3g) Affected: 16.0(5j) Affected: 15.3(2c) Affected: 16.0(6c) Affected: 15.3(2d) Affected: 16.1(1f) Affected: 16.0(7e) Affected: 16.0(8e) Affected: 15.3(2e) Affected: 16.0(8f) Affected: 16.1(2f) Affected: 16.1(2g) Affected: 15.3(2f) Affected: 16.0(9c) Affected: 16.1(3f) Affected: 16.0(9d) Affected: 16.0(6h) Affected: 16.0(8h) Affected: 16.1(3g) Affected: 16.0(9e) Affected: 16.1(4h) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:18:11.351419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:05:48.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS System Software in ACI Mode",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "15.2(1g)"
},
{
"status": "affected",
"version": "15.2(2e)"
},
{
"status": "affected",
"version": "15.2(2f)"
},
{
"status": "affected",
"version": "15.2(2g)"
},
{
"status": "affected",
"version": "15.2(2h)"
},
{
"status": "affected",
"version": "15.2(3f)"
},
{
"status": "affected",
"version": "15.2(3e)"
},
{
"status": "affected",
"version": "15.2(3g)"
},
{
"status": "affected",
"version": "15.2(4d)"
},
{
"status": "affected",
"version": "15.2(4e)"
},
{
"status": "affected",
"version": "15.2(5c)"
},
{
"status": "affected",
"version": "15.2(5d)"
},
{
"status": "affected",
"version": "16.0(1g)"
},
{
"status": "affected",
"version": "15.2(5e)"
},
{
"status": "affected",
"version": "15.2(4f)"
},
{
"status": "affected",
"version": "15.2(6e)"
},
{
"status": "affected",
"version": "15.2(6h)"
},
{
"status": "affected",
"version": "16.0(1j)"
},
{
"status": "affected",
"version": "15.2(6g)"
},
{
"status": "affected",
"version": "15.2(7f)"
},
{
"status": "affected",
"version": "15.2(7g)"
},
{
"status": "affected",
"version": "16.0(2h)"
},
{
"status": "affected",
"version": "15.2(8d)"
},
{
"status": "affected",
"version": "16.0(2j)"
},
{
"status": "affected",
"version": "15.2(8e)"
},
{
"status": "affected",
"version": "16.0(3d)"
},
{
"status": "affected",
"version": "16.0(3e)"
},
{
"status": "affected",
"version": "15.2(8f)"
},
{
"status": "affected",
"version": "15.2(8g)"
},
{
"status": "affected",
"version": "15.3(1d)"
},
{
"status": "affected",
"version": "15.2(8h)"
},
{
"status": "affected",
"version": "16.0(4c)"
},
{
"status": "affected",
"version": "15.3(2a)"
},
{
"status": "affected",
"version": "15.2(8i)"
},
{
"status": "affected",
"version": "16.0(5h)"
},
{
"status": "affected",
"version": "15.3(2b)"
},
{
"status": "affected",
"version": "16.0(3g)"
},
{
"status": "affected",
"version": "16.0(5j)"
},
{
"status": "affected",
"version": "15.3(2c)"
},
{
"status": "affected",
"version": "16.0(6c)"
},
{
"status": "affected",
"version": "15.3(2d)"
},
{
"status": "affected",
"version": "16.1(1f)"
},
{
"status": "affected",
"version": "16.0(7e)"
},
{
"status": "affected",
"version": "16.0(8e)"
},
{
"status": "affected",
"version": "15.3(2e)"
},
{
"status": "affected",
"version": "16.0(8f)"
},
{
"status": "affected",
"version": "16.1(2f)"
},
{
"status": "affected",
"version": "16.1(2g)"
},
{
"status": "affected",
"version": "15.3(2f)"
},
{
"status": "affected",
"version": "16.0(9c)"
},
{
"status": "affected",
"version": "16.1(3f)"
},
{
"status": "affected",
"version": "16.0(9d)"
},
{
"status": "affected",
"version": "16.0(6h)"
},
{
"status": "affected",
"version": "16.0(8h)"
},
{
"status": "affected",
"version": "16.1(3g)"
},
{
"status": "affected",
"version": "16.0(9e)"
},
{
"status": "affected",
"version": "16.1(4h)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries\u0026nbsp;to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a\u0026nbsp;DoS condition.\r\nNote: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit\u0026nbsp;this vulnerability through SNMPv1 or\u0026nbsp;SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "Uncontrolled Memory Allocation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:26:28.329Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nxos-dsnmp-cNN39Uh",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dsnmp-cNN39Uh"
}
],
"source": {
"advisory": "cisco-sa-nxos-dsnmp-cNN39Uh",
"defects": [
"CSCwq57598"
],
"discovery": "EXTERNAL"
},
"title": "Cisco NX-OS Software SNMP Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20048",
"datePublished": "2026-02-25T16:26:28.329Z",
"dateReserved": "2025-10-08T11:59:15.355Z",
"dateUpdated": "2026-02-25T19:05:48.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21452 (GCVE-0-2026-21452)
Vulnerability from cvelistv5 – Published: 2026-01-02 20:47 – Updated: 2026-01-02 21:22
VLAI
Title
MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation
Summary
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only a few bytes can therefore trigger unbounded heap allocation, resulting in JVM heap exhaustion, process termination, or service unavailability. This vulnerability is triggered during model loading / deserialization, making it a model format vulnerability suitable for remote exploitation. The vulnerability enables a remote denial-of-service attack against applications that deserialize untrusted .msgpack model files using MessagePack for Java. A specially crafted but syntactically valid .msgpack file containing an EXT32 object with an attacker-controlled, excessively large payload length can trigger unbounded memory allocation during deserialization. When the model file is loaded, the library trusts the declared length metadata and attempts to allocate a byte array of that size, leading to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError. The attack requires no malformed bytes, user interaction, or elevated privileges and can be exploited remotely in real-world environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Because the malicious file is extremely small yet valid, it can bypass basic validation and scanning mechanisms, resulting in complete service unavailability and potential cascading failures in production systems. Version 0.9.11 fixes the vulnerability.
Severity
7.5 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/msgpack/msgpack-java/security/… | x_refsource_CONFIRM |
| https://github.com/msgpack/msgpack-java/commit/da… | x_refsource_MISC |
| https://github.com/msgpack/msgpack-java/releases/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| msgpack | msgpack-java |
Affected:
< 0.9.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21452",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T21:21:49.839128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T21:22:01.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "msgpack-java",
"vendor": "msgpack",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only a few bytes can therefore trigger unbounded heap allocation, resulting in JVM heap exhaustion, process termination, or service unavailability. This vulnerability is triggered during model loading / deserialization, making it a model format vulnerability suitable for remote exploitation. The vulnerability enables a remote denial-of-service attack against applications that deserialize untrusted .msgpack model files using MessagePack for Java. A specially crafted but syntactically valid .msgpack file containing an EXT32 object with an attacker-controlled, excessively large payload length can trigger unbounded memory allocation during deserialization. When the model file is loaded, the library trusts the declared length metadata and attempts to allocate a byte array of that size, leading to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError. The attack requires no malformed bytes, user interaction, or elevated privileges and can be exploited remotely in real-world environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Because the malicious file is extremely small yet valid, it can bypass basic validation and scanning mechanisms, resulting in complete service unavailability and potential cascading failures in production systems. Version 0.9.11 fixes the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T20:47:44.874Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/msgpack/msgpack-java/security/advisories/GHSA-cw39-r4h6-8j3x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/msgpack/msgpack-java/security/advisories/GHSA-cw39-r4h6-8j3x"
},
{
"name": "https://github.com/msgpack/msgpack-java/commit/daa2ea6b2f11f500e22c70a22f689f7a9debdeae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/msgpack/msgpack-java/commit/daa2ea6b2f11f500e22c70a22f689f7a9debdeae"
},
{
"name": "https://github.com/msgpack/msgpack-java/releases/tag/v0.9.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/msgpack/msgpack-java/releases/tag/v0.9.11"
}
],
"source": {
"advisory": "GHSA-cw39-r4h6-8j3x",
"discovery": "UNKNOWN"
},
"title": "MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21452",
"datePublished": "2026-01-02T20:47:44.874Z",
"dateReserved": "2025-12-29T03:00:29.277Z",
"dateUpdated": "2026-01-02T21:22:01.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22026 (GCVE-0-2026-22026)
Vulnerability from cvelistv5 – Published: 2026-01-10 00:22 – Updated: 2026-01-13 21:47
VLAI
Title
CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion
Summary
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.
Severity
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nasa/CryptoLib/security/adviso… | x_refsource_CONFIRM |
| https://github.com/nasa/CryptoLib/commit/2372efd3… | x_refsource_MISC |
| https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22026",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T21:47:49.912729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:47:52.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CryptoLib",
"vendor": "nasa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T00:22:35.480Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34x7"
},
{
"name": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d"
},
{
"name": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nasa/CryptoLib/releases/tag/v1.4.3"
}
],
"source": {
"advisory": "GHSA-w9cm-q69w-34x7",
"discovery": "UNKNOWN"
},
"title": "CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22026",
"datePublished": "2026-01-10T00:22:35.480Z",
"dateReserved": "2026-01-05T22:30:38.718Z",
"dateUpdated": "2026-01-13T21:47:52.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22188 (GCVE-0-2026-22188)
Vulnerability from cvelistv5 – Published: 2026-01-07 20:26 – Updated: 2026-03-05 01:30
VLAI
Title
Panda3D <= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()
Summary
Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.
Severity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2026/Jan/9 | technical-descriptionexploit |
| https://www.panda3d.org/ | product |
| https://github.com/panda3d/panda3d | product |
| https://www.vulncheck.com/advisories/panda3d-depl… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22188",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T21:23:03.715506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T21:23:15.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Panda3D",
"repo": "https://github.com/panda3d/panda3d",
"vendor": "Panda3D",
"versions": [
{
"lessThanOrEqual": "1.10.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cmu:panda3d:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.10.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ron Edgerson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior."
}
],
"value": "Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:30:09.033Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2026/Jan/9"
},
{
"tags": [
"product"
],
"url": "https://www.panda3d.org/"
},
{
"tags": [
"product"
],
"url": "https://github.com/panda3d/panda3d"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/panda3d-deploy-stub-stack-exhaustion-via-unbounded-alloca"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Panda3D \u003c= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-22188",
"datePublished": "2026-01-07T20:26:13.360Z",
"dateReserved": "2026-01-06T16:47:17.183Z",
"dateUpdated": "2026-03-05T01:30:09.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22803 (GCVE-0-2026-22803)
Vulnerability from cvelistv5 – Published: 2026-01-15 18:37 – Updated: 2026-01-15 19:06
VLAI
Title
SvelteKit has a memory amplification DoS in Remote Functions binary form deserializer
Summary
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5.
Severity
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/sveltejs/kit/security/advisori… | x_refsource_CONFIRM |
| https://github.com/sveltejs/kit/commit/8ed8155215… | x_refsource_MISC |
| https://github.com/sveltejs/kit/releases/tag/@sve… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T19:06:02.781041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T19:06:13.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kit",
"vendor": "sveltejs",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.49.0, \u003c 2.49.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T18:37:57.831Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sveltejs/kit/security/advisories/GHSA-j2f3-wq62-6q46",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-j2f3-wq62-6q46"
},
{
"name": "https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5"
},
{
"name": "https://github.com/sveltejs/kit/releases/tag/@sveltejs%2Fadapter-node@5.5.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sveltejs/kit/releases/tag/@sveltejs%2Fadapter-node@5.5.1"
}
],
"source": {
"advisory": "GHSA-j2f3-wq62-6q46",
"discovery": "UNKNOWN"
},
"title": "SvelteKit has a memory amplification DoS in Remote Functions binary form deserializer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22803",
"datePublished": "2026-01-15T18:37:57.831Z",
"dateReserved": "2026-01-09T22:50:10.287Z",
"dateUpdated": "2026-01-15T19:06:13.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24146 (GCVE-0-2026-24146)
Vulnerability from cvelistv5 – Published: 2026-04-07 17:11 – Updated: 2026-04-07 19:18
VLAI
Summary
NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service.
Severity
7.5 (High)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | Triton Inference Server |
Affected:
All versions prior to r26.02
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T19:17:50.274889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T19:18:08.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All"
],
"product": "Triton Inference Server",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to r26.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service."
}
],
"value": "NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T17:11:54.812Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24146"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24146"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5816"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2026-24146",
"datePublished": "2026-04-07T17:11:54.812Z",
"dateReserved": "2026-01-21T19:09:27.438Z",
"dateUpdated": "2026-04-07T19:18:08.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24158 (GCVE-0-2026-24158)
Vulnerability from cvelistv5 – Published: 2026-03-24 20:26 – Updated: 2026-03-25 14:27
VLAI
Summary
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service.
Severity
7.5 (High)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | Triton Inference Server |
Affected:
All versions prior to 26.01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T14:24:10.152143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:27:11.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All"
],
"product": "Triton Inference Server",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 26.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service."
}
],
"value": "NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T20:26:28.640Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24158"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24158"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2026-24158",
"datePublished": "2026-03-24T20:26:28.640Z",
"dateReserved": "2026-01-21T19:09:29.851Z",
"dateUpdated": "2026-03-25T14:27:11.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2456 (GCVE-0-2026-2456)
Vulnerability from cvelistv5 – Published: 2026-03-16 11:06 – Updated: 2026-03-16 13:49
VLAI
Title
Denial of Service via Unbounded Memory Allocation in Integration Actions
Summary
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that returns an arbitrarily large response when a user clicks an interactive message button.. Mattermost Advisory ID: MMSA-2026-00571
Severity
5.3 (Medium)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.3.0 , ≤ 11.3.0
(semver)
Affected: 11.2.0 , ≤ 11.2.2 (semver) Affected: 10.11.0 , ≤ 10.11.10 (semver) Unaffected: 11.4.0 Unaffected: 11.3.1 Unaffected: 11.2.3 Unaffected: 10.11.11 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T13:43:01.562781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T13:49:58.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "11.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.2.2",
"status": "affected",
"version": "11.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.10",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.4.0"
},
{
"status": "unaffected",
"version": "11.3.1"
},
{
"status": "unaffected",
"version": "11.2.3"
},
{
"status": "unaffected",
"version": "10.11.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Espino Garcia"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.3.x \u003c= 11.3.0, 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that returns an arbitrarily large response when a user clicks an interactive message button.. Mattermost Advisory ID: MMSA-2026-00571"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T11:06:44.920Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"name": "MMSA-2026-00571",
"tags": [
"vendor-advisory"
],
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.4.0, 11.3.1, 11.2.3, 10.11.11 or higher."
}
],
"source": {
"advisory": "MMSA-2026-00571",
"defect": [
"https://mattermost.atlassian.net/browse/MM-67073"
],
"discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
},
"title": "Denial of Service via Unbounded Memory Allocation in Integration Actions",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2026-2456",
"datePublished": "2026-03-16T11:06:44.920Z",
"dateReserved": "2026-02-13T11:02:52.828Z",
"dateUpdated": "2026-03-16T13:49:58.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25579 (GCVE-0-2026-25579)
Vulnerability from cvelistv5 – Published: 2026-02-04 21:58 – Updated: 2026-02-05 14:31
VLAI
Title
Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints
Summary
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL (/share/img/<token>). When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth. This triggers the Linux OOM killer, terminates the Navidrome process, and results in a full service outage. If the system has sufficient memory and survives the allocation, Navidrome then writes these extremely large resized images into its cache directory, allowing an attacker to rapidly exhaust server disk space as well. This issue has been patched in version 0.60.0.
Severity
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/navidrome/navidrome/security/a… | x_refsource_CONFIRM |
| https://github.com/navidrome/navidrome/releases/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T14:24:49.315825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:31:33.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "navidrome",
"vendor": "navidrome",
"versions": [
{
"status": "affected",
"version": "\u003c 0.60.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL (/share/img/\u003ctoken\u003e). When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth. This triggers the Linux OOM killer, terminates the Navidrome process, and results in a full service outage. If the system has sufficient memory and survives the allocation, Navidrome then writes these extremely large resized images into its cache directory, allowing an attacker to rapidly exhaust server disk space as well. This issue has been patched in version 0.60.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T21:58:23.850Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/navidrome/navidrome/security/advisories/GHSA-hrr4-3wgr-68x3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-hrr4-3wgr-68x3"
},
{
"name": "https://github.com/navidrome/navidrome/releases/tag/v0.60.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/navidrome/navidrome/releases/tag/v0.60.0"
}
],
"source": {
"advisory": "GHSA-hrr4-3wgr-68x3",
"discovery": "UNKNOWN"
},
"title": "Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/\u003ctoken\u003e` endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25579",
"datePublished": "2026-02-04T21:58:23.850Z",
"dateReserved": "2026-02-03T01:02:46.715Z",
"dateUpdated": "2026-02-05T14:31:33.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Implementation, Architecture and Design
Description:
- Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
Mitigation
Phase: Operation
Description:
- Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
No CAPEC attack patterns related to this CWE.