CWE-789
129 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-789page 2 of 3
- CVE-2023-52429MEDIUMCVSS 5.5EG 5.52024-02-12
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.
- CVE-2023-5371MEDIUMCVSS 5.3EG 5.32023-10-04
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file
- CVE-2023-6516HIGHCVSS 7.5EG 7.52024-02-13
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache elem…
- CVE-2024-20260HIGHCVSS 8.6EG 8.62024-10-23
A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow a…
- CVE-2024-2494MEDIUMCVSS 6.2EG 6.22024-03-21
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 funct…
- CVE-2024-32035MEDIUMCVSS 5.3EG 5.32024-04-15
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp att…
- CVE-2024-35116MEDIUMCVSS 5.9EG 5.92024-06-28
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.
- CVE-2024-35152MEDIUMCVSS 6.5EG 6.52024-08-14
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.
- CVE-2024-37071MEDIUMCVSS 5.3EG 5.32024-12-07
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
- CVE-2024-37168MEDIUMCVSS 5.3EG 5.32024-06-10
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of th…
- CVE-2024-37529MEDIUMCVSS 6.5EG 6.52024-08-14
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.
- CVE-2024-40680MEDIUMCVSS 5.5EG 5.52024-09-07
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
- CVE-2024-41132MEDIUMCVSS 5.3EG 5.32024-07-22
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp at…
- CVE-2024-41761MEDIUMCVSS 5.3EG 5.32024-11-23
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2024-41762MEDIUMCVSS 5.3EG 5.32024-12-07
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2024-43484HIGHCVSS 7.5EG 7.52024-10-08
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
- CVE-2024-52791MEDIUMCVSS 5.3EG 5.32025-01-16
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for pars…
- CVE-2025-11579MEDIUMCVSS 5.3EG 5.32025-10-10
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory…
- CVE-2025-12983LOWCVSS 3.5EG 3.52025-11-15
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submittin…
- CVE-2025-20140HIGHCVSS 7.4EG 7.42025-05-07
A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vul…
- CVE-2025-20165HIGHCVSS 7.5EG 7.52025-01-22
A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is…
- CVE-2025-23331HIGHCVSS 7.5EG 7.52025-08-06
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of…
- CVE-2025-2518MEDIUMCVSS 5.3EG 5.32025-05-29
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2025-25186MEDIUMCVSS 6.5EG 6.52025-02-10
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-…
- CVE-2025-2533MEDIUMCVSS 5.3EG 5.32025-07-29
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2025-2534MEDIUMCVSS 5.3EG 5.32025-11-07
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specia…
- CVE-2025-26618HIGHCVSS 7.0EG 0.02025-02-20
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of r…
- CVE-2025-2668MEDIUMCVSS 6.5EG 6.52026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.
- CVE-2025-27533HIGHCVSS 7.5EG 7.52025-05-07
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited …
- CVE-2025-29491MEDIUMCVSS 6.5EG 6.52025-03-27
An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows attackers to cause a Denial of Service (DoS) via supplying a crafted SWF file.
- CVE-2025-30211HIGHCVSS 7.5EG 7.52025-03-28
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC speci…
- CVE-2025-32386MEDIUMCVSS 6.5EG 6.52025-04-09
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can…
- CVE-2025-3632HIGHCVSS 7.5EG 7.52025-05-12
IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size.
- CVE-2025-43857MEDIUMCVSS 6.5EG 6.52025-04-28
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server resp…
- CVE-2025-4605MEDIUMCVSS 6.6EG 5.52025-06-11
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
- CVE-2025-53893MEDIUMCVSS 6.5EG 6.52025-07-15
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulnerability exists in the file processing lo…
- CVE-2025-54149MEDIUMCVSS 5.5EG 5.52026-02-11
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi…
- CVE-2025-54150MEDIUMCVSS 5.5EG 5.52026-02-11
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi…
- CVE-2025-54151MEDIUMCVSS 5.5EG 5.52026-02-11
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi…
- CVE-2025-54801HIGHCVSS 7.5EG 7.52025-08-06
Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index (e.g., test.18446744073704), the appl…
- CVE-2025-61600HIGHCVSS 7.5EG 7.52025-10-02
Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the syst…
- CVE-2025-61910HIGHCVSS 7.5EG 7.52025-10-07
The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to re…
- CVE-2025-62599HIGHCVSS 8.6EG 8.62026-02-03
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submess…
- CVE-2025-62600HIGHCVSS 8.6EG 8.62026-02-03
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submess…
- CVE-2025-66199MEDIUMCVSS 5.9EG 5.92026-01-27
Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-conn…
- CVE-2025-8696HIGHCVSS 7.5EG 7.52025-09-10
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.
- CVE-2026-21452HIGHCVSS 7.5EG 7.52026-01-02
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While M…
- CVE-2026-22026HIGHCVSS 7.5EG 7.52026-01-10
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to…
- CVE-2026-22188MEDIUMCVSS 5.5EG 5.52026-01-07
The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based dire…
- CVE-2026-22803HIGHCVSS 7.5EG 7.52026-01-15
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A …
Map vulnerabilities like CWE-789 to your infrastructure
EchelonGraph correlates every CVE — across CWE-789 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →