Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-789

CWE-789

Memory Allocation with Excessive Size Value

Parent: CWE-770 - Allocation of Resources Without Limits or Throttling

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

153 vulnerabilities with CWE-789

CVE-2026-44967 MEDIUM

opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response

CVE-2026-47734 MEDIUM

Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

CVE-2026-10142 HIGH

kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length

CVE-2026-52759 MEDIUM

Ghidra < 12.1.1 - Denial of Service via Uncontrolled Memory Allocation in Mach-O Parser

CVE-2026-52753 MEDIUM

Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol

CVE-2026-49975 HIGH

Apache HTTP Server: mod_http2 denial of service

CVE-2026-41178 MEDIUM

OpenTelemetry-Go's baggage parsing no longer caps raw header length

CVE-2026-47319 MEDIUM

Samsung Open Source Rlottie - Memory Allocation with Excessive Size Value

CVE-2026-9538 HIGH

Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header

CVE-2026-5740 HIGH

Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

CVE-2026-8485 MEDIUM

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation

CVE-2026-47313 MEDIUM

Samsung Open Source Escargot 590345cc6258317c5da850d846ce6baaf2afc2d3 - Excessive Memory Allocation

CVE-2026-6340 MEDIUM

Mattermost 10.11.0-10.11.13 11.4.0-11.4.3 11.5.0-11.5.1 - Authenticated Denial of Service via 7zip Archive Processing

CVE-2026-44375 HIGH

Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

CVE-2026-42582 HIGH

Netty: HTTP/3 QPACK literal unbounded allocation

CVE-2026-42946 MEDIUM

NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

CVE-2026-42348 MEDIUM

open-telemetry opentelemetry-dotnet-contrib - OpAMP Client Reads Unbounded HTTP Response Bodies

CVE-2026-42189 HIGH

Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

CVE-2026-42241 MEDIUM

ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

CVE-2026-43868 MEDIUM

Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

CVE-2026-42154 HIGH

Prometheus: remote read endpoint allows denial of service via crafted snappy payload

CVE-2026-42146 MEDIUM

CImg Library: Uncontrolled memory allocation via nb_colors field in _load_bmp

CVE-2026-42440 HIGH

Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader

CVE-2026-33524 HIGH

Zserio: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization

CVE-2026-40894 MEDIUM

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

Page 1 of 7 Next

Details

Vulnerabilities 153

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy