Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-789

CWE-789

Memory Allocation with Excessive Size Value

Parent: CWE-770 - Allocation of Resources Without Limits or Throttling

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

153 vulnerabilities with CWE-789

CVE-2026-40891 MEDIUM

OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

CVE-2026-40182 MEDIUM

OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

CVE-2026-41314 MEDIUM

pypdf: Manipulated FlateDecode image dimensions can exhaust RAM

CVE-2026-41312 MEDIUM

pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM

CVE-2026-40303 HIGH

zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

CVE-2026-35633 MEDIUM

OpenClaw < 2026.3.22 - Unbounded Memory Allocation via Remote Media Error Responses

CVE-2026-35186 HIGH

Wasmtime Winch table.grow - Denial of Service

CVE-2026-39882 MEDIUM

OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

CVE-2026-24146 HIGH

NVIDIA Triton Inference Server < 26.02 - Denial of Service via Large Output Count

CVE-2026-39312 HIGH

Pre-Auth EAP-TLS DoS on SoftEther VPN Developer Edition

CVE-2026-35549 MEDIUM

MariaDB <11.4.10, 11.5-11.8.5, 12-12.2.1 - DoS

CVE-2026-24030 MEDIUM

Unbounded memory allocation for DoQ and DoH3

CVE-2026-24158 HIGH

NVIDIA Triton Inference Server < 26.01 - Denial of Service via Large Compressed HTTP Payload

CVE-2026-33174 HIGH

Rails Active Storage Proxy Mode - Range Request Denial of Service

CVE-2026-32941 MEDIUM

Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports

CVE-2026-26931 MEDIUM

Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service

CVE-2026-32836 MEDIUM

mackron / dr_libs Excessive Memory Allocation in PICTURE Metadata Parsing

CVE-2026-2456 MEDIUM

Denial of Service via Unbounded Memory Allocation in Integration Actions

CVE-2026-26246 MEDIUM

Memory Exhaustion via Malformed PSD File Upload

CVE-2026-25780 MEDIUM

Memory Exhaustion via Malformed DOC File Upload

CVE-2026-29776 LOW

FreeRDP <3.24.0 - Memory Corruption

CVE-2026-28253 HIGH

Trane Tracer SC/SC+/Concierge - DoS

CVE-2026-27887 MEDIUM

Spin < 3.6.1, SpinKube < 0.6.2, containerd-shim-spin < 0.22.1 - Denial of Service via Unbounded Response Buffering

CVE-2026-27809 CRITICAL

psd-tools < 1.12.2 - Denial of Service via Malformed RLE-Compressed Image Data

CVE-2026-20048 HIGH

Cisco NX-OS System Software in ACI Mode - Authenticated Denial of Service via SNMP Request Parsing

Previous Page 2 of 7 Next

Details

Vulnerabilities 153

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy