Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-789

CWE-789

Memory Allocation with Excessive Size Value

Parent: CWE-770 - Allocation of Resources Without Limits or Throttling

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

153 vulnerabilities with CWE-789

CVE-2026-27204 MEDIUM

Wasmtime <24.0.6/36.0.6/40.0.4/41.0.4/42.0.0 - DoS

CVE-2026-25899 HIGH

GoFiber v3 <3.1.0 - Deserialization

CVE-2026-25985 HIGH

ImageMagick <7.1.2-15/<6.9.13-40 - DoS

CVE-2026-25579 MEDIUM

Navidrome < 0.60.0 - Authenticated Denial of Service via Large Cover Art Size Parameter

CVE-2026-22803 HIGH

SvelteKit 2.49.0-2.49.4 - Denial of Service via Form Remote Function Memory Exhaustion

CVE-2026-22026 HIGH

CryptoLib < 1.4.3 - Denial of Service via Unbounded Memory Allocation in KMC Client

CVE-2026-22188 MEDIUM

Panda3D <= 1.10.16 - Denial of Service via Unbounded Stack Allocation in deploy-stub

CVE-2026-21452 HIGH

MessagePack for Java < 0.9.11 - Denial of Service via EXT32 Payload Length

CVE-2025-54151 MEDIUM

Qsync Central 5.0.0.0-5.0.0.3 - Denial of Service via Uncontrolled Resource Consumption

CVE-2025-54150 MEDIUM

Qsync Central 5.0.0.0-5.0.0.3 - Authenticated Denial of Service via Uncontrolled Resource Consumption

CVE-2025-54149 MEDIUM

Qsync Central 5.0.0.0-5.0.0.3 - Authenticated Denial of Service via Uncontrolled Resource Consumption

CVE-2025-62600 HIGH

eProsima Fast DDS <2.6.11, 2.7.0-2.14.5, 3.0.0-3.2.3, 3.3.0, 3.4.0-3.4.1 - Remote DoS via SPDP Packet Tampering

CVE-2025-62599 HIGH

eProsima Fast DDS < 2.6.11, 2.7.0-2.14.5, 3.0.0-3.2.3, 3.3.0, 3.4.0 - Remote DoS via SPDP Packet Tampering

CVE-2025-2668 MEDIUM

IBM Db2 11.5.0-11.5.9 - Authenticated Denial of Service via Crafted Query

CVE-2025-66199 MEDIUM

OpenSSL 3.3.0-3.3.6 - Denial of Service via TLS 1.3 Certificate Compression

CVE-2025-12983 LOW

GitLab 16.9-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Authenticated Denial of Service via Nested Markdown Formatting

CVE-2025-2534 MEDIUM

IBM Db2 11.1.0-11.1.4.7, 11.5.0-11.5.9, 12.1.0-12.1.3 - Denial of Service via Specially Crafted Query

CVE-2025-11579 MEDIUM

nwaples/rardecode <= 2.1.1 - Denial of Service via Large RAR Dictionary Size

CVE-2025-61910 HIGH

ION-DTN 4.1.3s - Denial of Service via Malformed BPv7 Extension Block

CVE-2025-61600 HIGH

Stalwart <0.13.3 - Memory Corruption

CVE-2025-8696 HIGH

ISC Stork 1.0.0-2.3.0 - Unauthenticated Denial of Service via Large Data Input

CVE-2025-23331 HIGH

NVIDIA Triton Inference Server < 25.06 - Denial of Service via Invalid Request

CVE-2025-54801 HIGH

Fiber < 2.52.9 - Denial of Service via Large Numeric Key in Form Data

CVE-2025-2533 MEDIUM

IBM Db2 12.1.0-12.1.2 - Denial of Service via Crafted Query

CVE-2025-53893 MEDIUM

filebrowser 2.38.0 - Authenticated Denial of Service via File Read Endpoint

Previous Page 3 of 7 Next

Details

Vulnerabilities 153

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy