Skip to main content

CWE-130

Improper Handling of Length Parameter Inconsistency

71 CVEs Avg CVSS 6.9 MITRE
5
CRITICAL
32
HIGH
34
MEDIUM
0
LOW
6
POC
0
KEV

Monthly

CVE-2026-54466 npm CRITICAL PATCH GHSA Act Now

Message corruption in the Node.js websocket-driver package (versions < 0.7.5) lets a remote WebSocket client desynchronize frame parsing by abusing the draft-protocol length header. By streaming an indefinite run of continuation bytes (0x80 or higher), an attacker forces the server to accumulate an ever-growing integer that exceeds JavaScript's 64-bit floating-point precision, so the true payload length is computed incorrectly and subsequent bytes are parsed against the wrong frame boundaries. There is no public exploit identified at time of analysis and no CVSS score was assigned; the fix in 0.7.5 rejects any frame whose length header exceeds the configured maximum message length.

Information Disclosure
NVD GitHub
CVE-2026-47692 MEDIUM PATCH This Month

PROXY Protocol v2 TLV overflow in Envoy Proxy versions 1.34.0 through the pre-fix series allows an operator-level attacker on an adjacent network to smuggle extraneous bytes into upstream requests. Envoy's header generator writes TLV content exceeding the protocol-mandated 65535-byte maximum without adjusting the length field, creating a header where declared length and actual byte count diverge - a textbook CWE-130 length-parameter inconsistency. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog; risk is constrained by the high-privilege and adjacent-network prerequisites reflected in the CVSS 4.8 medium score.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-6432 MEDIUM PATCH This Month

Improper bounds validation in Silicon Labs EmberZNet SDK versions 9.0.2 and earlier exposes Zigbee-connected devices to crashes and dynamic memory leakage via network-reachable input. Authenticated network attackers can trigger the flaw with low complexity, resulting in denial-of-service conditions or unintended disclosure of heap contents. No public exploit has been identified at time of analysis, and a vendor patch is available via the SISDK GitHub release repository.

Denial Of Service Sisdk
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-48487 PyPI MEDIUM PATCH GHSA This Month

Cache poisoning in python-zeroconf before 0.149.16 allows any unauthenticated adjacent-network attacker to inject attacker-controlled DNS records into the local mDNS cache by multicasting a single crafted UDP packet on port 5353. The parser in `_read_character_string` and `_read_string` advanced its offset by a caller-declared length without validating it against the actual packet buffer size; Python's silent slice truncation meant over-advertised records were accepted and committed to `DNSCache` and `ServiceInfo` intact. The vendor manually downgraded severity to low, noting no RCE or OOM risk, but characterizes this as a building block for higher-impact chains in downstream consumers such as Home Assistant. No public exploit code has been identified and the vulnerability is not in CISA KEV.

Python Information Disclosure Suse
NVD GitHub
CVSS 3.1
6.5
CVE-2026-48685 MEDIUM This Month

Out-of-bounds memory access in FastNetMon Community Edition through 1.2.9 allows an authenticated BGP peer to crash the monitoring process by sending a crafted UPDATE message. The parser in src/bgp_protocol.hpp correctly detects the RFC 4271 Extended Length flag but reads only one byte of the mandatory two-byte length field, silently truncating attribute lengths above 255 bytes and causing cascading misparse of subsequent BGP data. With CVSS availability impact rated High and SSVC confirming no known active exploitation, this is a targeted denial-of-service risk primarily affecting network operators using FastNetMon for DDoS detection - no public exploit code identified at time of analysis.

Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9054 CRITICAL PATCH Act Now

Remote denial-of-service in 9front (a fork of Plan 9 from Bell Labs) allows unauthenticated network attackers to trigger a kernel panic by sending malformed TCP, IL, RUDP, or GRE packets whose total length is shorter than the protocol header size. The flaw affects 9front Plan 9 4e prior to commit 70c97c334171c715df82774d1a47638abaca2db4 and carries a CVSS 4.0 score of 9.2 driven by high availability impact and automatable exploitation; no public exploit identified at time of analysis.

Information Disclosure 9Front
NVD VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-5766 PyPI MEDIUM PATCH This Month

Django 6.0 before 6.0.5 and 5.2 before 5.2.14 allow remote attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by submitting ASGI requests with missing or understated Content-Length headers, potentially loading large files into memory and causing denial of service through resource exhaustion. No active exploitation confirmed, but the vulnerability requires only network access and no authentication, making it trivially exploitable once the bypass is understood.

Authentication Bypass Python Suse Red Hat
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-33846 HIGH PATCH This Week

Heap buffer overflow in GnuTLS DTLS handshake allows remote unauthenticated attackers to crash applications or corrupt memory. The vulnerability stems from inconsistent fragment validation in merge_handshake_packet(), where attackers can send crafted DTLS fragments with conflicting message_length values to trigger out-of-bounds writes. Red Hat reported this affecting RHEL 6-10 and OpenShift Container Platform 4. CVSS 7.5 (High) reflects network-accessible denial of service, though memory corruption may enable further exploitation. No EPSS data, KEV status, or POC availability reported at time of analysis, but the remote unauthenticated attack vector (AV:N/PR:N) and low complexity (AC:L) make this a priority for systems using DTLS.

Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3868 HIGH This Week

Buffer overflow in Moxa Secure Router's HTTPS management interface allows unauthenticated remote attackers to crash the web service via specially crafted requests with malformed length parameters. Exploitation causes denial-of-service requiring device reboot, with no confidentiality or integrity impact. CVSS 8.7 reflects high availability impact to the vulnerable component only. No public exploit code identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).

Buffer Overflow
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-31635 HIGH POC PATCH This Week

Remote denial of service in Linux kernel rxrpc subsystem allows unauthenticated network attackers to trigger kernel crash via malformed rxgk RESPONSE packets. An inverted length check in rxgk_verify_response() accepts oversized authenticators, causing skb_to_sgvec() to hit BUG_ON() and panic the kernel. EPSS exploitation probability is very low (0.02%, 4th percentile), no active exploitation confirmed, and patches are available across stable kernel branches 6.18.23, 6.19.13, and 7.0.

Information Disclosure Linux
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CRITICAL PATCH Act Now

Message corruption in the Node.js websocket-driver package (versions < 0.7.5) lets a remote WebSocket client desynchronize frame parsing by abusing the draft-protocol length header. By streaming an indefinite run of continuation bytes (0x80 or higher), an attacker forces the server to accumulate an ever-growing integer that exceeds JavaScript's 64-bit floating-point precision, so the true payload length is computed incorrectly and subsequent bytes are parsed against the wrong frame boundaries. There is no public exploit identified at time of analysis and no CVSS score was assigned; the fix in 0.7.5 rejects any frame whose length header exceeds the configured maximum message length.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

PROXY Protocol v2 TLV overflow in Envoy Proxy versions 1.34.0 through the pre-fix series allows an operator-level attacker on an adjacent network to smuggle extraneous bytes into upstream requests. Envoy's header generator writes TLV content exceeding the protocol-mandated 65535-byte maximum without adjusting the length field, creating a header where declared length and actual byte count diverge - a textbook CWE-130 length-parameter inconsistency. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog; risk is constrained by the high-privilege and adjacent-network prerequisites reflected in the CVSS 4.8 medium score.

Information Disclosure Envoy
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper bounds validation in Silicon Labs EmberZNet SDK versions 9.0.2 and earlier exposes Zigbee-connected devices to crashes and dynamic memory leakage via network-reachable input. Authenticated network attackers can trigger the flaw with low complexity, resulting in denial-of-service conditions or unintended disclosure of heap contents. No public exploit has been identified at time of analysis, and a vendor patch is available via the SISDK GitHub release repository.

Denial Of Service Sisdk
NVD GitHub
CVSS 6.5
MEDIUM PATCH This Month

Cache poisoning in python-zeroconf before 0.149.16 allows any unauthenticated adjacent-network attacker to inject attacker-controlled DNS records into the local mDNS cache by multicasting a single crafted UDP packet on port 5353. The parser in `_read_character_string` and `_read_string` advanced its offset by a caller-declared length without validating it against the actual packet buffer size; Python's silent slice truncation meant over-advertised records were accepted and committed to `DNSCache` and `ServiceInfo` intact. The vendor manually downgraded severity to low, noting no RCE or OOM risk, but characterizes this as a building block for higher-impact chains in downstream consumers such as Home Assistant. No public exploit code has been identified and the vulnerability is not in CISA KEV.

Python Information Disclosure Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds memory access in FastNetMon Community Edition through 1.2.9 allows an authenticated BGP peer to crash the monitoring process by sending a crafted UPDATE message. The parser in src/bgp_protocol.hpp correctly detects the RFC 4271 Extended Length flag but reads only one byte of the mandatory two-byte length field, silently truncating attribute lengths above 255 bytes and causing cascading misparse of subsequent BGP data. With CVSS availability impact rated High and SSVC confirming no known active exploitation, this is a targeted denial-of-service risk primarily affecting network operators using FastNetMon for DDoS detection - no public exploit code identified at time of analysis.

Buffer Overflow N A
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Remote denial-of-service in 9front (a fork of Plan 9 from Bell Labs) allows unauthenticated network attackers to trigger a kernel panic by sending malformed TCP, IL, RUDP, or GRE packets whose total length is shorter than the protocol header size. The flaw affects 9front Plan 9 4e prior to commit 70c97c334171c715df82774d1a47638abaca2db4 and carries a CVSS 4.0 score of 9.2 driven by high availability impact and automatable exploitation; no public exploit identified at time of analysis.

Information Disclosure 9Front
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Django 6.0 before 6.0.5 and 5.2 before 5.2.14 allow remote attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by submitting ASGI requests with missing or understated Content-Length headers, potentially loading large files into memory and causing denial of service through resource exhaustion. No active exploitation confirmed, but the vulnerability requires only network access and no authentication, making it trivially exploitable once the bypass is understood.

Authentication Bypass Python Suse +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap buffer overflow in GnuTLS DTLS handshake allows remote unauthenticated attackers to crash applications or corrupt memory. The vulnerability stems from inconsistent fragment validation in merge_handshake_packet(), where attackers can send crafted DTLS fragments with conflicting message_length values to trigger out-of-bounds writes. Red Hat reported this affecting RHEL 6-10 and OpenShift Container Platform 4. CVSS 7.5 (High) reflects network-accessible denial of service, though memory corruption may enable further exploitation. No EPSS data, KEV status, or POC availability reported at time of analysis, but the remote unauthenticated attack vector (AV:N/PR:N) and low complexity (AC:L) make this a priority for systems using DTLS.

Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +5
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Buffer overflow in Moxa Secure Router's HTTPS management interface allows unauthenticated remote attackers to crash the web service via specially crafted requests with malformed length parameters. Exploitation causes denial-of-service requiring device reboot, with no confidentiality or integrity impact. CVSS 8.7 reflects high availability impact to the vulnerable component only. No public exploit code identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).

Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Remote denial of service in Linux kernel rxrpc subsystem allows unauthenticated network attackers to trigger kernel crash via malformed rxgk RESPONSE packets. An inverted length check in rxgk_verify_response() accepts oversized authenticators, causing skb_to_sgvec() to hit BUG_ON() and panic the kernel. EPSS exploitation probability is very low (0.02%, 4th percentile), no active exploitation confirmed, and patches are available across stable kernel branches 6.18.23, 6.19.13, and 7.0.

Information Disclosure Linux
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy