Skip to main content

CWE-1325

Improperly Controlled Sequential Memory Allocation

10 CVEs Avg CVSS 6.0 MITRE
0
CRITICAL
3
HIGH
6
MEDIUM
0
LOW
2
POC
0
KEV

Monthly

CVE-2026-34183 HIGH PATCH This Week

Denial of service in OpenSSL QUIC implementation allows remote unauthenticated attackers to exhaust server memory by sending crafted PATH_CHALLENGE frames that trigger unbounded memory growth in the QUIC handler. The flaw affects OpenSSL branches 3.4.x, 3.5.x, 3.6.x, and 4.0.0, and is fixed in the 4.0.1 security release alongside numerous other CVEs. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the network-reachable, no-auth nature of QUIC server endpoints makes the issue operationally relevant for TLS/QUIC-facing services.

Information Disclosure OpenSSL Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8199 HIGH PATCH This Week

Authenticated attackers can exhaust MongoDB Server memory using malicious bitwise match expressions ($bitsAllSet, $bitsAnySet, $bitsAllClear, $bitsAnyClear), leading to out-of-memory denial of service. Affects MongoDB Server 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. Vendor-released patches are available across all affected major versions. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability in the wild, and no public exploit code has been identified at time of analysis.

Information Disclosure Mongodb Server
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-6535 MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes application crash during zlib decompression in the packet dissection engine when processing malformed compressed traffic. Local attackers with user privileges can trigger the crash by opening a specially crafted pcap file or receiving a malicious packet capture, requiring user interaction but no authentication. No public exploit code or active exploitation has been identified at time of analysis.

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6533 MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers to crash the application by triggering an unhandled exception in the LZ77 decompression engine when processing malformed compressed packet data. The vulnerability requires user interaction (opening a crafted packet capture file or receiving a malicious packet) but causes immediate application termination, impacting network analysis workflows.

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6869 MEDIUM PATCH This Month

Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed WebSocket protocol packets, enabling local denial of service. An attacker with the ability to trigger packet dissection-either by crafting a malicious PCAP file or intercepting traffic on a local network-can force the application to crash by supplying a WebSocket frame that triggers an unhandled error condition in the protocol dissector. The vulnerability requires user interaction (opening a file or navigating to a network interface) and operates at local scope, resulting in application unavailability rather than code execution.

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6867 MEDIUM PATCH This Month

Wireshark SMB2 protocol dissector crashes when processing malformed packets, causing denial of service in versions 4.6.0-4.6.4 and 4.4.0-4.4.14. A local attacker with low privileges can trigger the crash by crafting a malicious SMB2 packet and inducing the user to open it in Wireshark, resulting in application termination and loss of packet capture capability. No public exploit code or active exploitation in the wild has been identified at the time of analysis.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-3201 MEDIUM POC PATCH This Month

Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.

Denial Of Service Red Hat Wireshark Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-24819 Maven Monitor

Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java.

Java
NVD GitHub
EPSS
0.0%
CVE-2025-13945 MEDIUM POC PATCH This Month

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

Denial Of Service Debian Ubuntu Red Hat Wireshark +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-2240 Maven HIGH PATCH This Week

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in OpenSSL QUIC implementation allows remote unauthenticated attackers to exhaust server memory by sending crafted PATH_CHALLENGE frames that trigger unbounded memory growth in the QUIC handler. The flaw affects OpenSSL branches 3.4.x, 3.5.x, 3.6.x, and 4.0.0, and is fixed in the 4.0.1 security release alongside numerous other CVEs. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the network-reachable, no-auth nature of QUIC server endpoints makes the issue operationally relevant for TLS/QUIC-facing services.

Information Disclosure OpenSSL Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authenticated attackers can exhaust MongoDB Server memory using malicious bitwise match expressions ($bitsAllSet, $bitsAnySet, $bitsAllClear, $bitsAnyClear), leading to out-of-memory denial of service. Affects MongoDB Server 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. Vendor-released patches are available across all affected major versions. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability in the wild, and no public exploit code has been identified at time of analysis.

Information Disclosure Mongodb Server
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes application crash during zlib decompression in the packet dissection engine when processing malformed compressed traffic. Local attackers with user privileges can trigger the crash by opening a specially crafted pcap file or receiving a malicious packet capture, requiring user interaction but no authentication. No public exploit code or active exploitation has been identified at time of analysis.

Denial Of Service Red Hat Suse
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers to crash the application by triggering an unhandled exception in the LZ77 decompression engine when processing malformed compressed packet data. The vulnerability requires user interaction (opening a crafted packet capture file or receiving a malicious packet) but causes immediate application termination, impacting network analysis workflows.

Denial Of Service Red Hat Suse
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed WebSocket protocol packets, enabling local denial of service. An attacker with the ability to trigger packet dissection-either by crafting a malicious PCAP file or intercepting traffic on a local network-can force the application to crash by supplying a WebSocket frame that triggers an unhandled error condition in the protocol dissector. The vulnerability requires user interaction (opening a file or navigating to a network interface) and operates at local scope, resulting in application unavailability rather than code execution.

Denial Of Service Red Hat Suse
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Wireshark SMB2 protocol dissector crashes when processing malformed packets, causing denial of service in versions 4.6.0-4.6.4 and 4.4.0-4.4.14. A local attacker with low privileges can trigger the crash by crafting a malicious SMB2 packet and inducing the user to open it in Wireshark, resulting in application termination and loss of packet capture capability. No public exploit code or active exploitation in the wild has been identified at the time of analysis.

Denial Of Service Red Hat Suse
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.

Denial Of Service Red Hat Wireshark +1
NVD
EPSS 0%
Monitor

Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java.

Java
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

Denial Of Service Debian Ubuntu +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy