Skip to main content

CWE-228

Improper Handling of Syntactically Invalid Structure

15 CVEs Avg CVSS 6.5 MITRE
0
CRITICAL
9
HIGH
5
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2025-59174 HIGH PATCH This Week

Denial-of-service in Ericsson Packet Core Controller (PCC) versions prior to 1.39 allows an adjacent-network attacker without credentials to degrade service by flooding the controller with specially crafted messages. The CVSS 4.0 score of 7.1 reflects high availability impact with no confidentiality or integrity loss; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Ericsson Information Disclosure
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-25657 HIGH PATCH This Week

Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade service by continuously transmitting malformed messages that the gateway fails to parse safely. The condition causes recurring crashes that persist only while the attack is active, with automatic recovery once it stops, and no public exploit identified at time of analysis.

Ericsson Denial Of Service
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-42100 HIGH This Week

Denial of service in Sparx Systems Pro Cloud Server 6.1 (build 167) and earlier allows authenticated remote attackers to crash the service by submitting a specially crafted SQL query that the server fails to parse safely. The flaw, reported by CERT-PL, results in unexpected termination of the Pro Cloud Server process, and no public exploit identified at time of analysis. The vendor did not respond to disclosure, so the full vulnerable version range remains unconfirmed.

Denial Of Service Pro Cloud Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34232 HIGH PATCH This Week

Remote denial-of-service in Firebird Database Server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via crafted XDR-encoded op_response packets. The xdr_status_vector() function fails to handle isc_arg_cstring status vector types during packet decoding, triggering immediate server termination. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and CWE-228 (Improper Handling of Syntactically Invalid Structure), this represents a high-severity availability risk for internet-exposed Firebird instances. No active exploitation confirmed, but exploit development is trivial given the low attack complexity.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-53828 MEDIUM PATCH This Month

Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Information Disclosure Ericsson
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20125 HIGH This Week

HTTP Server input validation failures in Cisco IOS and IOS XE Release 3E enable authenticated remote attackers to trigger device reloads via malformed requests, causing denial of service. An attacker with valid credentials can exploit improper input handling to exhaust watchdog timers and force unexpected system restarts. No patch is currently available for this vulnerability affecting Cisco and Apple products.

Denial Of Service Apple Cisco
NVD VulDB
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-47736 Cargo LOW Monitor

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
2.9
EPSS
0.1%
CVE-2024-55594 MEDIUM This Month

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fortinet Fortiweb
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2023-42784 MEDIUM This Month

FortiWeb, a web application firewall made by Fortinet, has a flaw where it doesn't properly validate certain malformed HTTP requests, allowing attackers to execute unauthorized code or commands on affected systems. The vulnerability impacts multiple versions of FortiWeb (7.0.0-7.0.10, 7.2.0-7.2.10, and 7.4.0-7.4.6). An attacker could exploit this by sending specially crafted requests to gain control of the system and run arbitrary commands.

Fortinet
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-0343 HIGH This Month

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial-of-service in Ericsson Packet Core Controller (PCC) versions prior to 1.39 allows an adjacent-network attacker without credentials to degrade service by flooding the controller with specially crafted messages. The CVSS 4.0 score of 7.1 reflects high availability impact with no confidentiality or integrity loss; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Ericsson Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade service by continuously transmitting malformed messages that the gateway fails to parse safely. The condition causes recurring crashes that persist only while the attack is active, with automatic recovery once it stops, and no public exploit identified at time of analysis.

Ericsson Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Denial of service in Sparx Systems Pro Cloud Server 6.1 (build 167) and earlier allows authenticated remote attackers to crash the service by submitting a specially crafted SQL query that the server fails to parse safely. The flaw, reported by CERT-PL, results in unexpected termination of the Pro Cloud Server process, and no public exploit identified at time of analysis. The vendor did not respond to disclosure, so the full vulnerable version range remains unconfirmed.

Denial Of Service Pro Cloud Server
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial-of-service in Firebird Database Server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via crafted XDR-encoded op_response packets. The xdr_status_vector() function fails to handle isc_arg_cstring status vector types during packet decoding, triggering immediate server termination. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and CWE-228 (Improper Handling of Syntactically Invalid Structure), this represents a high-severity availability risk for internet-exposed Firebird instances. No active exploitation confirmed, but exploit development is trivial given the low attack complexity.

Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Information Disclosure Ericsson
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

HTTP Server input validation failures in Cisco IOS and IOS XE Release 3E enable authenticated remote attackers to trigger device reloads via malformed requests, causing denial of service. An attacker with valid credentials can exploit improper input handling to exhaust watchdog timers and force unexpected system restarts. No patch is currently available for this vulnerability affecting Cisco and Apple products.

Denial Of Service Apple Cisco
NVD VulDB
EPSS 0% CVSS 2.9
LOW Monitor

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM This Month

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fortinet Fortiweb
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

FortiWeb, a web application firewall made by Fortinet, has a flaw where it doesn't properly validate certain malformed HTTP requests, allowing attackers to execute unauthorized code or commands on affected systems. The vulnerability impacts multiple versions of FortiWeb (7.0.0-7.0.10, 7.2.0-7.2.10, and 7.4.0-7.4.6). An attacker could exploit this by sending specially crafted requests to gain control of the system and run arbitrary commands.

Fortinet
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy