CWE-789(Memory Allocation with Excessive Size Value)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | C | — | Undetermined | — |
| language | C++ | — | Undetermined | — |
| language | — | Not Language-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-41178 | 2026-06-04 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log e… |
| CVE-2026-47319 | 2026-06-04 | Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd. |
| CVE-2026-9538 | 2026-05-26 | Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), w… |
| CVE-2018-25378 | 2026-05-25 | Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can creat… |
| CVE-2018-25368 | 2026-05-25 | Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can… |
| CVE-2026-8485 | 2026-05-20 | Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.… |
| CVE-2026-47313 | 2026-05-19 | Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. |
| CVE-2026-6340 | 2026-05-18 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exha… |
| CVE-2021-47973 | 2026-05-16 | Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can genera… |
| CVE-2021-47972 | 2026-05-16 | Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can pa… |
| CVE-2021-47971 | 2026-05-16 | My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a pay… |
| CVE-2021-47970 | 2026-05-16 | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload … |
| CVE-2021-47969 | 2026-05-16 | Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a paylo… |
| CVE-2026-44375 | 2026-05-14 | Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A … |
| CVE-2026-42582 | 2026-05-13 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuff… |
| CVE-2026-42946 | 2026-05-13 | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured,… |
| CVE-2026-42348 | 2026-05-12 | OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer … |
| CVE-2021-47944 | 2026-05-10 | memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a pa… |
| CVE-2026-42189 | 2026-05-08 | Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicio… |
| CVE-2026-42241 | 2026-05-07 | ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an atta… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Taxonomy_Mappings |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Common_Consequences, Observed_Examples |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated References |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Taxonomy_Mappings |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated References, Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-06-25 | CWE Content Team | 4.1 | — | updated Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Alternate_Terms, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Relationships, Time_of_Introduction |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Demonstrative_Examples, Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Observed_Examples |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes, Relationships |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Affected_Resources, Functional_Areas, Observed_Examples |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Detection_Factors, References |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Observed_Examples |