CVE-2026-2454

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...

SUSE CVE-2026-23957

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...

CVE-2026-23957 seroval is vulnerable to Denial of Service via array serialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...

Seroval security vulnerabilities

Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the handling of overly large array length values during deserialization, which can significantly increase processing time...

Seroval affected by Denial of Service via Array serialization

Overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing time. Mitigation: Seroval no longer encodes array lengths. Instead, it computes length using Array.prototype.length during deserialization...

Allocation of Resources Without Limits or Throttling

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the encoded array lengths serialization process. An attacker can cause excessive processing time by overriding encoded array lengths with extremel...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the encoded array lengths serialization process. An attacker can cause excessive processing time by overriding encoded array lengt...

USN-7751-1: SQLite vulnerability

It was discovered that the FTS5 SQLite extension incorrectly calculated certain array lengths. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-7751-1 sqlite3 vulnerability

It was discovered that the FTS5 SQLite extension incorrectly calculated certain array lengths. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...

CLSA-2025-1741032827 libvirt: Fix of CVE-2024-2494

CVE-2024-2494: check for negative array lengths before allocation in remotedaemondispatch...

Denial Of Service (DoS)

Libvirt is vulnerable to Denial of ServiceDoS. The vulnerability is due to improper handling of negative array lengths during memory allocation. If an attacker can pass a negative length to the gnew0 function will usually result in a Denial of ServiceDoS...

[M-1] Potential DoS attack due to unchecked array lengths in loop

Lines of code Vulnerability details M-1 Potential DoS attack due to unchecked array lengths in loop Impact If strategies and shares have different lengths and the code uses them in a loop without checking their lengths, it could potentially cause an out-of-bounds error, which could lead to a...

Medium: dbus

Issue Overview: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. CVE-2022-42010 An...