CVE-2026-50011

Netty CVE-2026-50011 affects RedisArrayAggregator in Netty (prior to 4.1.135.Final and 4.2.15.Final). A RESP header can claim a large initial ArrayList capacity, taken from the wire before child messages exist, enabling unbounded pre-allocation. This can cause memory consumption issues. The issue...

OSV-2024-902 Security exception in org.json.JSONArray.writeTo

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69188 Crash type: Security exception Crash state: org.json.JSONArray.writeTo org.json.JSONStringer.value java.base/java.util.ArrayList.elementData...

PT-2024-40884 · Fastjson2 · Fastjson2

Name of the Vulnerable Software and Affected Versions: fastjson2 affected versions not specified Description: The issue is related to a security exception in the fastjson2 library. A crash occurs due to a cycle in the JSONPathSegment, specifically in the CycleNameSegment$MapLoop.accept method. Th...

PT-2024-40870 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs due to a crash in the getInnerBopAst function of JavaAstVisitor class. The issue is related to the ReferencePipeline and ArrayListSpliterator classes in the...

OSV-2024-661 Security exception in java.base/java.util.ArrayList.<init>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66137 Crash type: Security exception Crash state: java.base/java.util.ArrayList. org.apache.poi.xssf.eventusermodel.ReadOnlySharedStringsTable.startElement...

PT-2024-40818 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception crash has been reported. The crash occurs in the java.base/java.util.ArrayList. method, which is called by...

OSV-2024-28 Security exception in java.base/java.util.Arrays.copyOf

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65930 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOf java.base/java.util.ArrayList.grow java.base/java.util.ArrayList.grow...

PT-2024-40701 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java versions affected versions not specified Description: A security exception crash has been reported. The crash occurs in the java.base/java.util.Arrays.copyOf and java.base/java.util.ArrayList.grow functions. Recommendations: At the momen...

PT-2023-35556 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs due to a crash in the getInnerBopAst function of JavaAstVisitor class in Checkstyle. The issue is related to the ReferencePipeline$3$1.accept and...