Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1284 — Vulnerability Class 134

134 vulnerabilities classified as CWE-1284. AI Chinese analysis included.

CWE-1284 represents a critical input validation weakness where software fails to properly verify numerical constraints such as size, length, or frequency provided by users. Attackers typically exploit this flaw by submitting maliciously crafted inputs that exceed expected limits, triggering resource exhaustion, buffer overflows, or logic errors during allocation and iteration processes. By bypassing these checks, adversaries can cause denial of service, data corruption, or arbitrary code execution. To mitigate this risk, developers must implement rigorous validation routines that enforce strict upper and lower bounds on all quantitative inputs. This includes verifying that values fall within acceptable ranges before processing, using safe parsing functions, and applying defensive programming techniques to handle unexpected or extreme values gracefully, thereby ensuring system stability and preventing exploitation of unchecked numerical parameters.

MITRE CWE Description
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. Specified quantities include size, length, frequency, price, rate, number of operations, time, and others. Code may rely on specified quantities to allocate resources, perform calculations, control iteration, etc.
Common Consequences (1)
Other, Integrity, AvailabilityVaries by Context, DoS: Resource Consumption (CPU), Modify Memory, Read Memory
When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc.
Mitigations (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
Examples (2)
This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.
... public static final double price = 20.00; int quantity = currentUser.getAttribute("quantity"); double total = price * quantity; chargeUser(total); ...
Bad · Java
This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.
... #define MAX_DIM 100 ... /* board dimensions */ int m,n, error; board_square_t *board; printf("Please specify the board height: \n"); error = scanf("%d", &m); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } printf("Please specify the board width: \n"); error = scanf("%d", &n); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } if ( m > MAX_DIM || n > MAX_DIM ) { die("Value too large: Die evil hacker!\n"); } board = (board_square_t*) malloc( m * n * sizeof(board_square_t)); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-36424 IBM Db2 Denial of Service — Db2 for Linux, UNIX and Windows 6.5 Medium2026-01-30
CVE-2025-36427 IBM Db2 Denial of Service — Db2 for Linux, UNIX and Windows 6.5 Medium2026-01-30
CVE-2025-36428 IBM Db2 Denial of Service — Db2 for Linux, UNIX and Windows 5.3 Medium2026-01-30
CVE-2026-0925 Tanium addressed an improper input validation vulnerability in Discover. — Discover 2.7 Low2026-01-26
CVE-2025-11743 Rockwell Automation CompactLogix® 5370 Denial of Service Vulnerability — CompactLogix® 5370 7.5AIHighAI2026-01-20
CVE-2021-47831 Sandboxie 5.49.7 - Denial of Service — Sandboxie 7.5 High2026-01-16
CVE-2021-47827 WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service — WebSSH for iOS 7.5 High2026-01-16
CVE-2021-47824 iDailyDiary 4.30 - Denial of Service (PoC) — iDailyDiary 7.5 High2026-01-16
CVE-2021-47821 RarmaRadio 2.72.8 - Denial of Service — RarmaRadio 7.5 High2026-01-16
CVE-2021-47818 DupTerminator 1.4.5639.37199 - Denial of Service — DupTerminator 7.5 High2026-01-16
CVE-2023-54337 Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC) — Sysax Multi Server 9.1 Critical2026-01-13
CVE-2024-30516 WordPress Booking Package plugin <= 1.6.27 - Price Manipulation vulnerability — Booking Package 7.5 High2026-01-05
CVE-2023-7332 PocketMine-MP < 4.18.1 Improper Validation of Dropped Item Count Allows Remote Server Crash — PocketMine-MP 6.5 -2025-12-31
CVE-2025-68383 Filebeat Improper Validation of Specified Index, Position, or Offset in Input — Filebeat 6.5 Medium2025-12-18
CVE-2025-67901 openrsync 安全漏洞 — openrsync 5.3 Medium2025-12-14
CVE-2025-36015 IBM Controller Denial of Service — Controller 6.5 Medium2025-12-08
CVE-2025-33211 NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server 7.5 High2025-12-03
CVE-2025-59820 KDE Krita 安全漏洞 — Krita 6.7 Medium2025-11-26
CVE-2025-13507 Time-series operations may cause internal BSON size limit to be exceed — MongoDB Server 6.5 Medium2025-11-25
CVE-2025-54515 AMD Versal Adaptive SoC 安全漏洞 — Versal™ Adaptive SoC Devices 5.7 -2025-11-23
CVE-2025-48507 AMD Zynq UltraScale+ 安全漏洞 — Kria™ SOM 7.8 -2025-11-23
CVE-2025-9316 N-central unauthenticated sessionID generation — N-central 6.5 -2025-11-12
CVE-2025-10259 Denial-of-Service(DoS) Vulnerability in TCP Communication Function on MELSEC iQ-F Series CPU module — MELSEC iQ-F Series FX5U-32MT/ES 5.3 Medium2025-11-06
CVE-2025-36092 IBM Business Automation Insights improper input validation — Cloud Pak For Business Automation 6.5 Medium2025-11-03
CVE-2025-11568 Luksmeta: data corruption when handling luks1 partitions with luksmeta — luksmeta 4.4 Medium2025-10-15
CVE-2025-61938 BIG-IP Advanced WAF and ASM bd process vulnerability — BIG-IP 7.5 High2025-10-15
CVE-2025-11594 ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input — PHP-Bookstore-Website-Example 5.3 Medium2025-10-11
CVE-2025-0038 AMD Zynq UltraScale+ 安全漏洞 — Kria(TM) SOM 6.6 Medium2025-10-06
CVE-2025-43793 Liferay Portal和Liferay DXP 安全漏洞 — Portal 5.3AIMediumAI2025-09-15
CVE-2025-2256 Improper Validation of Specified Quantity in Input in GitLab — GitLab 7.5 High2025-09-12

Vulnerabilities classified as CWE-1284 represent 134 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.