Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1284 — Vulnerability Class 134

134 vulnerabilities classified as CWE-1284. AI Chinese analysis included.

CWE-1284 represents a critical input validation weakness where software fails to properly verify numerical constraints such as size, length, or frequency provided by users. Attackers typically exploit this flaw by submitting maliciously crafted inputs that exceed expected limits, triggering resource exhaustion, buffer overflows, or logic errors during allocation and iteration processes. By bypassing these checks, adversaries can cause denial of service, data corruption, or arbitrary code execution. To mitigate this risk, developers must implement rigorous validation routines that enforce strict upper and lower bounds on all quantitative inputs. This includes verifying that values fall within acceptable ranges before processing, using safe parsing functions, and applying defensive programming techniques to handle unexpected or extreme values gracefully, thereby ensuring system stability and preventing exploitation of unchecked numerical parameters.

MITRE CWE Description
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. Specified quantities include size, length, frequency, price, rate, number of operations, time, and others. Code may rely on specified quantities to allocate resources, perform calculations, control iteration, etc.
Common Consequences (1)
Other, Integrity, AvailabilityVaries by Context, DoS: Resource Consumption (CPU), Modify Memory, Read Memory
When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc.
Mitigations (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
Examples (2)
This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.
... public static final double price = 20.00; int quantity = currentUser.getAttribute("quantity"); double total = price * quantity; chargeUser(total); ...
Bad · Java
This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.
... #define MAX_DIM 100 ... /* board dimensions */ int m,n, error; board_square_t *board; printf("Please specify the board height: \n"); error = scanf("%d", &m); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } printf("Please specify the board width: \n"); error = scanf("%d", &n); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } if ( m > MAX_DIM || n > MAX_DIM ) { die("Value too large: Die evil hacker!\n"); } board = (board_square_t*) malloc( m * n * sizeof(board_square_t)); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-10094 Improper Validation of Specified Quantity in Input in GitLab — GitLab 6.5 Medium2025-09-12
CVE-2025-32689 WordPress Download Manager and Payment Form plugin <= 2.8.2 - Price Manipulation vulnerability — WP SmartPay 7.5 High2025-09-09
CVE-2024-36346 AMD Graphics Driver 安全漏洞 — AMD Instinct™ MI300A 6.0 Medium2025-09-06
CVE-2025-58835 WordPress Bonus for Woo plugin <= 7.6.6 - Other vulnerability Type vulnerability — Bonus for Woo 5.3 Medium2025-09-05
CVE-2025-5808 Authentication Bypass vulnerability discovered in the OpenText™ Self-Service Password Reset — Self Service Password Reset 9.8 -2025-08-29
CVE-2025-8424 Improper access control on the NetScaler Management Interface — ADC 8.8AIHighAI2025-08-26
CVE-2025-8320 Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability — Wall Connector 8.8AIHighAI2025-07-30
CVE-2025-43881 SYNCK GRAPHICA Real-time Bus Tracking System 安全漏洞 — Real-time Bus Tracking System 4.9 -2025-07-23
CVE-2025-41100 Incorrect authentication in ParkingDoor — ParkingDoor 8.4 -2025-07-21
CVE-2025-4365 NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read — Console 6.2AIMediumAI2025-06-17
CVE-2025-5349 NetScaler ADC and NetScaler Gateway - Improper access control on the NetScaler Management Interface — ADC 8.1AIHighAI2025-06-17
CVE-2025-49292 WordPress Profile Builder plugin <= 3.13.8 - Content Spoofing Vulnerability — Profile Builder 4.3 Medium2025-06-06
CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure — Mautic 6.5 Medium2025-05-28
CVE-2025-2826 n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. — EOS 2.6 Low2025-05-27
CVE-2024-9448 On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropp — EOS 7.5 High2025-05-08
CVE-2025-46656 python-markdownify 安全漏洞 — python-markdownify 2.9 Low2025-04-26
CVE-2025-3511 Mitsubishi Electric多款产品 安全漏洞 — CC-Link IE TSN Remote I/O module NZ2GN2S1-32D 7.5 High2025-04-25
CVE-2025-43970 GoBGP 安全漏洞 — GoBGP 4.3 Medium2025-04-21
CVE-2025-43972 GoBGP 安全漏洞 — GoBGP 6.8 Medium2025-04-21
CVE-2025-43964 Libraw 安全漏洞 — LibRaw 2.9 Low2025-04-20
CVE-2025-32415 libxml2 安全漏洞 — libxml2 2.9 Low2025-04-17
CVE-2025-25178 GPU DDK - PhysmemWrapExtMem uiSize=0 corrupts kernel memory — Graphics DDK 7.8AIHighAI2025-04-04
CVE-2024-45351 Game center application has code execution Vulnerability — Game center application 7.8 High2025-03-26
CVE-2024-8000 On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar — EOS 5.3 Medium2025-03-04
CVE-2024-53879 NVIDIA CUDA toolkit 安全漏洞 — CUDA Toolkit 2.8 Low2025-02-25
CVE-2024-53878 NVIDIA CUDA toolkit 安全漏洞 — CUDA Toolkit 2.8 Low2025-02-25
CVE-2023-20508 AMD Graphics Driver 安全漏洞 — AMD Radeon™ RX 6000 Series Graphics Products 5.0 Medium2025-02-11
CVE-2023-31331 AMD Client Processor 安全漏洞 — AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics 3.0 Low2025-02-11
CVE-2023-20582 AMD Server Processor 安全漏洞 — AMD EPYC™ 9004 Processors 5.3 Medium2025-02-11
CVE-2023-20581 AMD Server Processor 安全漏洞 — AMD EPYC™ 9004 Processors 2.5 Low2025-02-11

Vulnerabilities classified as CWE-1284 represent 134 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.