By weakness (CWE)

CWE-130: related vulnerabilities

CVEs classified under CWE-130. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2026-45615HIGH 8.2

    CVE-2026-45615 is a memory safety flaw in asn1c, an open-source ASN.1 compiler used to generate code that parses structured data formats. The vulnerability exists in the OER (Octet Encoding Rules) decoder template files generated by asn1c version 1.4 and earlier. When the generated decoder encounters a specially crafted, zero-length OER payload representing a variable-length non-negative integer, it attempts to read the Most Significant Bit without first validating that the payload contains sufficient bytes. This causes a precise one-byte out-of-bounds heap read. Since asn1c-generated parsers are commonly deployed to process untrusted network data—including automotive V2X protocols, 5G telecommunications headers, and X.509 certificates—a remote attacker can trigger this flaw by sending a malicious network message, potentially causing the application to crash or misinterpret critical security-relevant integers.

  • CVE-2026-45681MEDIUM 5.9

    OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 contain a memory disclosure vulnerability triggered by CPU scheduling mismatches. When the instrumentation falls back to a 256-byte buffer but retains the original payload size marker (up to 8KB), a mismatch between CPUs can cause the code to read memory beyond the buffer boundary. This leaked memory is inadvertently captured and exported as telemetry data, potentially exposing sensitive information from adjacent kernel memory to anyone consuming the telemetry stream.