{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24819", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:48:56.893Z", "datePublished": "2026-01-27T08:55:54.605Z", "dateUpdated": "2026-01-27T17:01:38.527Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/foxinmy/weixin4j", "defaultStatus": "affected", "modules": ["weixin4j-base/src/main/java/com/foxinmy/weixin4j/util"], "product": "weixin4j", "programFiles": ["CharArrayBuffer.java", "ClassUtil.java"], "vendor": "foxinmy", "versions": [{"status": "unknown", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules).<p> This vulnerability is associated with program files <tt>CharArrayBuffer.Java</tt>, <tt>ClassUtil.Java</tt>.</p><p>This issue affects weixin4j.</p>"}], "value": "Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java.\n\nThis issue affects weixin4j."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6.3, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1325", "description": "CWE-1325 Improperly Controlled Sequential Memory Allocation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:55:54.605Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/foxinmy/weixin4j/pull/229"}], "source": {"discovery": "UNKNOWN"}, "title": "An out-of-memory (OOM) issue in foxinmy/weixin4j", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T17:01:29.695252Z", "id": "CVE-2026-24819", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T17:01:38.527Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24819", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T17:01:29.695252Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T17:01:35.394Z"}}], "cna": {"title": "An out-of-memory (OOM) issue in foxinmy/weixin4j", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 6.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:A/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "foxinmy", "modules": ["weixin4j-base/src/main/java/com/foxinmy/weixin4j/util"], "product": "weixin4j", "versions": [{"status": "unknown", "version": "0", "versionType": "git"}], "programFiles": ["CharArrayBuffer.java", "ClassUtil.java"], "collectionURL": "https://github.com/foxinmy/weixin4j", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/foxinmy/weixin4j/pull/229", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java.\n\nThis issue affects weixin4j.", "supportingMedia": [{"type": "text/html", "value": "Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules).<p> This vulnerability is associated with program files <tt>CharArrayBuffer.Java</tt>, <tt>ClassUtil.Java</tt>.</p><p>This issue affects weixin4j.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1325", "description": "CWE-1325 Improperly Controlled Sequential Memory Allocation"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:55:54.605Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24819", "state": "PUBLISHED", "dateUpdated": "2026-01-27T17:01:38.527Z", "dateReserved": "2026-01-27T08:48:56.893Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:55:54.605Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java.\n\nThis issue affects weixin4j."}, {"lang": "es", "value": "Vulnerabilidad de asignaci\u00f3n de memoria secuencial controlada de forma inadecuada en foxinmy weixin4j (m\u00f3dulos weixin4j-base/src/main/java/com/foxinmy/weixin4j/util). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa CharArrayBuffer.Java, ClassUtil.Java.\n\nEste problema afecta a weixin4j."}], "id": "CVE-2026-24819", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:52.520", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/foxinmy/weixin4j/pull/229"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1325"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:20:10.492447+00:00", "value": {"mitigation_remediation": ["Apply the fix provided in the GitHub pull request #229 to the weixin4j source and rebuild the application.", "Deploy the updated build to all affected environments to replace the vulnerable modules.", "Configure input validation or size limits to restrict large payloads, and enable runtime memory monitoring to detect and recover from potential exhaustion events."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is foxinmy weixin4j, specifically modules located in weixin4j-base/src/main/java/com/foxinmy/weixin4j/util, including CharArrayBuffer.Java and ClassUtil.Java. No specific version information is provided; any deployment using the default or unpatched weixin4j code base is potentially impacted.", "description_and_impact": "This vulnerability arises from improperly controlled sequential memory allocation within the weixin4j library. An attacker can supply data that forces the system to allocate many memory blocks in sequence, exhausting available heap and causing the application to crash or become unresponsive. The weakness corresponds to CWE\u20111325 and primarily threatens the availability of services that depend on the library.", "risk_and_exploitability": "With a CVSS score of 6.3 the vulnerability presents moderate risk. The EPSS score is less than 1%, indicating a low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, given that malformed input can be sent over network interfaces running the library, but local use could also trigger the issue if an adversary can influence the input. The impact is limited to denial of service rather than confidentiality or integrity compromise."}}}}, "created": "2026-01-27T20:17:13.132246+00:00", "updated": "2026-04-18T02:30:15.860806+00:00", "vendors": ["foxinmy", "foxinmy$PRODUCT$weixin4j"]}