CWE-839— Numeric Range Comparison Without Minimum Check
The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.— MITRE CWE catalog
6 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-839page 1 of 1
- CVE-2019-20925HIGHCVSS 7.5EG 7.52020-11-24
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.…
- CVE-2023-0425HIGHCVSS 8.6EG 8.62023-08-07
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these…
- CVE-2023-22854HIGHCVSS 7.5EG 7.52023-02-13
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow…
- CVE-2026-48840MEDIUMCVSS 5.3EG 5.32026-05-30
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
- CVE-2026-53176CRITICALCVSS 9.8EG 9.82026-06-25
In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN In drivers/infiniband/ulp/isert/ib_isert.c, isert_login_recv_done() computes the login request payload length a…
- CVE-2026-56968MEDIUMCVSS 5.3EG 3.72026-06-23
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
Map vulnerabilities like CWE-839 to your infrastructure
EchelonGraph correlates every CVE — across CWE-839 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →