Description
Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java.

This issue affects weixin4j.
Published: 2026-01-27
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

This vulnerability arises from improperly controlled sequential memory allocation within the weixin4j library. An attacker can supply data that forces the system to allocate many memory blocks in sequence, exhausting available heap and causing the application to crash or become unresponsive. The weakness corresponds to CWE‑1325 and primarily threatens the availability of services that depend on the library.

Affected Systems

The affected product is foxinmy weixin4j, specifically modules located in weixin4j-base/src/main/java/com/foxinmy/weixin4j/util, including CharArrayBuffer.Java and ClassUtil.Java. No specific version information is provided; any deployment using the default or unpatched weixin4j code base is potentially impacted.

Risk and Exploitability

With a CVSS score of 6.3 the vulnerability presents moderate risk. The EPSS score is less than 1%, indicating a low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, given that malformed input can be sent over network interfaces running the library, but local use could also trigger the issue if an adversary can influence the input. The impact is limited to denial of service rather than confidentiality or integrity compromise.

Generated by OpenCVE AI on April 18, 2026 at 02:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the fix provided in the GitHub pull request #229 to the weixin4j source and rebuild the application.
  • Deploy the updated build to all affected environments to replace the vulnerable modules.
  • Configure input validation or size limits to restrict large payloads, and enable runtime memory monitoring to detect and recover from potential exhaustion events.

Generated by OpenCVE AI on April 18, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-444m-px7r-qpvv weixin4j has Improperly Controlled Sequential Memory Allocation
History

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Foxinmy
Foxinmy weixin4j
Vendors & Products Foxinmy
Foxinmy weixin4j

Tue, 27 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:00:00 +0000

Type Values Removed Values Added
Description Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects weixin4j.
Title An out-of-memory (OOM) issue in foxinmy/weixin4j
Weaknesses CWE-1325
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:A/V:D/RE:M/U:Amber'}

Subscriptions

Foxinmy Weixin4j
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T17:01:38.527Z

Reserved: 2026-01-27T08:48:56.893Z

Link: CVE-2026-24819

cve-icon Vulnrichment

Updated: 2026-01-27T17:01:35.394Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T09:15:52.520

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24819

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:30:15Z

Weaknesses