CWE-190
AllowedInteger Overflow or Wraparound
Abstraction: Base · Status: Stable
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
3869 vulnerabilities reference this CWE, most recent first.
CVE-2016-2120 (GCVE-0-2016-2120)
Vulnerability from cvelistv5 – Published: 2018-11-01 13:00 – Updated: 2024-08-05 23:17| URL | Tags |
|---|---|
| https://www.debian.org/security/2017/dsa-3764 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "up to and including 3.4.10"
},
{
"status": "affected",
"version": "up to and including 4.0.1"
}
]
}
],
"datePublic": "2017-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-02T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "up to and including 3.4.10"
},
{
"version_value": "up to and including 4.0.1"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3764",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2120",
"datePublished": "2018-11-01T13:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5297 (GCVE-0-2015-5297)
Vulnerability from cvelistv5 – Published: 2019-07-31 22:03 – Updated: 2024-08-06 06:41| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://bugs.freedesktop.org/show_bug.cgi?id=92027 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| The pixman Project | pixman |
Affected:
0.32.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=92027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pixman",
"vendor": "The pixman Project",
"versions": [
{
"status": "affected",
"version": "0.32.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-31T22:03:56.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=92027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pixman",
"version": {
"version_data": [
{
"version_value": "0.32.8"
}
]
}
}
]
},
"vendor_name": "The pixman Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.7/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5297"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=92027",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=92027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5297",
"datePublished": "2019-07-31T22:03:56.000Z",
"dateReserved": "2015-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:41:09.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9192 (GCVE-0-2014-9192)
Vulnerability from cvelistv5 – Published: 2014-12-11 15:00 – Updated: 2025-07-25 16:46| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.securityfocus.com/bid/71591 | vdb-entryx_refsource_BID |
| http://www.trihedral.com/help/#Op_Welcome/Wel_Upg… | |
| https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 | x_refsource_MISCx_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| Trihedral Engineering | VTS |
Affected:
6.5 , < 9.1.19
(custom)
Affected: 10 , < 10.2.21 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
},
{
"name": "71591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VTS",
"vendor": "Trihedral Engineering",
"versions": [
{
"lessThan": "9.1.19",
"status": "affected",
"version": "6.5",
"versionType": "custom"
},
{
"lessThan": "10.2.21",
"status": "affected",
"version": "10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "An anonymous researcher working with HP\u2019s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd\u2019s VTScada application."
}
],
"datePublic": "2014-12-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInteger overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation.\u003c/p\u003e"
}
],
"value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T16:46:02.667Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-343-02"
},
{
"name": "71591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71591"
},
{
"url": "http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTrihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\"\u003eftp://ftp.trihedral.com/VTS/\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eVersion Information:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\u003c/li\u003e\n\u003cli\u003e10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\u003c/li\u003e\n\u003cli\u003e09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eHelp file notes for upgrading VTScada/VTS can be found at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\"\u003ehttp://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm\u003c/a\u003e\u003c/p\u003eIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\u003cbr\u003e1-855-887-2232\u003cbr\u003e1-902-835-1575\u003cbr\u003e+44 (0) 1224 258910 for the United Kingdom\n\n\u003cbr\u003e"
}
],
"value": "Trihedral Engineering Limited has created three updated versions of \nsoftware. These software updates are available from Trihedral \nEngineering Ltd.\u2019s FTP site:\u00a0ftp://ftp.trihedral.com/VTS/\n\n\nVersion Information:\n\n\n\n * 11.1.09 \u2013 Latest build including newest features and fixes. Any \ninstallation key with a maintenance expiration date after January 1, \n2014, will work this installation.\n\n * 10.2.22 \u2013Recommended for all users of VTS 10. Any installation key \nwith a maintenance expiration date after December 1, 2010, will work \nwith this installation.\n\n * 09.1.20 \u2013 Recommended for all users prior to 10.0. Any installation \nkey with a maintenance expiration date after December 1, 2009, will work\n with this installation.\n\n\n\nHelp file notes for upgrading VTScada/VTS can be found at:\u00a0 http://www.trihedral.com/help/#Op_Welcome/Wel_UpgradeNotes.htm \n\nIf you have any questions or any difficulties with installing one of these updates, please call Trihedral Tech Support:\n1-855-887-2232\n1-902-835-1575\n+44 (0) 1224 258910 for the United Kingdom"
}
],
"source": {
"advisory": "ICSA-14-343-02",
"discovery": "EXTERNAL"
},
"title": "Trihedral Engineering Limited VTScada Integer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
},
{
"name": "71591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9192",
"datePublished": "2014-12-11T15:00:00.000Z",
"dateReserved": "2014-12-02T00:00:00.000Z",
"dateUpdated": "2025-07-25T16:46:02.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2807 (GCVE-0-2013-2807)
Vulnerability from cvelistv5 – Published: 2019-03-26 16:35 – Updated: 2024-08-06 15:52- CWE-190 - Integer overflow CWE-190
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | RSLinx Enterprise Software |
Affected:
CPR9
Affected: CPR9-SR1 Affected: CPR9-SR2 Affected: CPR9-SR3 Affected: CPR9-SR4 Affected: CPR9-SR5 Affected: CPR9-SR5.1 Affected: CPR9-SR6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:20.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSLinx Enterprise Software",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "CPR9"
},
{
"status": "affected",
"version": "CPR9-SR1"
},
{
"status": "affected",
"version": "CPR9-SR2"
},
{
"status": "affected",
"version": "CPR9-SR3"
},
{
"status": "affected",
"version": "CPR9-SR4"
},
{
"status": "affected",
"version": "CPR9-SR5"
},
{
"status": "affected",
"version": "CPR9-SR5.1"
},
{
"status": "affected",
"version": "CPR9-SR6"
}
]
}
],
"datePublic": "2013-10-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer overflow CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T16:44:28.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSLinx Enterprise Software",
"version": {
"version_data": [
{
"version_value": "CPR9"
},
{
"version_value": "CPR9-SR1"
},
{
"version_value": "CPR9-SR2"
},
{
"version_value": "CPR9-SR3"
},
{
"version_value": "CPR9-SR4"
},
{
"version_value": "CPR9-SR5"
},
{
"version_value": "CPR9-SR5.1"
},
{
"version_value": "CPR9-SR6"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-2807",
"datePublished": "2019-03-26T16:35:16.000Z",
"dateReserved": "2013-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:52:20.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2806 (GCVE-0-2013-2806)
Vulnerability from cvelistv5 – Published: 2019-03-26 16:47 – Updated: 2024-08-06 15:52- CWE-190 - Integer overflow CWE-190
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | RSLinx Enterprise Software |
Affected:
CPR9
Affected: CPR9-SR1 Affected: CPR9-SR2 Affected: CPR9-SR3 Affected: CPR9-SR4 Affected: CPR9-SR5 Affected: CPR9-SR5.1 Affected: CPR9-SR6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSLinx Enterprise Software",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "CPR9"
},
{
"status": "affected",
"version": "CPR9-SR1"
},
{
"status": "affected",
"version": "CPR9-SR2"
},
{
"status": "affected",
"version": "CPR9-SR3"
},
{
"status": "affected",
"version": "CPR9-SR4"
},
{
"status": "affected",
"version": "CPR9-SR5"
},
{
"status": "affected",
"version": "CPR9-SR5.1"
},
{
"status": "affected",
"version": "CPR9-SR6"
}
]
}
],
"datePublic": "2013-10-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cEnd of Current Record\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size.\u201d Then the service will calculate an incorrect value for the \u201cEnd of Current Record\u201d field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer overflow CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T16:47:23.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSLinx Enterprise Software",
"version": {
"version_data": [
{
"version_value": "CPR9"
},
{
"version_value": "CPR9-SR1"
},
{
"version_value": "CPR9-SR2"
},
{
"version_value": "CPR9-SR3"
},
{
"version_value": "CPR9-SR4"
},
{
"version_value": "CPR9-SR5"
},
{
"version_value": "CPR9-SR5.1"
},
{
"version_value": "CPR9-SR6"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cEnd of Current Record\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size.\u201d Then the service will calculate an incorrect value for the \u201cEnd of Current Record\u201d field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-2806",
"datePublished": "2019-03-26T16:47:24.000Z",
"dateReserved": "2013-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:52:21.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-229F-WQ39-P955
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2023-03-12 00:30Due to a missing check for 0 value of replace_extent, it is possible for offset p to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
{
"affected": [],
"aliases": [
"CVE-2020-27770"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-04T15:15:00Z",
"severity": "MODERATE"
},
"details": "Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.",
"id": "GHSA-229f-wq39-p955",
"modified": "2023-03-12T00:30:16Z",
"published": "2022-05-24T17:35:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27770"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894691"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-22C6-JWP4-WC87
Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2025-04-20 03:34Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-6839"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-20T16:59:00Z",
"severity": "MODERATE"
},
"details": "Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.",
"id": "GHSA-22c6-jwp4-wc87",
"modified": "2025-04-20T03:34:32Z",
"published": "2022-05-17T00:26:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6839"
},
{
"type": "WEB",
"url": "https://github.com/mpruett/audiofile/issues/41"
},
{
"type": "WEB",
"url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-22FC-MGHG-JRWM
Vulnerability from github – Published: 2024-04-26 15:30 – Updated: 2025-12-06 00:31An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later
{
"affected": [],
"aliases": [
"CVE-2024-21905"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-26T15:15:48Z",
"severity": "MODERATE"
},
"details": "An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later",
"id": "GHSA-22fc-mghg-jrwm",
"modified": "2025-12-06T00:31:33Z",
"published": "2024-04-26T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21905"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-24-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-22H3-6XV6-P2PX
Vulnerability from github – Published: 2026-05-19 15:31 – Updated: 2026-05-19 18:32Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.
{
"affected": [],
"aliases": [
"CVE-2026-8956"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T14:16:51Z",
"severity": "CRITICAL"
},
"details": "Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.",
"id": "GHSA-22h3-6xv6-p2px",
"modified": "2026-05-19T18:32:09Z",
"published": "2026-05-19T15:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8956"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2032427"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-22QH-5XM8-3XFW
Vulnerability from github – Published: 2021-11-27 00:00 – Updated: 2022-07-09 00:00The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length.
{
"affected": [],
"aliases": [
"CVE-2020-7881"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-26T17:15:00Z",
"severity": "HIGH"
},
"details": "The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by \"FanTicket\" field. It is because of stored data without validation of length.",
"id": "GHSA-22qh-5xm8-3xfw",
"modified": "2022-07-09T00:00:22Z",
"published": "2021-11-27T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7881"
},
{
"type": "WEB",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36357"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
- Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Strategy: Input Validation
- Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
- Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
- Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
- Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.