Common Weakness Enumeration

CWE-190

Allowed

Integer Overflow or Wraparound

Abstraction: Base · Status: Stable

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

3867 vulnerabilities reference this CWE, most recent first.

CVE-2025-3360 (GCVE-0-2025-3360)

Vulnerability from cvelistv5 – Published: 2025-04-07 12:53 – Updated: 2026-06-30 14:19
VLAI
Title
Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().
Summary
A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 2.82.5 (semver)
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Date Public
2025-04-07 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3360",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-30T14:19:24.430671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T14:19:28.450Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitlab.gnome.org/GNOME/glib/-/work_items/3647"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-14T12:04:48.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/glib",
          "defaultStatus": "unaffected",
          "packageName": "glib",
          "versions": [
            {
              "lessThan": "2.82.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "bootc",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "glycin-loaders",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "loupe",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "librsvg2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "bootc",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "librsvg2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-04-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T07:03:13.171Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-3360"
        },
        {
          "name": "RHBZ#2357754",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357754"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3647"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-07T01:36:36.703Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-07T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Glibc: glib prior to 2.82.5 is vulnerable to integer  overflow and buffer under-read when parsing a very long invalid iso  8601 timestamp with g_date_time_new_from_iso8601().",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-3360",
    "datePublished": "2025-04-07T12:53:55.924Z",
    "dateReserved": "2025-04-07T01:50:45.607Z",
    "dateUpdated": "2026-06-30T14:19:28.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-2760 (GCVE-0-2025-2760)

Vulnerability from cvelistv5 – Published: 2025-04-23 16:47 – Updated: 2025-11-03 17:32
VLAI
Title
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability
Summary
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
zdi
Impacted products
Vendor Product Version
GIMP GIMP Affected: 2.10.38
Create a notification for this product.
Date Public
2025-04-07 18:03
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2760",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T18:26:53.859267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:27:07.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:32:23.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GIMP",
          "vendor": "GIMP",
          "versions": [
            {
              "status": "affected",
              "version": "2.10.38"
            }
          ]
        }
      ],
      "dateAssigned": "2025-03-24T19:41:36.224Z",
      "datePublic": "2025-04-07T18:03:19.910Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-23T16:47:21.455Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-203",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-203/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"
      },
      "title": "GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-2760",
    "datePublished": "2025-04-23T16:47:21.455Z",
    "dateReserved": "2025-03-24T19:41:36.195Z",
    "dateUpdated": "2025-11-03T17:32:23.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-2574 (GCVE-0-2025-2574)

Vulnerability from cvelistv5 – Published: 2025-03-20 21:07 – Updated: 2025-10-06 22:32
VLAI
Title
Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking
Summary
Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
Xpdf Xpdf Affected: Version , ≤ 4.05 (version)
Create a notification for this product.
Credits
Erik Viken
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2574",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-21T15:13:48.238926Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-21T15:13:55.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "all"
          ],
          "product": "Xpdf",
          "vendor": "Xpdf",
          "versions": [
            {
              "lessThanOrEqual": "4.05",
              "status": "affected",
              "version": "Version",
              "versionType": "version"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Erik Viken"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code."
            }
          ],
          "value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-06T22:32:59.827Z",
        "orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
        "shortName": "GandC"
      },
      "references": [
        {
          "url": "https://www.xpdfreader.com/security-bug/CVE-2025-2574.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924",
    "assignerShortName": "GandC",
    "cveId": "CVE-2025-2574",
    "datePublished": "2025-03-20T21:07:46.499Z",
    "dateReserved": "2025-03-20T20:58:33.490Z",
    "dateUpdated": "2025-10-06T22:32:59.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2295 (GCVE-0-2025-2295)

Vulnerability from cvelistv5 – Published: 2025-03-14 21:35 – Updated: 2025-03-18 16:19
VLAI
Title
Potential iSCSI R2T PDU Vulnerability
Summary
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
TianoCore EDK2 Affected: 0 , ≤ edk2-stable202502 (Custom)
Create a notification for this product.
Date Public
2025-03-14 21:33
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2295",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-17T15:58:41.859962Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T16:19:50.500Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "NetworkPkg",
          "product": "EDK2",
          "vendor": "TianoCore",
          "versions": [
            {
              "lessThanOrEqual": "edk2-stable202502",
              "status": "affected",
              "version": "0",
              "versionType": "Custom"
            }
          ]
        }
      ],
      "datePublic": "2025-03-14T21:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service."
            }
          ],
          "value": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T21:35:10.484Z",
        "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "shortName": "TianoCore"
      },
      "references": [
        {
          "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Potential iSCSI R2T PDU Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
    "assignerShortName": "TianoCore",
    "cveId": "CVE-2025-2295",
    "datePublished": "2025-03-14T21:35:10.484Z",
    "dateReserved": "2025-03-13T18:56:12.506Z",
    "dateUpdated": "2025-03-18T16:19:50.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2177 (GCVE-0-2025-2177)

Vulnerability from cvelistv5 – Published: 2025-03-11 07:31 – Updated: 2025-03-11 14:12
VLAI
Title
libzvbi search.c vbi_search_new integer overflow
Summary
A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
n/a libzvbi Affected: 0.2.0
Affected: 0.2.1
Affected: 0.2.2
Affected: 0.2.3
Affected: 0.2.4
Affected: 0.2.5
Affected: 0.2.6
Affected: 0.2.7
Affected: 0.2.8
Affected: 0.2.9
Affected: 0.2.10
Affected: 0.2.11
Affected: 0.2.12
Affected: 0.2.13
Affected: 0.2.14
Affected: 0.2.15
Affected: 0.2.16
Affected: 0.2.17
Affected: 0.2.18
Affected: 0.2.19
Affected: 0.2.20
Affected: 0.2.21
Affected: 0.2.22
Affected: 0.2.23
Affected: 0.2.24
Affected: 0.2.25
Affected: 0.2.26
Affected: 0.2.27
Affected: 0.2.28
Affected: 0.2.29
Affected: 0.2.30
Affected: 0.2.31
Affected: 0.2.32
Affected: 0.2.33
Affected: 0.2.34
Affected: 0.2.35
Affected: 0.2.36
Affected: 0.2.37
Affected: 0.2.38
Affected: 0.2.39
Affected: 0.2.40
Affected: 0.2.41
Affected: 0.2.42
Affected: 0.2.43
Credits
ninpwn (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2177",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T14:11:11.307650Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T14:12:36.161Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libzvbi",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.2.0"
            },
            {
              "status": "affected",
              "version": "0.2.1"
            },
            {
              "status": "affected",
              "version": "0.2.2"
            },
            {
              "status": "affected",
              "version": "0.2.3"
            },
            {
              "status": "affected",
              "version": "0.2.4"
            },
            {
              "status": "affected",
              "version": "0.2.5"
            },
            {
              "status": "affected",
              "version": "0.2.6"
            },
            {
              "status": "affected",
              "version": "0.2.7"
            },
            {
              "status": "affected",
              "version": "0.2.8"
            },
            {
              "status": "affected",
              "version": "0.2.9"
            },
            {
              "status": "affected",
              "version": "0.2.10"
            },
            {
              "status": "affected",
              "version": "0.2.11"
            },
            {
              "status": "affected",
              "version": "0.2.12"
            },
            {
              "status": "affected",
              "version": "0.2.13"
            },
            {
              "status": "affected",
              "version": "0.2.14"
            },
            {
              "status": "affected",
              "version": "0.2.15"
            },
            {
              "status": "affected",
              "version": "0.2.16"
            },
            {
              "status": "affected",
              "version": "0.2.17"
            },
            {
              "status": "affected",
              "version": "0.2.18"
            },
            {
              "status": "affected",
              "version": "0.2.19"
            },
            {
              "status": "affected",
              "version": "0.2.20"
            },
            {
              "status": "affected",
              "version": "0.2.21"
            },
            {
              "status": "affected",
              "version": "0.2.22"
            },
            {
              "status": "affected",
              "version": "0.2.23"
            },
            {
              "status": "affected",
              "version": "0.2.24"
            },
            {
              "status": "affected",
              "version": "0.2.25"
            },
            {
              "status": "affected",
              "version": "0.2.26"
            },
            {
              "status": "affected",
              "version": "0.2.27"
            },
            {
              "status": "affected",
              "version": "0.2.28"
            },
            {
              "status": "affected",
              "version": "0.2.29"
            },
            {
              "status": "affected",
              "version": "0.2.30"
            },
            {
              "status": "affected",
              "version": "0.2.31"
            },
            {
              "status": "affected",
              "version": "0.2.32"
            },
            {
              "status": "affected",
              "version": "0.2.33"
            },
            {
              "status": "affected",
              "version": "0.2.34"
            },
            {
              "status": "affected",
              "version": "0.2.35"
            },
            {
              "status": "affected",
              "version": "0.2.36"
            },
            {
              "status": "affected",
              "version": "0.2.37"
            },
            {
              "status": "affected",
              "version": "0.2.38"
            },
            {
              "status": "affected",
              "version": "0.2.39"
            },
            {
              "status": "affected",
              "version": "0.2.40"
            },
            {
              "status": "affected",
              "version": "0.2.41"
            },
            {
              "status": "affected",
              "version": "0.2.42"
            },
            {
              "status": "affected",
              "version": "0.2.43"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ninpwn (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional."
        },
        {
          "lang": "de",
          "value": "In libzvbi bis 0.2.43 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion vbi_search_new der Datei src/search.c. Mittels Manipulieren des Arguments pat_len mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ca1672134b3e2962cd392212c73f44f8f4cb489f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-189",
              "description": "Numeric Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T07:31:06.438Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-299206 | libzvbi search.c vbi_search_new integer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.299206"
        },
        {
          "name": "VDB-299206 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.299206"
        },
        {
          "name": "Submit #512803 | Open Source libzvbi 0.2.43 Integer Overflow -\u003e Heap Overflow (vbi_search_new)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.512803"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-03-11T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-03-11T07:18:12.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "libzvbi search.c vbi_search_new integer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2177",
    "datePublished": "2025-03-11T07:31:06.438Z",
    "dateReserved": "2025-03-10T17:27:09.154Z",
    "dateUpdated": "2025-03-11T14:12:36.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2176 (GCVE-0-2025-2176)

Vulnerability from cvelistv5 – Published: 2025-03-11 07:31 – Updated: 2025-03-11 15:21
VLAI
Title
libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow
Summary
A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
n/a libzvbi Affected: 0.2.0
Affected: 0.2.1
Affected: 0.2.2
Affected: 0.2.3
Affected: 0.2.4
Affected: 0.2.5
Affected: 0.2.6
Affected: 0.2.7
Affected: 0.2.8
Affected: 0.2.9
Affected: 0.2.10
Affected: 0.2.11
Affected: 0.2.12
Affected: 0.2.13
Affected: 0.2.14
Affected: 0.2.15
Affected: 0.2.16
Affected: 0.2.17
Affected: 0.2.18
Affected: 0.2.19
Affected: 0.2.20
Affected: 0.2.21
Affected: 0.2.22
Affected: 0.2.23
Affected: 0.2.24
Affected: 0.2.25
Affected: 0.2.26
Affected: 0.2.27
Affected: 0.2.28
Affected: 0.2.29
Affected: 0.2.30
Affected: 0.2.31
Affected: 0.2.32
Affected: 0.2.33
Affected: 0.2.34
Affected: 0.2.35
Affected: 0.2.36
Affected: 0.2.37
Affected: 0.2.38
Affected: 0.2.39
Affected: 0.2.40
Affected: 0.2.41
Affected: 0.2.42
Affected: 0.2.43
Credits
Yariv Nedivi ninpwn (VulDB User) ninpwn (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T15:14:23.195210Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T15:21:26.833Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libzvbi",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.2.0"
            },
            {
              "status": "affected",
              "version": "0.2.1"
            },
            {
              "status": "affected",
              "version": "0.2.2"
            },
            {
              "status": "affected",
              "version": "0.2.3"
            },
            {
              "status": "affected",
              "version": "0.2.4"
            },
            {
              "status": "affected",
              "version": "0.2.5"
            },
            {
              "status": "affected",
              "version": "0.2.6"
            },
            {
              "status": "affected",
              "version": "0.2.7"
            },
            {
              "status": "affected",
              "version": "0.2.8"
            },
            {
              "status": "affected",
              "version": "0.2.9"
            },
            {
              "status": "affected",
              "version": "0.2.10"
            },
            {
              "status": "affected",
              "version": "0.2.11"
            },
            {
              "status": "affected",
              "version": "0.2.12"
            },
            {
              "status": "affected",
              "version": "0.2.13"
            },
            {
              "status": "affected",
              "version": "0.2.14"
            },
            {
              "status": "affected",
              "version": "0.2.15"
            },
            {
              "status": "affected",
              "version": "0.2.16"
            },
            {
              "status": "affected",
              "version": "0.2.17"
            },
            {
              "status": "affected",
              "version": "0.2.18"
            },
            {
              "status": "affected",
              "version": "0.2.19"
            },
            {
              "status": "affected",
              "version": "0.2.20"
            },
            {
              "status": "affected",
              "version": "0.2.21"
            },
            {
              "status": "affected",
              "version": "0.2.22"
            },
            {
              "status": "affected",
              "version": "0.2.23"
            },
            {
              "status": "affected",
              "version": "0.2.24"
            },
            {
              "status": "affected",
              "version": "0.2.25"
            },
            {
              "status": "affected",
              "version": "0.2.26"
            },
            {
              "status": "affected",
              "version": "0.2.27"
            },
            {
              "status": "affected",
              "version": "0.2.28"
            },
            {
              "status": "affected",
              "version": "0.2.29"
            },
            {
              "status": "affected",
              "version": "0.2.30"
            },
            {
              "status": "affected",
              "version": "0.2.31"
            },
            {
              "status": "affected",
              "version": "0.2.32"
            },
            {
              "status": "affected",
              "version": "0.2.33"
            },
            {
              "status": "affected",
              "version": "0.2.34"
            },
            {
              "status": "affected",
              "version": "0.2.35"
            },
            {
              "status": "affected",
              "version": "0.2.36"
            },
            {
              "status": "affected",
              "version": "0.2.37"
            },
            {
              "status": "affected",
              "version": "0.2.38"
            },
            {
              "status": "affected",
              "version": "0.2.39"
            },
            {
              "status": "affected",
              "version": "0.2.40"
            },
            {
              "status": "affected",
              "version": "0.2.41"
            },
            {
              "status": "affected",
              "version": "0.2.42"
            },
            {
              "status": "affected",
              "version": "0.2.43"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yariv Nedivi"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "ninpwn (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "ninpwn (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in libzvbi bis 0.2.43 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion vbi_capture_sim_load_caption der Datei src/io-sim.c. Mittels dem Manipulieren mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ca1672134b3e2962cd392212c73f44f8f4cb489f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-189",
              "description": "Numeric Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T08:02:38.128Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-299205 | libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.299205"
        },
        {
          "name": "VDB-299205 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.299205"
        },
        {
          "name": "Submit #512802 | Open Source libzvbi 0.2.43 Integer Overflow -\u003e Heap Overflow (vbi_capture_sim_load_caption)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.512802"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-03-11T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-03-11T09:04:06.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2176",
    "datePublished": "2025-03-11T07:31:05.090Z",
    "dateReserved": "2025-03-10T17:27:04.908Z",
    "dateUpdated": "2025-03-11T15:21:26.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2175 (GCVE-0-2025-2175)

Vulnerability from cvelistv5 – Published: 2025-03-11 07:00 – Updated: 2025-03-11 17:13
VLAI
Title
libzvbi _vbi_strndup_iconv integer overflow
Summary
A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a libzvbi Affected: 0.2.0
Affected: 0.2.1
Affected: 0.2.2
Affected: 0.2.3
Affected: 0.2.4
Affected: 0.2.5
Affected: 0.2.6
Affected: 0.2.7
Affected: 0.2.8
Affected: 0.2.9
Affected: 0.2.10
Affected: 0.2.11
Affected: 0.2.12
Affected: 0.2.13
Affected: 0.2.14
Affected: 0.2.15
Affected: 0.2.16
Affected: 0.2.17
Affected: 0.2.18
Affected: 0.2.19
Affected: 0.2.20
Affected: 0.2.21
Affected: 0.2.22
Affected: 0.2.23
Affected: 0.2.24
Affected: 0.2.25
Affected: 0.2.26
Affected: 0.2.27
Affected: 0.2.28
Affected: 0.2.29
Affected: 0.2.30
Affected: 0.2.31
Affected: 0.2.32
Affected: 0.2.33
Affected: 0.2.34
Affected: 0.2.35
Affected: 0.2.36
Affected: 0.2.37
Affected: 0.2.38
Affected: 0.2.39
Affected: 0.2.40
Affected: 0.2.41
Affected: 0.2.42
Affected: 0.2.43
Credits
Yariv Nedivi ninpwn (VulDB User) ninpwn (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2175",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T17:11:46.051145Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T17:13:11.689Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libzvbi",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.2.0"
            },
            {
              "status": "affected",
              "version": "0.2.1"
            },
            {
              "status": "affected",
              "version": "0.2.2"
            },
            {
              "status": "affected",
              "version": "0.2.3"
            },
            {
              "status": "affected",
              "version": "0.2.4"
            },
            {
              "status": "affected",
              "version": "0.2.5"
            },
            {
              "status": "affected",
              "version": "0.2.6"
            },
            {
              "status": "affected",
              "version": "0.2.7"
            },
            {
              "status": "affected",
              "version": "0.2.8"
            },
            {
              "status": "affected",
              "version": "0.2.9"
            },
            {
              "status": "affected",
              "version": "0.2.10"
            },
            {
              "status": "affected",
              "version": "0.2.11"
            },
            {
              "status": "affected",
              "version": "0.2.12"
            },
            {
              "status": "affected",
              "version": "0.2.13"
            },
            {
              "status": "affected",
              "version": "0.2.14"
            },
            {
              "status": "affected",
              "version": "0.2.15"
            },
            {
              "status": "affected",
              "version": "0.2.16"
            },
            {
              "status": "affected",
              "version": "0.2.17"
            },
            {
              "status": "affected",
              "version": "0.2.18"
            },
            {
              "status": "affected",
              "version": "0.2.19"
            },
            {
              "status": "affected",
              "version": "0.2.20"
            },
            {
              "status": "affected",
              "version": "0.2.21"
            },
            {
              "status": "affected",
              "version": "0.2.22"
            },
            {
              "status": "affected",
              "version": "0.2.23"
            },
            {
              "status": "affected",
              "version": "0.2.24"
            },
            {
              "status": "affected",
              "version": "0.2.25"
            },
            {
              "status": "affected",
              "version": "0.2.26"
            },
            {
              "status": "affected",
              "version": "0.2.27"
            },
            {
              "status": "affected",
              "version": "0.2.28"
            },
            {
              "status": "affected",
              "version": "0.2.29"
            },
            {
              "status": "affected",
              "version": "0.2.30"
            },
            {
              "status": "affected",
              "version": "0.2.31"
            },
            {
              "status": "affected",
              "version": "0.2.32"
            },
            {
              "status": "affected",
              "version": "0.2.33"
            },
            {
              "status": "affected",
              "version": "0.2.34"
            },
            {
              "status": "affected",
              "version": "0.2.35"
            },
            {
              "status": "affected",
              "version": "0.2.36"
            },
            {
              "status": "affected",
              "version": "0.2.37"
            },
            {
              "status": "affected",
              "version": "0.2.38"
            },
            {
              "status": "affected",
              "version": "0.2.39"
            },
            {
              "status": "affected",
              "version": "0.2.40"
            },
            {
              "status": "affected",
              "version": "0.2.41"
            },
            {
              "status": "affected",
              "version": "0.2.42"
            },
            {
              "status": "affected",
              "version": "0.2.43"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yariv Nedivi"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "ninpwn (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "ninpwn (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in libzvbi bis 0.2.43 ausgemacht. Hierbei geht es um die Funktion _vbi_strndup_iconv. Durch Manipulation mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-189",
              "description": "Numeric Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T08:02:36.691Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-299204 | libzvbi _vbi_strndup_iconv integer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.299204"
        },
        {
          "name": "VDB-299204 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.299204"
        },
        {
          "name": "Submit #512801 | Open Source libzvbi 0.2.43 Integer Overflow -\u003e Heap Overflow (_vbi_strndup_iconv)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.512801"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-03-11T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-03-11T09:03:59.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "libzvbi _vbi_strndup_iconv integer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2175",
    "datePublished": "2025-03-11T07:00:09.753Z",
    "dateReserved": "2025-03-10T17:27:00.680Z",
    "dateUpdated": "2025-03-11T17:13:11.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2174 (GCVE-0-2025-2174)

Vulnerability from cvelistv5 – Published: 2025-03-11 06:31 – Updated: 2025-03-11 13:40
VLAI
Title
libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow
Summary
A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
n/a libzvbi Affected: 0.2.0
Affected: 0.2.1
Affected: 0.2.2
Affected: 0.2.3
Affected: 0.2.4
Affected: 0.2.5
Affected: 0.2.6
Affected: 0.2.7
Affected: 0.2.8
Affected: 0.2.9
Affected: 0.2.10
Affected: 0.2.11
Affected: 0.2.12
Affected: 0.2.13
Affected: 0.2.14
Affected: 0.2.15
Affected: 0.2.16
Affected: 0.2.17
Affected: 0.2.18
Affected: 0.2.19
Affected: 0.2.20
Affected: 0.2.21
Affected: 0.2.22
Affected: 0.2.23
Affected: 0.2.24
Affected: 0.2.25
Affected: 0.2.26
Affected: 0.2.27
Affected: 0.2.28
Affected: 0.2.29
Affected: 0.2.30
Affected: 0.2.31
Affected: 0.2.32
Affected: 0.2.33
Affected: 0.2.34
Affected: 0.2.35
Affected: 0.2.36
Affected: 0.2.37
Affected: 0.2.38
Affected: 0.2.39
Affected: 0.2.40
Affected: 0.2.41
Affected: 0.2.42
Affected: 0.2.43
Credits
Yariv Nedivi ninpwn (VulDB User) ninpwn (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2174",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T13:25:13.046485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T13:40:54.884Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libzvbi",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.2.0"
            },
            {
              "status": "affected",
              "version": "0.2.1"
            },
            {
              "status": "affected",
              "version": "0.2.2"
            },
            {
              "status": "affected",
              "version": "0.2.3"
            },
            {
              "status": "affected",
              "version": "0.2.4"
            },
            {
              "status": "affected",
              "version": "0.2.5"
            },
            {
              "status": "affected",
              "version": "0.2.6"
            },
            {
              "status": "affected",
              "version": "0.2.7"
            },
            {
              "status": "affected",
              "version": "0.2.8"
            },
            {
              "status": "affected",
              "version": "0.2.9"
            },
            {
              "status": "affected",
              "version": "0.2.10"
            },
            {
              "status": "affected",
              "version": "0.2.11"
            },
            {
              "status": "affected",
              "version": "0.2.12"
            },
            {
              "status": "affected",
              "version": "0.2.13"
            },
            {
              "status": "affected",
              "version": "0.2.14"
            },
            {
              "status": "affected",
              "version": "0.2.15"
            },
            {
              "status": "affected",
              "version": "0.2.16"
            },
            {
              "status": "affected",
              "version": "0.2.17"
            },
            {
              "status": "affected",
              "version": "0.2.18"
            },
            {
              "status": "affected",
              "version": "0.2.19"
            },
            {
              "status": "affected",
              "version": "0.2.20"
            },
            {
              "status": "affected",
              "version": "0.2.21"
            },
            {
              "status": "affected",
              "version": "0.2.22"
            },
            {
              "status": "affected",
              "version": "0.2.23"
            },
            {
              "status": "affected",
              "version": "0.2.24"
            },
            {
              "status": "affected",
              "version": "0.2.25"
            },
            {
              "status": "affected",
              "version": "0.2.26"
            },
            {
              "status": "affected",
              "version": "0.2.27"
            },
            {
              "status": "affected",
              "version": "0.2.28"
            },
            {
              "status": "affected",
              "version": "0.2.29"
            },
            {
              "status": "affected",
              "version": "0.2.30"
            },
            {
              "status": "affected",
              "version": "0.2.31"
            },
            {
              "status": "affected",
              "version": "0.2.32"
            },
            {
              "status": "affected",
              "version": "0.2.33"
            },
            {
              "status": "affected",
              "version": "0.2.34"
            },
            {
              "status": "affected",
              "version": "0.2.35"
            },
            {
              "status": "affected",
              "version": "0.2.36"
            },
            {
              "status": "affected",
              "version": "0.2.37"
            },
            {
              "status": "affected",
              "version": "0.2.38"
            },
            {
              "status": "affected",
              "version": "0.2.39"
            },
            {
              "status": "affected",
              "version": "0.2.40"
            },
            {
              "status": "affected",
              "version": "0.2.41"
            },
            {
              "status": "affected",
              "version": "0.2.42"
            },
            {
              "status": "affected",
              "version": "0.2.43"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yariv Nedivi"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "ninpwn (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "ninpwn (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional."
        },
        {
          "lang": "de",
          "value": "In libzvbi bis 0.2.43 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um die Funktion vbi_strndup_iconv_ucs2 der Datei src/conv.c. Durch die Manipulation des Arguments src_length mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ca1672134b3e2962cd392212c73f44f8f4cb489f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-189",
              "description": "Numeric Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T08:02:35.278Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-299203 | libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.299203"
        },
        {
          "name": "VDB-299203 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.299203"
        },
        {
          "name": "Submit #512800 | Open Source libzvbi 0.2.43 Integer Overflow -\u003e Heap Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.512800"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-03-11T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-03-11T09:03:47.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2174",
    "datePublished": "2025-03-11T06:31:06.971Z",
    "dateReserved": "2025-03-10T17:26:56.285Z",
    "dateUpdated": "2025-03-11T13:40:54.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2082 (GCVE-0-2025-2082)

Vulnerability from cvelistv5 – Published: 2025-04-30 20:00 – Updated: 2025-04-30 20:17
VLAI
Title
Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability
Summary
Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC module. By manipulating the certificate response sent from the Tire Pressure Monitoring System (TPMS), an attacker can trigger an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the VCSEC module and send arbitrary messages to the vehicle CAN bus. Was ZDI-CAN-23800.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
zdi
References
Impacted products
Vendor Product Version
Tesla Model 3 Affected: 2024.8
Create a notification for this product.
Date Public
2025-04-30 19:58
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2082",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T20:17:38.000526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T20:17:55.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Model 3",
          "vendor": "Tesla",
          "versions": [
            {
              "status": "affected",
              "version": "2024.8"
            }
          ]
        }
      ],
      "dateAssigned": "2025-03-06T22:09:49.680Z",
      "datePublic": "2025-04-30T19:58:23.045Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the VCSEC module. By manipulating the certificate response sent from the Tire Pressure Monitoring System (TPMS), an attacker can trigger an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the VCSEC module and send arbitrary messages to the vehicle CAN bus. Was ZDI-CAN-23800."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T20:00:44.550Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-265",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-265/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Synacktiv - Thomas Imbert - Vincent Dehors - David Berard"
      },
      "title": "Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-2082",
    "datePublished": "2025-04-30T20:00:44.550Z",
    "dateReserved": "2025-03-06T22:09:49.620Z",
    "dateUpdated": "2025-04-30T20:17:55.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2023 (GCVE-0-2025-2023)

Vulnerability from cvelistv5 – Published: 2025-03-11 20:43 – Updated: 2025-03-12 14:40
VLAI
Title
Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability
Summary
Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25348.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
zdi
References
Impacted products
Vendor Product Version
Ashlar-Vellum Cobalt Affected: 1204.91
Create a notification for this product.
Date Public
2025-03-10 22:01
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2023",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T14:25:37.144526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T14:40:57.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cobalt",
          "vendor": "Ashlar-Vellum",
          "versions": [
            {
              "status": "affected",
              "version": "1204.91"
            }
          ]
        }
      ],
      "dateAssigned": "2025-03-05T23:40:34.686Z",
      "datePublic": "2025-03-10T22:01:31.399Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of LI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25348."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T20:43:18.431Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-122",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-122/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Rocco Calvi (@TecR0c) with TecSecurity"
      },
      "title": "Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-2023",
    "datePublished": "2025-03-11T20:43:18.431Z",
    "dateReserved": "2025-03-05T23:40:34.660Z",
    "dateUpdated": "2025-03-12T14:40:57.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Requirements

Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Implementation

Strategy: Input Validation

  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
Implementation
  • Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation MIT-26
Implementation

Strategy: Compilation or Build Hardening

Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.