CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
643 vulnerabilities reference this CWE, most recent first.
GHSA-4J69-96H5-Q8G9
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
A use-after-free / refcount underflow is possible when the heartbeat worker and intel_engine_park_heartbeat() race to release the same engine->heartbeat.systole request.
The heartbeat worker reads engine->heartbeat.systole and calls i915_request_put() on it when the request is complete, but clears the pointer in a separate, non-atomic step. Concurrently, a request retirement on another CPU can drop the engine wakeref to zero, triggering __engine_park() -> intel_engine_park_heartbeat(). If the heartbeat timer is pending at that point, cancel_delayed_work() returns true and intel_engine_park_heartbeat() reads the stale non-NULL systole pointer and calls i915_request_put() on it again, causing a refcount underflow:
<4> [487.221889] Workqueue: i915-unordered engine_retire [i915]
<4> [487.222640] RIP: 0010:refcount_warn_saturate+0x68/0xb0
...
<4> [487.222707] Call Trace:
<4> [487.222711] <TASK>
<4> [487.222716] intel_engine_park_heartbeat.part.0+0x6f/0x80 [i915]
<4> [487.223115] intel_engine_park_heartbeat+0x25/0x40 [i915]
<4> [487.223566] __engine_park+0xb9/0x650 [i915]
<4> [487.223973] ____intel_wakeref_put_last+0x2e/0xb0 [i915]
<4> [487.224408] __intel_wakeref_put_last+0x72/0x90 [i915]
<4> [487.224797] intel_context_exit_engine+0x7c/0x80 [i915]
<4> [487.225238] intel_context_exit+0xf1/0x1b0 [i915]
<4> [487.225695] i915_request_retire.part.0+0x1b9/0x530 [i915]
<4> [487.226178] i915_request_retire+0x1c/0x40 [i915]
<4> [487.226625] engine_retire+0x122/0x180 [i915]
<4> [487.227037] process_one_work+0x239/0x760
<4> [487.227060] worker_thread+0x200/0x3f0
<4> [487.227068] ? __pfx_worker_thread+0x10/0x10
<4> [487.227075] kthread+0x10d/0x150
<4> [487.227083] ? __pfx_kthread+0x10/0x10
<4> [487.227092] ret_from_fork+0x3d4/0x480
<4> [487.227099] ? __pfx_kthread+0x10/0x10
<4> [487.227107] ret_from_fork_asm+0x1a/0x30
<4> [487.227141] </TASK>
Fix this by replacing the non-atomic pointer read + separate clear with xchg() in both racing paths. xchg() is a single indivisible hardware instruction that atomically reads the old pointer and writes NULL. This guarantees only one of the two concurrent callers obtains the non-NULL pointer and performs the put, the other gets NULL and skips it.
(cherry picked from commit 13238dc0ee4f9ab8dafa2cca7295736191ae2f42)
{
"affected": [],
"aliases": [
"CVE-2026-31656"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:45Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat\n\nA use-after-free / refcount underflow is possible when the heartbeat\nworker and intel_engine_park_heartbeat() race to release the same\nengine-\u003eheartbeat.systole request.\n\nThe heartbeat worker reads engine-\u003eheartbeat.systole and calls\ni915_request_put() on it when the request is complete, but clears\nthe pointer in a separate, non-atomic step. Concurrently, a request\nretirement on another CPU can drop the engine wakeref to zero, triggering\n__engine_park() -\u003e intel_engine_park_heartbeat(). If the heartbeat\ntimer is pending at that point, cancel_delayed_work() returns true and\nintel_engine_park_heartbeat() reads the stale non-NULL systole pointer\nand calls i915_request_put() on it again, causing a refcount underflow:\n\n```\n\u003c4\u003e [487.221889] Workqueue: i915-unordered engine_retire [i915]\n\u003c4\u003e [487.222640] RIP: 0010:refcount_warn_saturate+0x68/0xb0\n...\n\u003c4\u003e [487.222707] Call Trace:\n\u003c4\u003e [487.222711] \u003cTASK\u003e\n\u003c4\u003e [487.222716] intel_engine_park_heartbeat.part.0+0x6f/0x80 [i915]\n\u003c4\u003e [487.223115] intel_engine_park_heartbeat+0x25/0x40 [i915]\n\u003c4\u003e [487.223566] __engine_park+0xb9/0x650 [i915]\n\u003c4\u003e [487.223973] ____intel_wakeref_put_last+0x2e/0xb0 [i915]\n\u003c4\u003e [487.224408] __intel_wakeref_put_last+0x72/0x90 [i915]\n\u003c4\u003e [487.224797] intel_context_exit_engine+0x7c/0x80 [i915]\n\u003c4\u003e [487.225238] intel_context_exit+0xf1/0x1b0 [i915]\n\u003c4\u003e [487.225695] i915_request_retire.part.0+0x1b9/0x530 [i915]\n\u003c4\u003e [487.226178] i915_request_retire+0x1c/0x40 [i915]\n\u003c4\u003e [487.226625] engine_retire+0x122/0x180 [i915]\n\u003c4\u003e [487.227037] process_one_work+0x239/0x760\n\u003c4\u003e [487.227060] worker_thread+0x200/0x3f0\n\u003c4\u003e [487.227068] ? __pfx_worker_thread+0x10/0x10\n\u003c4\u003e [487.227075] kthread+0x10d/0x150\n\u003c4\u003e [487.227083] ? __pfx_kthread+0x10/0x10\n\u003c4\u003e [487.227092] ret_from_fork+0x3d4/0x480\n\u003c4\u003e [487.227099] ? __pfx_kthread+0x10/0x10\n\u003c4\u003e [487.227107] ret_from_fork_asm+0x1a/0x30\n\u003c4\u003e [487.227141] \u003c/TASK\u003e\n```\n\nFix this by replacing the non-atomic pointer read + separate clear with\nxchg() in both racing paths. xchg() is a single indivisible hardware\ninstruction that atomically reads the old pointer and writes NULL. This\nguarantees only one of the two concurrent callers obtains the non-NULL\npointer and performs the put, the other gets NULL and skips it.\n\n(cherry picked from commit 13238dc0ee4f9ab8dafa2cca7295736191ae2f42)",
"id": "GHSA-4j69-96h5-q8g9",
"modified": "2026-06-01T18:31:27Z",
"published": "2026-04-24T15:32:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31656"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2af8b200cae3fdd0e917ecc2753b28bb40c876c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/455d98ed527fc94eed90406f90ab2391464ca657"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4c71fd099513bfa8acab529b626e1f0097b76061"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70d3e622b10092fc483e28e57b4e8c49d9cc7f68"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/82034799c6c14b3104668878c3f3e5786f777126"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8ce44d28a84fd5e053a88b04872a89d95c0779d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a00e92bf6583d019a4fb2c2df7007e6c9b269ce7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca3f48c3567dd49efdc55b80029ae74659c682ee"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JHP-WP6W-JM5X
Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-06-11 18:30DHCP Server Service Denial of Service Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30070"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T17:15:53Z",
"severity": "HIGH"
},
"details": "DHCP Server Service Denial of Service Vulnerability",
"id": "GHSA-4jhp-wp6w-jm5x",
"modified": "2024-06-11T18:30:49Z",
"published": "2024-06-11T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30070"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30070"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JRV-6M77-VRHQ
Vulnerability from github – Published: 2024-01-15 21:30 – Updated: 2024-07-08 18:31An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-0565"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-15T20:15:43Z",
"severity": "HIGH"
},
"details": "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.",
"id": "GHSA-4jrv-6m77-vrhq",
"modified": "2024-07-08T18:31:15Z",
"published": "2024-01-15T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0565"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1532"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1533"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1607"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1614"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2093"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-0565"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240223-0002"
},
{
"type": "WEB",
"url": "https://www.spinics.net/lists/stable-commits/msg328851.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4MJP-WJ5R-MC96
Vulnerability from github – Published: 2025-01-10 15:31 – Updated: 2025-11-03 18:31In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
{
"affected": [],
"aliases": [
"CVE-2024-57823"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-10T13:15:10Z",
"severity": "CRITICAL"
},
"details": "In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().",
"id": "GHSA-4mjp-wj5r-mc96",
"modified": "2025-11-03T18:31:15Z",
"published": "2025-01-10T15:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57823"
},
{
"type": "WEB",
"url": "https://github.com/dajobe/raptor/issues/70"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896"
},
{
"type": "WEB",
"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00023.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4Q64-7W7G-5X5W
Vulnerability from github – Published: 2022-05-14 01:18 – Updated: 2022-05-14 01:18rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
{
"affected": [],
"aliases": [
"CVE-2018-20179"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-15T18:29:00Z",
"severity": "CRITICAL"
},
"details": "rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.",
"id": "GHSA-4q64-7w7g-5x5w",
"modified": "2022-05-14T01:18:24Z",
"published": "2022-05-14T01:18:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20179"
},
{
"type": "WEB",
"url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
},
{
"type": "WEB",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106938"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QFR-CJVM-QRCJ
Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
net: fix crash when config small gso_max_size/gso_ipv4_max_size
Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. Call Trace: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Add check for the minimum value of gso_max_size and gso_ipv4_max_size.
{
"affected": [],
"aliases": [
"CVE-2024-50258"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-09T11:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"id": "GHSA-4qfr-cjvm-qrcj",
"modified": "2025-11-03T21:31:34Z",
"published": "2024-11-09T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50258"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90c8482a5d9791259ba77bfdc1849fc5128b4be7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ab5cf19fb0e4680f95e506d6c544259bf1111c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ac5977001eee7660c643f8e07a2de9001990b7b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e72fd1389a5364bc6aa6312ecf30bdb5891b9486"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e9365368b483328639c03fc730448dccd5a25b6b"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4V3W-RM54-5XG3
Vulnerability from github – Published: 2022-11-22 12:30 – Updated: 2022-11-30 21:30A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP and BMEH)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)
{
"affected": [],
"aliases": [
"CVE-2022-37301"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-22T12:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)\n",
"id": "GHSA-4v3w-rm54-5xg3",
"modified": "2022-11-30T21:30:23Z",
"published": "2022-11-22T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37301"
},
{
"type": "WEB",
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VF7-QXXR-9PXC
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2026-42981"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:14Z",
"severity": "HIGH"
},
"details": "Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-4vf7-qxxr-9pxc",
"modified": "2026-06-09T18:30:45Z",
"published": "2026-06-09T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42981"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42981"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-533G-7W58-G89M
Vulnerability from github – Published: 2024-12-23 00:30 – Updated: 2024-12-26 06:30An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn't actually exist, a crash is nearly guaranteed.
{
"affected": [],
"aliases": [
"CVE-2024-56375"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-22T23:15:06Z",
"severity": "HIGH"
},
"details": "An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn\u0027t actually exist, a crash is nearly guaranteed.",
"id": "GHSA-533g-7w58-g89m",
"modified": "2024-12-26T06:30:47Z",
"published": "2024-12-23T00:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56375"
},
{
"type": "WEB",
"url": "https://github.com/NICMx/FORT-validator/issues/154"
},
{
"type": "WEB",
"url": "https://nicmx.github.io/FORT-validator/CVE.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54C3-2724-2J2F
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-3926"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-28T17:29:00Z",
"severity": "MODERATE"
},
"details": "An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.",
"id": "GHSA-54c3-2724-2j2f",
"modified": "2022-05-13T01:01:56Z",
"published": "2022-05-13T01:01:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3926"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105162"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.