CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
643 vulnerabilities reference this CWE, most recent first.
GHSA-9WRW-W4GF-8X2Q
Vulnerability from github – Published: 2025-01-14 21:31 – Updated: 2025-01-14 21:31Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-21133"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T19:15:34Z",
"severity": "HIGH"
},
"details": "Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-9wrw-w4gf-8x2q",
"modified": "2025-01-14T21:31:47Z",
"published": "2025-01-14T21:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21133"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9X9Q-GXG4-G22G
Vulnerability from github – Published: 2022-05-14 03:25 – Updated: 2022-05-14 03:25In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in an EMM command, an integer underflow can occur.
{
"affected": [],
"aliases": [
"CVE-2015-9167"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-18T14:29:00Z",
"severity": "CRITICAL"
},
"details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in an EMM command, an integer underflow can occur.",
"id": "GHSA-9x9q-gxg4-g22g",
"modified": "2022-05-14T03:25:51Z",
"published": "2022-05-14T03:25:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9167"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C3MC-R2X5-RWMF
Vulnerability from github – Published: 2023-01-11 00:30 – Updated: 2023-01-14 06:30An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
{
"affected": [],
"aliases": [
"CVE-2022-4338"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-10T22:15:00Z",
"severity": "CRITICAL"
},
"details": "An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.",
"id": "GHSA-c3mc-r2x5-rwmf",
"modified": "2023-01-14T06:30:28Z",
"published": "2023-01-11T00:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4338"
},
{
"type": "WEB",
"url": "https://github.com/openvswitch/ovs/pull/405"
},
{
"type": "WEB",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5319"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5FJ-M6RF-9968
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-26244"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:45Z",
"severity": "HIGH"
},
"details": "Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability",
"id": "GHSA-c5fj-m6rf-9968",
"modified": "2024-04-09T18:30:26Z",
"published": "2024-04-09T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26244"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5G3-QQP2-F4CV
Vulnerability from github – Published: 2021-12-18 00:00 – Updated: 2022-07-02 00:00Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.
{
"affected": [],
"aliases": [
"CVE-2021-20607"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-17T17:15:00Z",
"severity": "MODERATE"
},
"details": "Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.",
"id": "GHSA-c5g3-qqp2-f4cv",
"modified": "2022-07-02T00:00:25Z",
"published": "2021-12-18T00:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20607"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU93817405/index.html"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-021_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C693-JH58-C8CM
Vulnerability from github – Published: 2023-06-16 21:30 – Updated: 2024-04-04 04:55An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.
{
"affected": [],
"aliases": [
"CVE-2023-35790"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-16T21:15:09Z",
"severity": "HIGH"
},
"details": "An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.",
"id": "GHSA-c693-jh58-c8cm",
"modified": "2024-04-04T04:55:31Z",
"published": "2023-06-16T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35790"
},
{
"type": "WEB",
"url": "https://github.com/libjxl/libjxl/pull/2551"
},
{
"type": "WEB",
"url": "https://github.com/libjxl/libjxl/releases/tag/v0.8.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C6HR-V224-3W2W
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-19 15:33In the Linux kernel, the following vulnerability has been resolved:
dm-thin: fix metadata refcount underflow
There's a bug in dm-thin in the function rebalance_children. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and then decrement the child's reference count.
If the child node is shared (it has reference count > 1), we won't free it, so there would be two pointers to each of the grandchildren nodes. But the reference counts of the grandchildren is not increased, thus the reference count doesn't match the number of pointers that point to the grandchildren. This results in "device mapper: space map common: unable to decrement block" errors.
Fix this bug by incrementing reference counts on the grandchildren if the btree node is shared.
{
"affected": [],
"aliases": [
"CVE-2026-46107"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:26Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-thin: fix metadata refcount underflow\n\nThere\u0027s a bug in dm-thin in the function rebalance_children. If the\ninternal btree node has one entry, the code tries to copy all btree\nentries from the node\u0027s child to the node itself and then decrement the\nchild\u0027s reference count.\n\nIf the child node is shared (it has reference count \u003e 1), we won\u0027t free\nit, so there would be two pointers to each of the grandchildren nodes.\nBut the reference counts of the grandchildren is not increased, thus the\nreference count doesn\u0027t match the number of pointers that point to the\ngrandchildren. This results in \"device mapper: space map common: unable\nto decrement block\" errors.\n\nFix this bug by incrementing reference counts on the grandchildren if the\nbtree node is shared.",
"id": "GHSA-c6hr-v224-3w2w",
"modified": "2026-06-19T15:33:13Z",
"published": "2026-05-28T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46107"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/09a65adc7d8bbfce06392cb6d375468e2728ead5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12161e03d33afce781f68fa11cc6060538862fad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/323d252a4a378834e4fe68298ca61cfc5dd3a460"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ec0debbcfd43596e32c1239e993de06a704e04c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/85311a585a26640760cd0f3349ab9f2905691044"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b719d12cb94df345e9ad2715fd0abe9afcaeb111"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f06f6aededd792a754cd677c02b3d3016d868c2c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f49b41c9eb7c6ff00df27cd49cea210abbadd8ad"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C76W-89Q6-H938
Vulnerability from github – Published: 2022-05-14 01:09 – Updated: 2022-05-14 01:09The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.
{
"affected": [],
"aliases": [
"CVE-2017-8924"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-12T21:29:00Z",
"severity": "MODERATE"
},
"details": "The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.",
"id": "GHSA-c76w-89q6-h938",
"modified": "2022-05-14T01:09:55Z",
"published": "2022-05-14T01:09:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8924"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/654b404f2a222f918af9b0cd18ad469d0c941a8e"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98451"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C9GV-4J5C-V56G
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-28 09:31In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction
Add guards to ensure ie_length is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow.
{
"affected": [],
"aliases": [
"CVE-2026-53178"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:35Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction\n\nAdd guards to ensure ie_length is large enough before subtracting\nfixed IE offsets to prevent unsigned integer underflow.",
"id": "GHSA-c9gv-4j5c-v56g",
"modified": "2026-06-28T09:31:43Z",
"published": "2026-06-25T09:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53178"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/542d65a6dbd9733baab96313c9fe76a76e93f484"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88e994c57a79f62d5338231d8d37ee8dd98baffe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C9QR-JRPQ-4QQR
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow.
{
"affected": [],
"aliases": [
"CVE-2016-1925"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-23T21:59:00Z",
"severity": "CRITICAL"
},
"details": "Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow.",
"id": "GHSA-c9qr-jrpq-4qqr",
"modified": "2022-05-13T01:25:07Z",
"published": "2022-05-13T01:25:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1925"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-42"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/01/18/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/01/18/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.