CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
642 vulnerabilities reference this CWE, most recent first.
GHSA-P527-WJVQ-VXG8
Vulnerability from github – Published: 2026-01-16 21:30 – Updated: 2026-01-16 21:30In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
{
"affected": [],
"aliases": [
"CVE-2025-62291"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-16T19:16:18Z",
"severity": "HIGH"
},
"details": "In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.",
"id": "GHSA-p527-wjvq-vxg8",
"modified": "2026-01-16T21:30:37Z",
"published": "2026-01-16T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62291"
},
{
"type": "WEB",
"url": "https://github.com/strongswan/strongswan/commits/master/src/libcharon/plugins/eap_mschapv2"
},
{
"type": "WEB",
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00002.html"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-%28cve-2025-62291%29.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P6WP-HHX9-7JJ5
Vulnerability from github – Published: 2026-04-12 21:30 – Updated: 2026-04-12 21:30In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
{
"affected": [],
"aliases": [
"CVE-2026-40386"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-12T19:16:20Z",
"severity": "MODERATE"
},
"details": "In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.",
"id": "GHSA-p6wp-hhx9-7jj5",
"modified": "2026-04-12T21:30:18Z",
"published": "2026-04-12T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40386"
},
{
"type": "WEB",
"url": "https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P768-XGQW-QMFX
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-01 18:30A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-0469"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-26T21:18:00Z",
"severity": "MODERATE"
},
"details": "A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.",
"id": "GHSA-p768-xgqw-qmfx",
"modified": "2023-02-01T18:30:30Z",
"published": "2023-01-26T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0469"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163723"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P894-8WV9-373J
Vulnerability from github – Published: 2026-06-25 21:31 – Updated: 2026-07-01 18:31Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.
{
"affected": [],
"aliases": [
"CVE-2026-6678"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T21:16:28Z",
"severity": "LOW"
},
"details": "Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption.",
"id": "GHSA-p894-8wv9-373j",
"modified": "2026-07-01T18:31:22Z",
"published": "2026-06-25T21:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6678"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/10203"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2408"
},
{
"type": "WEB",
"url": "https://www.wolfssl.com/docs/security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear",
"type": "CVSS_V4"
}
]
}
GHSA-P98G-6F6C-423F
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-27907"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:16:57Z",
"severity": "HIGH"
},
"details": "Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-p98g-6f6c-423f",
"modified": "2026-04-14T18:30:38Z",
"published": "2026-04-14T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27907"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27907"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCJQ-CMP7-76VX
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2024-04-04 03:05An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.
{
"affected": [],
"aliases": [
"CVE-2021-28362"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-24T14:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.",
"id": "GHSA-pcjq-cmp7-76vx",
"modified": "2024-04-04T03:05:28Z",
"published": "2022-05-24T17:45:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28362"
},
{
"type": "WEB",
"url": "https://github.com/contiki-os/contiki/releases"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/815128"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PF4X-FWWQ-H7VV
Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2022-07-02 00:00The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated.
{
"affected": [],
"aliases": [
"CVE-2021-24893"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-20",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-03T13:15:00Z",
"severity": "HIGH"
},
"details": "The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated.",
"id": "GHSA-pf4x-fwwq-h7vv",
"modified": "2022-07-02T00:00:30Z",
"published": "2022-01-04T00:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24893"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/05d3af69-20b4-499a-8322-2b53674d6a58"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PGFP-3XC3-MF3P
Vulnerability from github – Published: 2026-04-15 00:31 – Updated: 2026-04-15 00:31Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-27297"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T23:16:26Z",
"severity": "HIGH"
},
"details": "Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-pgfp-3xc3-mf3p",
"modified": "2026-04-15T00:31:35Z",
"published": "2026-04-15T00:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27297"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/framemaker/apsb26-36.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJFF-XVFX-J92G
Vulnerability from github – Published: 2022-05-14 01:43 – Updated: 2022-05-14 01:43An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.
{
"affected": [],
"aliases": [
"CVE-2018-16601"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-06T23:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.",
"id": "GHSA-pjff-xvfx-j92g",
"modified": "2022-05-14T01:43:20Z",
"published": "2022-05-14T01:43:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16601"
},
{
"type": "WEB",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details"
},
{
"type": "WEB",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems"
},
{
"type": "WEB",
"url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PM7M-XQ2W-2Q3X
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
{
"affected": [],
"aliases": [
"CVE-2013-6425"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-01-18T19:55:00Z",
"severity": "MODERATE"
},
"details": "Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.",
"id": "GHSA-pm7m-xq2w-2q3x",
"modified": "2022-05-13T01:14:31Z",
"published": "2022-05-13T01:14:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6425"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2013:1869"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2013-6425"
},
{
"type": "WEB",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=67484"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1037975"
},
{
"type": "WEB",
"url": "http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c"
},
{
"type": "WEB",
"url": "http://lists.freedesktop.org/archives/pixman/2013-November/003109.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00008.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00097.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1869.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2823"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/12/03/8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/12/04/8"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2047-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.