Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

642 vulnerabilities reference this CWE, most recent first.

GHSA-PPWM-HHPM-52W8

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS of Samgr.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-02T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS of Samgr.",
  "id": "GHSA-ppwm-hhpm-52w8",
  "modified": "2022-05-24T19:09:34Z",
  "published": "2022-05-24T19:09:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22379"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PQ3M-8F73-633P

Vulnerability from github – Published: 2025-07-10 21:31 – Updated: 2025-07-10 21:31
VLAI
Details

The Honeywell Experion PKS

and OneWireless WDM

contains an Integer Underflow

vulnerability

in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution.

Honeywell recommends updating to the most recent version of

Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1.

The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T21:15:27Z",
    "severity": "CRITICAL"
  },
  "details": "The Honeywell Experion PKS \n\n and OneWireless WDM \n\ncontains an Integer Underflow \n\nvulnerability \n\nin the component Control\u00a0Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure\u00a0during subtraction allowing remote code execution.\n\n\n\nHoneywell recommends updating to the most recent version of \n\nHoneywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1.\n\n\n\nThe affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E.  The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.",
  "id": "GHSA-pq3m-8f73-633p",
  "modified": "2025-07-10T21:31:53Z",
  "published": "2025-07-10T21:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2523"
    },
    {
      "type": "WEB",
      "url": "https://process.honeywell.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PQ8M-942F-68CV

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30
VLAI
Details

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T14:19:44Z",
    "severity": "HIGH"
  },
  "details": "libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.",
  "id": "GHSA-pq8m-942f-68cv",
  "modified": "2026-03-16T15:30:43Z",
  "published": "2026-03-16T15:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32775"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexif/libexif/issues/247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PRW9-FQ4W-JFRF

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-10-07 18:15
VLAI
Details

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the move_desc function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause move_desc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhost_crypto is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14378"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-30T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.",
  "id": "GHSA-prw9-fq4w-jfrf",
  "modified": "2022-10-07T18:15:55Z",
  "published": "2022-05-24T17:29:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14378"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4550-1"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PVMQ-WGHP-3G56

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2022-05-24 16:51
VLAI
Details

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-30T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Integer underflow in VLC Media Player versions \u003c 3.0.7 leads to an out-of-band read.",
  "id": "GHSA-pvmq-wghp-3g56",
  "modified": "2022-05-24T16:51:48Z",
  "published": "2022-05-24T16:51:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5459"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/502816"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PWH4-8CRG-2XVF

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-06 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Reject zero-length property entries in validator

tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the null-termination logic:

property->value.text[property->length * 4 - 1] = '\0';

When property->length is 0 this writes to offset -1 relative to the allocation.

Reject zero-length entries early in the validator since they have no valid representation in the XDomain property protocol.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:32Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Reject zero-length property entries in validator\n\ntb_property_entry_valid() accepts entries with length == 0 for\nDIRECTORY, DATA, and TEXT types.  A zero-length TEXT entry passes\nvalidation but causes an underflow in the null-termination logic:\n\n  property-\u003evalue.text[property-\u003elength * 4 - 1] = \u0027\\0\u0027;\n\nWhen property-\u003elength is 0 this writes to offset -1 relative to\nthe allocation.\n\nReject zero-length entries early in the validator since they have no\nvalid representation in the XDomain property protocol.",
  "id": "GHSA-pwh4-8crg-2xvf",
  "modified": "2026-07-06T18:30:36Z",
  "published": "2026-06-25T09:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53150"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e0ddac549ebd713eb9f4a15b6496e3440a17d8b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35d6c9252a152e756768a26dbf216b9dd9dd8e92"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b6e68cb97f725385010264a873e14a3921b6b8a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/581c2053ab4dbe27e83c9e62deb4c73aa8dc0c3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f56bc6bddffe8710ba0ba8844023b5a44ca90e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/99d9dbad1463afb510d42c9714f846361d1b726d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca11e7da4fba4b394f69e16448f4463c44c84de6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cff8eb65d1eafe7793e54b4d0cf6bf831644630b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWVR-7GM4-F533

Vulnerability from github – Published: 2025-07-09 00:30 – Updated: 2025-07-09 00:30
VLAI
Details

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T23:15:25Z",
    "severity": "HIGH"
  },
  "details": "Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-pwvr-7gm4-f533",
  "modified": "2025-07-09T00:30:33Z",
  "published": "2025-07-09T00:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47128"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/framemaker/apsb25-66.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWX7-84P4-42QC

Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-03-13 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix potential underflow in virtio_transport_get_credit()

The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic:

ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt);

If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle.

Reuse virtio_transport_has_space() which already handles this case and add a comment to make it clear why we are doing that.

[Stefano: use virtio_transport_has_space() instead of duplicating the code] [Stefano: tweak the commit message]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-04T17:16:17Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix potential underflow in virtio_transport_get_credit()\n\nThe credit calculation in virtio_transport_get_credit() uses unsigned\narithmetic:\n\n  ret = vvs-\u003epeer_buf_alloc - (vvs-\u003etx_cnt - vvs-\u003epeer_fwd_cnt);\n\nIf the peer shrinks its advertised buffer (peer_buf_alloc) while bytes\nare in flight, the subtraction can underflow and produce a large\npositive value, potentially allowing more data to be queued than the\npeer can handle.\n\nReuse virtio_transport_has_space() which already handles this case and\nadd a comment to make it clear why we are doing that.\n\n[Stefano: use virtio_transport_has_space() instead of duplicating the code]\n[Stefano: tweak the commit message]",
  "id": "GHSA-pwx7-84p4-42qc",
  "modified": "2026-03-13T21:31:40Z",
  "published": "2026-02-04T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23069"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02f9af192b98d15883c70dd41ac76d1b0217c899"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ef3d52a1a9860d094395c7a3e593f3aa26ff012"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d05bc313788f0684b27f0f5b60c52a844669b542"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d96de882d6b99955604669d962ae14e94b66a551"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec0f1b3da8061be3173d1c39faaf9504f91942c3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PXCF-WGW3-GWC6

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13
VLAI
Details

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1920"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
  "id": "GHSA-pxcf-wgw3-gwc6",
  "modified": "2022-05-24T19:13:52Z",
  "published": "2022-05-24T19:13:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1920"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q2Q4-VX5M-7XC9

Vulnerability from github – Published: 2025-02-11 18:31 – Updated: 2025-02-11 18:31
VLAI
Details

InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21156"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-11T18:15:27Z",
    "severity": "HIGH"
  },
  "details": "InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-q2q4-vx5m-7xc9",
  "modified": "2025-02-11T18:31:35Z",
  "published": "2025-02-11T18:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21156"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/incopy/apsb25-10.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.