CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
642 vulnerabilities reference this CWE, most recent first.
GHSA-Q3RR-XQPW-VV2X
Vulnerability from github – Published: 2024-02-20 18:30 – Updated: 2025-11-04 21:31An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-23313"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-20T16:15:09Z",
"severity": "CRITICAL"
},
"details": "An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-q3rr-xqpw-vv2x",
"modified": "2025-11-04T21:31:10Z",
"published": "2024-02-20T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23313"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1922"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q43W-G673-M6F4
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2024-11-04 21:30In the Linux kernel, the following vulnerability has been resolved:
cifs: fix underflow in parse_server_interfaces()
In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.
{
"affected": [],
"aliases": [
"CVE-2024-26828"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T10:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix underflow in parse_server_interfaces()\n\nIn this loop, we step through the buffer and after each item we check\nif the size_left is greater than the minimum size we need. However,\nthe problem is that \"bytes_left\" is type ssize_t while sizeof() is type\nsize_t. That means that because of type promotion, the comparison is\ndone as an unsigned and if we have negative bytes left the loop\ncontinues instead of ending.",
"id": "GHSA-q43w-g673-m6f4",
"modified": "2024-11-04T21:30:26Z",
"published": "2024-04-17T12:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26828"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q4R3-MQQ6-78X5
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2022-05-24 16:50An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
{
"affected": [],
"aliases": [
"CVE-2019-13602"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-14T21:15:00Z",
"severity": "HIGH"
},
"details": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"id": "GHSA-q4r3-mqq6-78x5",
"modified": "2022-05-24T16:50:13Z",
"published": "2022-05-24T16:50:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13602"
},
{
"type": "WEB",
"url": "https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
},
{
"type": "WEB",
"url": "https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4074-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/109158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q94H-VC2H-J68G
Vulnerability from github – Published: 2022-05-01 01:47 – Updated: 2024-02-08 18:30Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.
{
"affected": [],
"aliases": [
"CVE-2005-0199"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-05-02T04:00:00Z",
"severity": "HIGH"
},
"details": "Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.",
"id": "GHSA-q94h-vc2h-j68g",
"modified": "2024-02-08T18:30:37Z",
"published": "2022-05-01T01:47:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0199"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19143"
},
{
"type": "WEB",
"url": "http://arthur.ath.cx/pipermail/ngircd-ml/2005-January/000228.html"
},
{
"type": "WEB",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=79705"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/14056"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/14059"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1013047"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-40.xml"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/12397"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QC3G-XJ9R-Q7VM
Vulnerability from github – Published: 2022-05-14 02:00 – Updated: 2022-05-14 02:00In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.
{
"affected": [],
"aliases": [
"CVE-2018-11301"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-18T18:29:00Z",
"severity": "HIGH"
},
"details": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.",
"id": "GHSA-qc3g-xj9r-q7vm",
"modified": "2022-05-14T02:00:29Z",
"published": "2022-05-14T02:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11301"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=31ad3a5a7458e60f5e0ba4f492cebe1f1bda0964"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QFGJ-VXWQ-R49V
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2011-1770"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-06-24T20:55:00Z",
"severity": "HIGH"
},
"details": "Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.",
"id": "GHSA-qfgj-vxwq-r49v",
"modified": "2022-05-13T01:25:05Z",
"published": "2022-05-13T01:25:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1770"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2011:0836"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2011:1253"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2011-1770"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703011"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061366.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=linux-kernel\u0026m=130468845209036\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=linux-kernel\u0026m=130469305815140\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44932"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/8286"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/ChangeLog-2.6.33.14"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/47769"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025592"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QM7W-RP99-M478
Vulnerability from github – Published: 2025-01-14 21:31 – Updated: 2025-01-14 21:31Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-21135"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T20:15:30Z",
"severity": "HIGH"
},
"details": "Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-qm7w-rp99-m478",
"modified": "2025-01-14T21:31:48Z",
"published": "2025-01-14T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21135"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/animate/apsb25-05.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QQR8-VWW9-H837
Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2019-5148"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-25T16:15:00Z",
"severity": "MODERATE"
},
"details": "An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.",
"id": "GHSA-qqr8-vww9-h837",
"modified": "2022-05-24T17:09:37Z",
"published": "2022-05-24T17:09:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5148"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0938"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QW9P-XH57-VVWJ
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
{
"affected": [],
"aliases": [
"CVE-2025-29974"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T17:15:58Z",
"severity": "MODERATE"
},
"details": "Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.",
"id": "GHSA-qw9p-xh57-vvwj",
"modified": "2025-05-13T18:30:55Z",
"published": "2025-05-13T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29974"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29974"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QWPM-85R5-4M77
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.
{
"affected": [],
"aliases": [
"CVE-2020-24837"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-10T16:15:00Z",
"severity": "HIGH"
},
"details": "An integer underflow has been found in the latest version of ZCFees. The variables \u0027currPeriodIdx\u0027 and \u0027lastPeriodExecIdx\u0027 are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.",
"id": "GHSA-qwpm-85r5-4m77",
"modified": "2022-05-24T17:41:41Z",
"published": "2022-05-24T17:41:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24837"
},
{
"type": "WEB",
"url": "https://etherscan.io/address/0x9d79c6e2a0222b9ac7bfabc447209c58fe9e0dcc#code"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.