Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

642 vulnerabilities reference this CWE, most recent first.

GHSA-Q3RR-XQPW-VV2X

Vulnerability from github – Published: 2024-02-20 18:30 – Updated: 2025-11-04 21:31
VLAI
Details

An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-20T16:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-q3rr-xqpw-vv2x",
  "modified": "2025-11-04T21:31:10Z",
  "published": "2024-02-20T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23313"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1922"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q43W-G673-M6F4

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2024-11-04 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: fix underflow in parse_server_interfaces()

In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix underflow in parse_server_interfaces()\n\nIn this loop, we step through the buffer and after each item we check\nif the size_left is greater than the minimum size we need.  However,\nthe problem is that \"bytes_left\" is type ssize_t while sizeof() is type\nsize_t.  That means that because of type promotion, the comparison is\ndone as an unsigned and if we have negative bytes left the loop\ncontinues instead of ending.",
  "id": "GHSA-q43w-g673-m6f4",
  "modified": "2024-11-04T21:30:26Z",
  "published": "2024-04-17T12:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26828"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q4R3-MQQ6-78X5

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2022-05-24 16:50
VLAI
Details

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
  "id": "GHSA-q4r3-mqq6-78x5",
  "modified": "2022-05-24T16:50:13Z",
  "published": "2022-05-24T16:50:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13602"
    },
    {
      "type": "WEB",
      "url": "https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
    },
    {
      "type": "WEB",
      "url": "https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Aug/36"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201909-02"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4074-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4504"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q94H-VC2H-J68G

Vulnerability from github – Published: 2022-05-01 01:47 – Updated: 2024-02-08 18:30
VLAI
Details

Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-0199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-05-02T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.",
  "id": "GHSA-q94h-vc2h-j68g",
  "modified": "2024-02-08T18:30:37Z",
  "published": "2022-05-01T01:47:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0199"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19143"
    },
    {
      "type": "WEB",
      "url": "http://arthur.ath.cx/pipermail/ngircd-ml/2005-January/000228.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=79705"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/14056"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/14059"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1013047"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-40.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/12397"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QC3G-XJ9R-Q7VM

Vulnerability from github – Published: 2022-05-14 02:00 – Updated: 2022-05-14 02:00
VLAI
Details

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-18T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.",
  "id": "GHSA-qc3g-xj9r-q7vm",
  "modified": "2022-05-14T02:00:29Z",
  "published": "2022-05-14T02:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11301"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
    },
    {
      "type": "WEB",
      "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=31ad3a5a7458e60f5e0ba4f492cebe1f1bda0964"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFGJ-VXWQ-R49V

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25
VLAI
Details

Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-1770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-24T20:55:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.",
  "id": "GHSA-qfgj-vxwq-r49v",
  "modified": "2022-05-13T01:25:05Z",
  "published": "2022-05-13T01:25:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1770"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:0836"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:1253"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2011-1770"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703011"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061366.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=linux-kernel\u0026m=130468845209036\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=linux-kernel\u0026m=130469305815140\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44932"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8286"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/ChangeLog-2.6.33.14"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47769"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025592"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM7W-RP99-M478

Vulnerability from github – Published: 2025-01-14 21:31 – Updated: 2025-01-14 21:31
VLAI
Details

Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T20:15:30Z",
    "severity": "HIGH"
  },
  "details": "Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-qm7w-rp99-m478",
  "modified": "2025-01-14T21:31:48Z",
  "published": "2025-01-14T21:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21135"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/animate/apsb25-05.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQR8-VWW9-H837

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09
VLAI
Details

An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-25T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.",
  "id": "GHSA-qqr8-vww9-h837",
  "modified": "2022-05-24T17:09:37Z",
  "published": "2022-05-24T17:09:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5148"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0938"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QW9P-XH57-VVWJ

Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30
VLAI
Details

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T17:15:58Z",
    "severity": "MODERATE"
  },
  "details": "Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.",
  "id": "GHSA-qw9p-xh57-vvwj",
  "modified": "2025-05-13T18:30:55Z",
  "published": "2025-05-13T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29974"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29974"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QWPM-85R5-4M77

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-10T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An integer underflow has been found in the latest version of ZCFees. The variables \u0027currPeriodIdx\u0027 and \u0027lastPeriodExecIdx\u0027 are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.",
  "id": "GHSA-qwpm-85r5-4m77",
  "modified": "2022-05-24T17:41:41Z",
  "published": "2022-05-24T17:41:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24837"
    },
    {
      "type": "WEB",
      "url": "https://etherscan.io/address/0x9d79c6e2a0222b9ac7bfabc447209c58fe9e0dcc#code"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.