CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
642 vulnerabilities reference this CWE, most recent first.
GHSA-VFHX-W4XW-3MWG
Vulnerability from github – Published: 2022-05-14 02:04 – Updated: 2022-05-14 02:04Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
{
"affected": [],
"aliases": [
"CVE-2014-8768"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-11-20T17:50:00Z",
"severity": "MODERATE"
},
"details": "Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.",
"id": "GHSA-vfhx-w4xw-3mwg",
"modified": "2022-05-14T02:04:38Z",
"published": "2022-05-14T02:04:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8768"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98766"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Nov/48"
},
{
"type": "WEB",
"url": "http://www.exploit-db.com/exploits/35359"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/534010/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/71155"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2433-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VG32-CM75-RJR5
Vulnerability from github – Published: 2025-05-06 21:30 – Updated: 2025-05-06 21:30Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.
{
"affected": [],
"aliases": [
"CVE-2025-47256"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-06T20:15:27Z",
"severity": "MODERATE"
},
"details": "Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.",
"id": "GHSA-vg32-cm75-rjr5",
"modified": "2025-05-06T21:30:48Z",
"published": "2025-05-06T21:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47256"
},
{
"type": "WEB",
"url": "https://github.com/libxmp/libxmp/issues/847"
},
{
"type": "WEB",
"url": "https://github.com/GCatt-AS/CVE-2025-47256"
},
{
"type": "WEB",
"url": "https://github.com/libxmp/libxmp/blob/ec22d1c7b93c8f681f8504a6c61c6f8a52458a10/src/loaders/prowizard/pha.c#L35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VGM9-QPVF-CP5W
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
hwmon: (lm95234) Fix underflows seen when writing limit attributes
DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
{
"affected": [],
"aliases": [
"CVE-2024-46758"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:04Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
"id": "GHSA-vgm9-qpvf-cp5w",
"modified": "2024-09-23T18:30:34Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46758"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VH32-2CMQ-5XPC
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
{
"affected": [],
"aliases": [
"CVE-2024-46757"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:04Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
"id": "GHSA-vh32-2cmq-5xpc",
"modified": "2024-09-23T18:30:34Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46757"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJWH-4XJH-5595
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
{
"affected": [],
"aliases": [
"CVE-2016-2316"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-02-22T15:59:00Z",
"severity": "HIGH"
},
"details": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.",
"id": "GHSA-vjwh-4xjh-5595",
"modified": "2022-05-17T00:27:42Z",
"published": "2022-05-17T00:27:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2316"
},
{
"type": "WEB",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/82651"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034930"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM9W-MQXM-485Q
Vulnerability from github – Published: 2026-06-01 21:30 – Updated: 2026-06-02 15:32FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.
{
"affected": [],
"aliases": [
"CVE-2026-37231"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T19:16:33Z",
"severity": "HIGH"
},
"details": "FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.",
"id": "GHSA-vm9w-mqxm-485q",
"modified": "2026-06-02T15:32:01Z",
"published": "2026-06-01T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37231"
},
{
"type": "WEB",
"url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37231.md"
},
{
"type": "WEB",
"url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VMR3-XRH5-2R29
Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32Information disclosure while parsing sub-IE length during new IE generation.
{
"affected": [],
"aliases": [
"CVE-2024-21466"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T15:15:15Z",
"severity": "MODERATE"
},
"details": "Information disclosure while parsing sub-IE length during new IE generation.",
"id": "GHSA-vmr3-xrh5-2r29",
"modified": "2024-07-01T15:32:44Z",
"published": "2024-07-01T15:32:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21466"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VP3J-RHGW-HR9F
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
{
"affected": [],
"aliases": [
"CVE-2013-6424"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-01-18T19:55:00Z",
"severity": "MODERATE"
},
"details": "Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.",
"id": "GHSA-vp3j-rhgw-hr9f",
"modified": "2022-05-13T01:04:23Z",
"published": "2022-05-13T01:04:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6424"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2013:1868"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2013-6424"
},
{
"type": "WEB",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=67484"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1037984"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-64"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html"
},
{
"type": "WEB",
"url": "http://lists.x.org/archives/xorg-devel/2013-October/037996.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1868.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2822"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/12/03/8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/12/04/8"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2500-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VQ3C-WGC6-RVMQ
Vulnerability from github – Published: 2026-07-14 00:31 – Updated: 2026-07-14 18:31OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData).
{
"affected": [],
"aliases": [
"CVE-2026-51540"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T22:16:47Z",
"severity": "CRITICAL"
},
"details": "OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData).",
"id": "GHSA-vq3c-wgc6-rvmq",
"modified": "2026-07-14T18:31:51Z",
"published": "2026-07-14T00:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-51540"
},
{
"type": "WEB",
"url": "https://github.com/EIPStackGroup/OpENer/issues/568"
},
{
"type": "WEB",
"url": "https://gist.github.com/MrAlaskan/5e0c2af7f4a1d188814c7fa8f812c8da"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQGR-F24J-7RXX
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
{
"affected": [],
"aliases": [
"CVE-2014-9087"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-12-01T15:59:00Z",
"severity": "HIGH"
},
"details": "Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.",
"id": "GHSA-vqgr-f24j-7rxx",
"modified": "2022-05-13T01:25:22Z",
"published": "2022-05-13T01:25:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9087"
},
{
"type": "WEB",
"url": "https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2014-0498.html"
},
{
"type": "WEB",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60073"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60189"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60233"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-3078"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:234"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:151"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/71285"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2427-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.