Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

642 vulnerabilities reference this CWE, most recent first.

GHSA-XHP4-6G9V-4XVJ

Vulnerability from github – Published: 2025-06-02 06:30 – Updated: 2025-06-02 06:30
VLAI
Details

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49112"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-02T05:15:21Z",
    "severity": "LOW"
  },
  "details": "setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev-\u003esize - prev-\u003eused.",
  "id": "GHSA-xhp4-6g9v-4xvj",
  "modified": "2025-06-02T06:30:32Z",
  "published": "2025-06-02T06:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49112"
    },
    {
      "type": "WEB",
      "url": "https://github.com/valkey-io/valkey/pull/2101"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src/networking.c#L783"
    },
    {
      "type": "WEB",
      "url": "https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJPV-2H98-WPC7

Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-05-22 00:00
VLAI
Details

Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-12T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.",
  "id": "GHSA-xjpv-2h98-wpc7",
  "modified": "2022-05-22T00:00:32Z",
  "published": "2022-05-13T00:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1698"
    },
    {
      "type": "WEB",
      "url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJR6-XHWQ-23JV

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1108"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-11T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.",
  "id": "GHSA-xjr6-xhwq-23jv",
  "modified": "2022-05-24T19:11:02Z",
  "published": "2022-05-24T19:11:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1108"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5216"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5259"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XM5W-G7HV-W7F6

Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2025-04-20 03:35
VLAI
Details

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-3034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-12T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-xm5w-g7hv-w7f6",
  "modified": "2025-04-20T03:35:55Z",
  "published": "2022-05-17T02:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3034"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97548"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038228"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-260"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XM66-M73V-859R

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36221"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).",
  "id": "GHSA-xm66-m73v-859r",
  "modified": "2022-05-24T17:40:15Z",
  "published": "2022-05-24T17:40:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36221"
    },
    {
      "type": "WEB",
      "url": "https://bugs.openldap.org/show_bug.cgi?id=9404"
    },
    {
      "type": "WEB",
      "url": "https://bugs.openldap.org/show_bug.cgi?id=9424"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210226-0002"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212530"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212531"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4845"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/64"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/65"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMHR-MV9M-HHVF

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13
VLAI
Details

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191",
      "CWE-195"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-01T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the \u0027num\u0027 parameter results in a signed comparison vulnerability. If an attacker underflows the \u0027num\u0027 parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.",
  "id": "GHSA-xmhr-mv9m-hhvf",
  "modified": "2022-05-24T17:13:19Z",
  "published": "2022-05-24T17:13:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6096"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-20"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25620"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XPM4-896P-MCWJ

Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2024-12-10 21:30
VLAI
Details

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52984"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-10T21:15:18Z",
    "severity": "HIGH"
  },
  "details": "Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-xpm4-896p-mcwj",
  "modified": "2024-12-10T21:30:53Z",
  "published": "2024-12-10T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52984"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/animate/apsb24-96.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XPR9-HG8G-RGG6

Vulnerability from github – Published: 2023-11-13 21:30 – Updated: 2023-11-13 21:30
VLAI
Details

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-47360"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-07T16:15:29Z",
    "severity": "HIGH"
  },
  "details": "Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.",
  "id": "GHSA-xpr9-hg8g-rgg6",
  "modified": "2023-11-13T21:30:57Z",
  "published": "2023-11-13T21:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47360"
    },
    {
      "type": "WEB",
      "url": "https://0xariana.github.io/blog/real_bugs/vlc/mms"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XQMQ-2P4J-99X8

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-19 15:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()

Some crafted images can have illegal (!partial_decoding && m_llen < m_plen) extents, and the LZ4 inplace decompression path can be wrongly hit, but it cannot handle (outpages < inpages) properly: "outpages - inpages" wraps to a large value and the subsequent rq->out[] access reads past the decompressed_pages array.

However, such crafted cases can correctly result in a corruption report in the normal LZ4 non-inplace path.

Let's add an additional check to fix this for backporting.

Reproducible image (base64-encoded gzipped blob):

H4sIAJGR12kCA+3SPUoDQRgG4MkmkkZk8QRbRFIIi9hbpEjrHQI5ghfwCN5BLCzTGtLbBI+g dilSJo1CnIm7GEXFxhT6PDDwfrs73/ywIQD/1ePD4r7Ou6ETsrq4mu7XcWfj++Pb58nJU/9i PNtbjhan04/9GtX4qVYc814WDqt6FaX5s+ZwXXeq52lndT6IuVvlblytLMvh4Gzwaf90nsvz 2DF/21+20T/ldgp5s1jXRaN4t/8izsy/OUB6e/Qa79r+JwAAAAAAAL52vQVuGQAAAP6+my1w ywAAAAAAAADwu14ATsEYtgBQAAA=

$ mount -t erofs -o cache_strategy=disabled foo.erofs /mnt $ dd if=/mnt/data of=/dev/null bs=4096 count=1

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:17Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()\n\nSome crafted images can have illegal (!partial_decoding \u0026\u0026\nm_llen \u003c m_plen) extents, and the LZ4 inplace decompression path\ncan be wrongly hit, but it cannot handle (outpages \u003c inpages)\nproperly: \"outpages - inpages\" wraps to a large value and\nthe subsequent rq-\u003eout[] access reads past the decompressed_pages\narray.\n\nHowever, such crafted cases can correctly result in a corruption\nreport in the normal LZ4 non-inplace path.\n\nLet\u0027s add an additional check to fix this for backporting.\n\nReproducible image (base64-encoded gzipped blob):\n\nH4sIAJGR12kCA+3SPUoDQRgG4MkmkkZk8QRbRFIIi9hbpEjrHQI5ghfwCN5BLCzTGtLbBI+g\ndilSJo1CnIm7GEXFxhT6PDDwfrs73/ywIQD/1ePD4r7Ou6ETsrq4mu7XcWfj++Pb58nJU/9i\nPNtbjhan04/9GtX4qVYc814WDqt6FaX5s+ZwXXeq52lndT6IuVvlblytLMvh4Gzwaf90nsvz\n2DF/21+20T/ldgp5s1jXRaN4t/8izsy/OUB6e/Qa79r+JwAAAAAAAL52vQVuGQAAAP6+my1w\nywAAAAAAAADwu14ATsEYtgBQAAA=\n\n$ mount -t erofs -o cache_strategy=disabled foo.erofs /mnt\n$ dd if=/mnt/data of=/dev/null bs=4096 count=1",
  "id": "GHSA-xqmq-2p4j-99x8",
  "modified": "2026-06-19T15:33:12Z",
  "published": "2026-05-27T15:33:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45999"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/118ff71ff09ebaf323a09af9e911517321a299f4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21e161de2dc660b1bb70ef5b156ab8e6e1cca3ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43a878639b90e9721ffa5eb616a7e6d8454adef3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/778acd52e9497806fbd2cea7f770c41d6850fc48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bbbbb3f0d7864238a8da2a94cd6ec013fee06a2e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c9ce18e6bb2c467ec85756dc7989b547b7584fee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1374fa6e57fd836623668d782ded9244cfd2938"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRPF-F2Q9-273M

Vulnerability from github – Published: 2022-05-14 03:04 – Updated: 2022-05-14 03:04
VLAI
Details

While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5865"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-06T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur.",
  "id": "GHSA-xrpf-f2q9-273m",
  "modified": "2022-05-14T03:04:28Z",
  "published": "2022-05-14T03:04:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5865"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2018-07-01"
    },
    {
      "type": "WEB",
      "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8fb4202e3bb8cfbbb9f9f0e8695891c9971cfcc2"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.