CWE-1335
AllowedIncorrect Bitwise Shift of Integer
Abstraction: Base · Status: Draft
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.
8 vulnerabilities reference this CWE, most recent first.
CVE-2026-4426 (GCVE-0-2026-4426)
Vulnerability from cvelistv5 – Published: 2026-03-19 13:53 – Updated: 2026-05-03 20:57- CWE-1335 - Incorrect Bitwise Shift of Integer
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:8944 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-4426 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2449010 | issue-trackingx_refsource_REDHAT |
| https://github.com/libarchive/libarchive/pull/2897 |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Hardened Images |
Unaffected:
3.8.7-1.hum1 , < *
(rpm)
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T15:19:10.267574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T15:19:18.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"packageName": "libarchive-main",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.8.7-1.hum1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "libarchive",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Elhanan Haenel for reporting this issue."
}
],
"datePublic": "2026-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1335",
"description": "Incorrect Bitwise Shift of Integer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-03T20:57:03.196Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:8944",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8944"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-4426"
},
{
"name": "RHBZ#2449010",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449010"
},
{
"url": "https://github.com/libarchive/libarchive/pull/2897"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-19T12:39:13.967Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-19T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libarchive: libarchive: denial of service via malformed iso file processing",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, avoid processing untrusted ISO9660 images with `libarchive`. Restricting the sources of ISO files and ensuring they originate from trusted entities can prevent exploitation."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-1335: Incorrect Bitwise Shift of Integer"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-4426",
"datePublished": "2026-03-19T13:53:39.318Z",
"dateReserved": "2026-03-19T12:43:31.427Z",
"dateUpdated": "2026-05-03T20:57:03.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32029 (GCVE-0-2025-32029)
Vulnerability from cvelistv5 – Published: 2025-04-07 20:13 – Updated: 2025-04-08 13:38| URL | Tags |
|---|---|
| https://github.com/ApelegHQ/ts-asn1-der/security/… | x_refsource_CONFIRM |
| https://github.com/ApelegHQ/ts-asn1-der/commit/b2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ApelegHQ | ts-asn1-der |
Affected:
< 1.0.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:38:13.084238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T13:38:23.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ts-asn1-der",
"vendor": "ApelegHQ",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**31 -- 2**32 - 1. The arithmetic in the numBitLen didn\u0027t take into account that values in this range could result in a negative result upon applying the \u003e\u003e operator, leading to an infinite loop. The issue is patched in version 1.0.4. If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -2**31 + 1 and no larger than 2**31 - 1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1335",
"description": "CWE-1335: Incorrect Bitwise Shift of Integer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T20:13:48.176Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ApelegHQ/ts-asn1-der/security/advisories/GHSA-p4qw-7j9g-5h53",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ApelegHQ/ts-asn1-der/security/advisories/GHSA-p4qw-7j9g-5h53"
},
{
"name": "https://github.com/ApelegHQ/ts-asn1-der/commit/b2bc9032cbe19755d234a27d79e47a7e52993af8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ApelegHQ/ts-asn1-der/commit/b2bc9032cbe19755d234a27d79e47a7e52993af8"
}
],
"source": {
"advisory": "GHSA-p4qw-7j9g-5h53",
"discovery": "UNKNOWN"
},
"title": "ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32029",
"datePublished": "2025-04-07T20:13:48.176Z",
"dateReserved": "2025-04-01T21:57:32.957Z",
"dateUpdated": "2025-04-08T13:38:23.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3161 (GCVE-0-2023-3161)
Vulnerability from cvelistv5 – Published: 2023-06-12 00:00 – Updated: 2025-03-11 14:54| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Linux Kernel (fbcon) |
Affected:
Fixed in kernel 6.2-rc7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-3161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:55:24.686732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:29.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux Kernel (fbcon)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in kernel 6.2-rc7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font-\u003ewidth and font-\u003eheight greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1335",
"description": "CWE-1335",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485"
},
{
"url": "https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3161",
"datePublished": "2023-06-12T00:00:00.000Z",
"dateReserved": "2023-06-08T00:00:00.000Z",
"dateUpdated": "2025-03-11T14:54:29.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-3686-JJCF-4W27
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2026-07-14 12:31The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
{
"affected": [],
"aliases": [
"CVE-2016-9842"
],
"database_specific": {
"cwe_ids": [
"CWE-1335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-23T04:29:00Z",
"severity": "HIGH"
},
"details": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.",
"id": "GHSA-3686-jjcf-4w27",
"modified": "2026-07-14T12:31:05Z",
"published": "2022-05-13T01:25:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842"
},
{
"type": "WEB",
"url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"type": "WEB",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4292-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4246-1"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208144"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208115"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208113"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208112"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-54"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-470355.html"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039427"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GJF-XQC3-Q68R
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-07-03 18:42In the Linux kernel, the following vulnerability has been resolved:
fs/jfs: Add check for negative db_l2nbperpage
l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative.
In the case of l2nbperpage being negative, an error will occur when subsequently used as shift exponent.
Syzbot reported this bug:
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12 shift exponent -16777216 is negative
{
"affected": [],
"aliases": [
"CVE-2023-52810"
],
"database_specific": {
"cwe_ids": [
"CWE-1335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:19Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/jfs: Add check for negative db_l2nbperpage\n\nl2nbperpage is log2(number of blks per page), and the minimum legal\nvalue should be 0, not negative.\n\nIn the case of l2nbperpage being negative, an error will occur\nwhen subsequently used as shift exponent.\n\nSyzbot reported this bug:\n\nUBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12\nshift exponent -16777216 is negative",
"id": "GHSA-8gjf-xqc3-q68r",
"modified": "2024-07-03T18:42:57Z",
"published": "2024-05-21T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52810"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0cb567e727339a192f9fd0db00781d73a91d15a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1a7c53fdea1d189087544d9a606d249e93c4934b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/491085258185ffc4fb91555b0dba895fe7656a45"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/524b4f203afcf87accfe387e846f33f916f0c907"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/525b861a008143048535011f3816d407940f4bfa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f148b16972e5f4592629b244d5109b15135f53f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f2964df6bfce9d92d81ca552010b8677af8d9dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HX96-88F5-C8JV
Vulnerability from github – Published: 2023-06-12 21:30 – Updated: 2024-04-04 04:44A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-3161"
],
"database_specific": {
"cwe_ids": [
"CWE-1335",
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-12T20:15:12Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font-\u003ewidth and font-\u003eheight greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.",
"id": "GHSA-hx96-88f5-c8jv",
"modified": "2024-04-04T04:44:25Z",
"published": "2023-06-12T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3161"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P4QW-7J9G-5H53
Vulnerability from github – Published: 2025-04-07 21:11 – Updated: 2025-04-08 17:49Impact
Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**31 -- 2**32 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop.
In addition, number encoding had a few other issues that resulted it in it not encoding values correctly.
Patches
The issue is patched in version 1.0.4. Users are recommended to upgrade as soon as possible.
Workarounds
If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -2**31 + 1 and no larger than 2**31 - 1. Although Asn1Integer supports bigint inputs, some additional implementation issues make using bigint as a mitigation inviable, as it will result in incorrect values.
If upgrading is not an option and range checks are impractical or undesirable, input to Asn1Integer can be provided as a buffer to be used directly. Note that this requires computing the correct DER encoding externally.
References
N/A
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@apeleghq/asn1-der"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-32029"
],
"database_specific": {
"cwe_ids": [
"CWE-1335",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-07T21:11:19Z",
"nvd_published_at": "2025-04-07T21:15:42Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nIncorrect `number` DER encoding can lead to denial on service for absolute values in the range `2**31` -- `2**32 - 1`. The arithmetic in the `numBitLen` didn\u0027t take into account that values in this range could result in a negative result upon applying the `\u003e\u003e` operator, leading to an infinite loop.\n\nIn addition, `number` encoding had a few other issues that resulted it in it not encoding values correctly.\n\n### Patches\n\nThe issue is patched in version `1.0.4`. Users are recommended to upgrade as soon as possible.\n\n### Workarounds\n\nIf upgrading is not an option, the issue can be mitigated by validating inputs to `Asn1Integer` to ensure that they are not smaller than `-2**31 + 1` and no larger than `2**31 - 1`. Although `Asn1Integer` supports `bigint` inputs, some additional implementation issues make using `bigint` as a mitigation inviable, as it will result in incorrect values.\n\nIf upgrading is not an option and range checks are impractical or undesirable, input to `Asn1Integer` can be provided as a buffer to be used directly. Note that this requires computing the correct DER encoding externally.\n\n### References\n\nN/A",
"id": "GHSA-p4qw-7j9g-5h53",
"modified": "2025-04-08T17:49:39Z",
"published": "2025-04-07T21:11:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ApelegHQ/ts-asn1-der/security/advisories/GHSA-p4qw-7j9g-5h53"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32029"
},
{
"type": "WEB",
"url": "https://github.com/ApelegHQ/ts-asn1-der/commit/b2bc9032cbe19755d234a27d79e47a7e52993af8"
},
{
"type": "PACKAGE",
"url": "https://github.com/ApelegHQ/ts-asn1-der"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation"
}
GHSA-R3FP-VRPW-PG77
Vulnerability from github – Published: 2026-03-19 15:31 – Updated: 2026-05-03 21:32A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (pz_log2_bs) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.
{
"affected": [],
"aliases": [
"CVE-2026-4426"
],
"database_specific": {
"cwe_ids": [
"CWE-1335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-19T15:16:28Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.",
"id": "GHSA-r3fp-vrpw-pg77",
"modified": "2026-05-03T21:32:55Z",
"published": "2026-03-19T15:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4426"
},
{
"type": "WEB",
"url": "https://github.com/libarchive/libarchive/pull/2897"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8944"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-4426"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Implicitly or explicitly add checks and mitigation for negative or over-shift values.
No CAPEC attack patterns related to this CWE.