Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

642 vulnerabilities reference this CWE, most recent first.

GHSA-3QRR-XCC2-M7CG

Vulnerability from github – Published: 2025-04-14 21:32 – Updated: 2025-04-14 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

NFSD: prevent underflow in nfssvc_decode_writeargs()

Smatch complains:

fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs()
warn: no lower bound on 'args->len'

Change the type to unsigned to prevent this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: prevent underflow in nfssvc_decode_writeargs()\n\nSmatch complains:\n\n\tfs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs()\n\twarn: no lower bound on \u0027args-\u003elen\u0027\n\nChange the type to unsigned to prevent this issue.",
  "id": "GHSA-3qrr-xcc2-m7cg",
  "modified": "2025-04-14T21:32:20Z",
  "published": "2025-04-14T21:32:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49280"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/184416d4b98509fb4c3d8fc3d6dc1437896cc159"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a33e0de60feda402d05ac8a6cf409c19ea3e0b3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2764af8ce0bf03cc43ee4a11897cab96bde6caae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/413d8fefafe531a9442bb623e3fe292a38f88d65"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/438068f4912183a59fcb6b7496a06437f7fd4e2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/614a61e1592051cc42d3c38f899c9f7bdaad8a1d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65e21cc042f4c1518c8c55283f53bc725b78419d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85259340fc9bd54e3d567b41b881ecb4d0055da1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f0f048c1bfa7867d565a95fd8c28f4484ba1043"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3QWJ-Q697-4PPR

Vulnerability from github – Published: 2026-07-08 18:31 – Updated: 2026-07-13 21:31
VLAI
Details

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payload_len to become negative. When the TCP_SYN_SENT handler calls tcp_rx_user_data() without invoking tcp_seg_in_wnd() validation, the negative payload_len is implicitly converted to a large unsigned integer (e.g., 0xFFFFFFD8) and passed to memcpy() in store_block(), causing an immediate crash that prevents device boot and may enable memory corruption when CONFIG_LMB is disabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-29008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-08T17:17:21Z",
    "severity": "HIGH"
  },
  "details": "U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payload_len to become negative. When the TCP_SYN_SENT handler calls tcp_rx_user_data() without invoking tcp_seg_in_wnd() validation, the negative payload_len is implicitly converted to a large unsigned integer (e.g., 0xFFFFFFD8) and passed to memcpy() in store_block(), causing an immediate crash that prevents device boot and may enable memory corruption when CONFIG_LMB is disabled.",
  "id": "GHSA-3qwj-q697-4ppr",
  "modified": "2026-07-13T21:31:14Z",
  "published": "2026-07-08T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29008"
    },
    {
      "type": "WEB",
      "url": "https://lists.denx.de/pipermail/u-boot/2026-May/617853.html"
    },
    {
      "type": "WEB",
      "url": "https://u-boot.org"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/u-boot-rc3-integer-underflow-dos-via-tcp-rx-state-machine"
    },
    {
      "type": "WEB",
      "url": "https://y637f9qq2x.com/posts/u-boot-tcp-nfs-vulns"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3WPH-8799-87R7

Vulnerability from github – Published: 2022-10-17 19:00 – Updated: 2025-05-14 21:31
VLAI
Details

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-17T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.",
  "id": "GHSA-3wph-8799-87r7",
  "modified": "2025-05-14T21:31:10Z",
  "published": "2022-10-17T19:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3165"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221223-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-428C-JVG5-R285

Vulnerability from github – Published: 2026-06-24 09:30 – Updated: 2026-06-28 09:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: fix tp_meter counter underflow during shutdown

batadv_tp_sender_shutdown() unconditionally decrements the "sending" atomic counter. If multiple paths (e.g. timeout, user cancel, and normal finish) call this function, the counter can underflow to -1.

Since the sender logic treats any non-zero value as "still sending", a negative value causes the sender kthread to loop indefinitely. This leads to a use-after-free when the interface is removed while the zombie thread is still active.

Fix this by using atomic_xchg() to ensure the counter only transitions from 1 to 0 once.

[sven: added missing change in batadv_tp_send]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-52919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T08:16:21Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix tp_meter counter underflow during shutdown\n\nbatadv_tp_sender_shutdown() unconditionally decrements the \"sending\"\natomic counter. If multiple paths (e.g. timeout, user cancel, and\nnormal finish) call this function, the counter can underflow to -1.\n\nSince the sender logic treats any non-zero value as \"still sending\",\na negative value causes the sender kthread to loop indefinitely.\nThis leads to a use-after-free when the interface is removed while\nthe zombie thread is still active.\n\nFix this by using atomic_xchg() to ensure the counter only transitions\nfrom 1 to 0 once.\n\n[sven: added missing change in batadv_tp_send]",
  "id": "GHSA-428c-jvg5-r285",
  "modified": "2026-06-28T09:31:36Z",
  "published": "2026-06-24T09:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52919"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01cefc5923889e29dbb5f281c3d457714ceb9c00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90ae3eae06b7b8ab9f6250b9497c860915b4c17b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/94f3b133168d1c49895e7cc6afbcf1cc0b354602"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/abae88fa254f2981d39ac003a7b302528a22af64"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aeae11c5dad9cd0d50723890bdd866f8e6db2e7d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1bac194733aabd731aafa6a01350c229e187dba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c66d20a3ff095e3f000551d208ec2606616db15c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e75e2ab463b5b34df6b98f94d740aff327ce9f6b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-454G-4QQQ-2J4G

Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30
VLAI
Details

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T17:15:53Z",
    "severity": "HIGH"
  },
  "details": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
  "id": "GHSA-454g-4qqq-2j4g",
  "modified": "2024-04-09T18:30:27Z",
  "published": "2024-04-09T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28930"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45CF-Q4MP-FGVX

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01
VLAI
Details

There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40054"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:43:00Z",
    "severity": "HIGH"
  },
  "details": "There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.",
  "id": "GHSA-45cf-q4mp-fgvx",
  "modified": "2022-03-17T00:01:53Z",
  "published": "2022-03-11T00:02:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40054"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45W8-HP4W-6FR6

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04
VLAI
Details

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-0537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-08-20T10:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292.",
  "id": "GHSA-45w8-hp4w-6fr6",
  "modified": "2022-05-13T01:04:38Z",
  "published": "2022-05-13T01:04:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0537"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2015/Aug/84"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76377"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033299"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-46GP-CXCX-7C88

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36228"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.",
  "id": "GHSA-46gp-cxcx-7c88",
  "modified": "2022-05-24T17:40:18Z",
  "published": "2022-05-24T17:40:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36228"
    },
    {
      "type": "WEB",
      "url": "https://bugs.openldap.org/show_bug.cgi?id=9427"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210226-0002"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212530"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212531"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4845"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/64"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/65"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-483F-26R4-2FVR

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2025-08-29 15:30
VLAI
Details

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14346"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-15T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
  "id": "GHSA-483f-26r4-2fvr",
  "modified": "2025-08-29T15:30:36Z",
  "published": "2022-05-24T17:28:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14346"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1862246"
    },
    {
      "type": "WEB",
      "url": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202012-01"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4488-2"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1417"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-48V9-672P-CVJR

Vulnerability from github – Published: 2022-05-17 02:34 – Updated: 2022-05-17 02:34
VLAI
Details

In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-13T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.",
  "id": "GHSA-48v9-672p-cvjr",
  "modified": "2022-05-17T02:34:17Z",
  "published": "2022-05-17T02:34:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7367"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-06-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038623"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.