CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
642 vulnerabilities reference this CWE, most recent first.
GHSA-FPRF-5VP8-756M
Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application.
{
"affected": [],
"aliases": [
"CVE-2021-44509"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-15T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application.",
"id": "GHSA-fprf-5vp8-756m",
"modified": "2022-04-23T00:03:12Z",
"published": "2022-04-16T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44509"
},
{
"type": "WEB",
"url": "https://gitlab.com/YottaDB/DB/YDB/-/issues/828"
},
{
"type": "WEB",
"url": "https://sourceforge.net/projects/fis-gtm/files"
},
{
"type": "WEB",
"url": "http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQMC-VQRG-5V32
Vulnerability from github – Published: 2022-06-09 00:00 – Updated: 2022-06-16 00:00ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.
{
"affected": [],
"aliases": [
"CVE-2021-40589"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-08T18:15:00Z",
"severity": "CRITICAL"
},
"details": "ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.",
"id": "GHSA-fqmc-vqrg-5v32",
"modified": "2022-06-16T00:00:27Z",
"published": "2022-06-09T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40589"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/zangband/bugs/671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FR53-MV37-MRPX
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150
{
"affected": [],
"aliases": [
"CVE-2019-2297"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-21T15:15:00Z",
"severity": "MODERATE"
},
"details": "Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150",
"id": "GHSA-fr53-mv37-mrpx",
"modified": "2022-05-24T17:01:45Z",
"published": "2022-05-24T17:01:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2297"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FRR2-5QJR-H4HW
Vulnerability from github – Published: 2026-03-23 21:30 – Updated: 2026-05-04 21:30strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.
{
"affected": [],
"aliases": [
"CVE-2026-25075"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-23T19:16:39Z",
"severity": "HIGH"
},
"details": "strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.",
"id": "GHSA-frr2-5qjr-h4hw",
"modified": "2026-05-04T21:30:23Z",
"published": "2026-03-23T21:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25075"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00016.html"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2026/03/23/strongswan-6.0.5-released.html"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/strongswan-eap-ttls-avp-parsing-integer-underflow"
},
{
"type": "WEB",
"url": "https://y637f9qq2x.com/posts/cve-2026-25075"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FRXW-5MMH-WH9R
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30Windows Workstation Service Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38050"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:33Z",
"severity": "HIGH"
},
"details": "Windows Workstation Service Elevation of Privilege Vulnerability",
"id": "GHSA-frxw-5mmh-wh9r",
"modified": "2024-07-09T18:30:51Z",
"published": "2024-07-09T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38050"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38050"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G36G-XCJC-MWVJ
Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2025-04-03 04:02Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet.
{
"affected": [],
"aliases": [
"CVE-2004-0816"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-12-23T05:00:00Z",
"severity": "MODERATE"
},
"details": "Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet.",
"id": "GHSA-g36g-xcjc-mwvj",
"modified": "2025-04-03T04:02:41Z",
"published": "2022-04-29T02:58:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0816"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17800"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/11202"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2004_37_kernel.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/11488"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G454-M7R7-F68Q
Vulnerability from github – Published: 2024-01-08 15:30 – Updated: 2024-04-09 21:31Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation.
{
"affected": [],
"aliases": [
"CVE-2023-39413"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-08T15:15:24Z",
"severity": "HIGH"
},
"details": "Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation.",
"id": "GHSA-g454-m7r7-f68q",
"modified": "2024-04-09T21:31:55Z",
"published": "2024-01-08T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39413"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1824"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1824"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G49M-VV72-HPJC
Vulnerability from github – Published: 2026-02-13 06:30 – Updated: 2026-03-02 18:31A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
{
"affected": [],
"aliases": [
"CVE-2025-48021"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-13T06:16:11Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier",
"id": "GHSA-g49m-vv72-hpjc",
"modified": "2026-03-02T18:31:38Z",
"published": "2026-02-13T06:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48021"
},
{
"type": "WEB",
"url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G4XF-VJ7C-7443
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-30 15:30In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Ensure array index tg_inst won't be -1
[WHY & HOW] tg_inst will be a negative if timing_generator_count equals 0, which should be checked before used.
This fixes 2 OVERRUN issues reported by Coverity.
{
"affected": [],
"aliases": [
"CVE-2024-46730"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T07:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won\u0027t be -1\n\n[WHY \u0026 HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.",
"id": "GHSA-g4xf-vj7c-7443",
"modified": "2024-09-30T15:30:44Z",
"published": "2024-09-18T09:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46730"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G562-3MH5-27V6
Vulnerability from github – Published: 2026-04-23 18:33 – Updated: 2026-06-30 03:36A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
{
"affected": [],
"aliases": [
"CVE-2026-33999"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-23T16:16:24Z",
"severity": "HIGH"
},
"details": "A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.",
"id": "GHSA-g562-3mh5-27v6",
"modified": "2026-06-30T03:36:22Z",
"published": "2026-04-23T18:33:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33999"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10739"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20576"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20590"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21699"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21712"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21715"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21716"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21718"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21741"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21742"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22424"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23254"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23255"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23496"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24341"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-33999"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451106"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33999.json"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11352"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11369"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11388"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11656"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11692"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13414"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19125"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19342"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19343"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19344"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20547"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20555"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20557"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20558"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20560"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20561"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20563"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20575"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.