Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

642 vulnerabilities reference this CWE, most recent first.

GHSA-G5RF-95RX-Q3M2

Vulnerability from github – Published: 2022-05-17 03:45 – Updated: 2022-05-17 03:45
VLAI
Details

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-9883"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-08-06T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.",
  "id": "GHSA-g5rf-95rx-q3m2",
  "modified": "2022-05-17T03:45:21Z",
  "published": "2022-05-17T03:45:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9883"
    },
    {
      "type": "WEB",
      "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46"
    },
    {
      "type": "WEB",
      "url": "http://source.android.com/security/bulletin/2016-08-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92219"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G6HR-H94M-W92X

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-17T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.",
  "id": "GHSA-g6hr-h94m-w92x",
  "modified": "2022-05-13T01:26:29Z",
  "published": "2022-05-13T01:26:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14353"
    },
    {
      "type": "WEB",
      "url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://neomutt.org/2018/07/16/release"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-07"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3719-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3719-3"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4277"
    },
    {
      "type": "WEB",
      "url": "http://www.mutt.org/news.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G77G-V33M-X9RH

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix PM runtime usage count underflow

Replace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in the remove path to properly pair with pm_runtime_use_autosuspend() from probe. This allows pm_runtime_disable() to handle reference count cleanup correctly regardless of current suspend state.

The driver calls pm_runtime_put_sync() unconditionally in remove, but the device may already be suspended due to autosuspend configured in probe. When autosuspend has already suspended the device, the usage count is 0, and pm_runtime_put_sync() decrements it to -1.

This causes the following warning on module unload:

------------[ cut here ]------------ WARNING: CPU: 1 PID: 963 at kernel/kthread.c:1430 kthread_destroy_worker+0x84/0x98 ... vdec 30210000.video-codec: Runtime PM usage count underflow!

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T14:16:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: chips-media: wave5: Fix PM runtime usage count underflow\n\nReplace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in\nthe remove path to properly pair with pm_runtime_use_autosuspend() from\nprobe. This allows pm_runtime_disable() to handle reference count cleanup\ncorrectly regardless of current suspend state.\n\nThe driver calls pm_runtime_put_sync() unconditionally in remove, but the\ndevice may already be suspended due to autosuspend configured in probe.\nWhen autosuspend has already suspended the device, the usage count is 0,\nand pm_runtime_put_sync() decrements it to -1.\n\nThis causes the following warning on module unload:\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 1 PID: 963 at kernel/kthread.c:1430\n    kthread_destroy_worker+0x84/0x98\n  ...\n  vdec 30210000.video-codec: Runtime PM usage count underflow!",
  "id": "GHSA-g77g-v33m-x9rh",
  "modified": "2026-05-15T15:30:33Z",
  "published": "2026-05-08T15:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43301"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0bffda02317989f8d5cdc2d4462a4110b1290cf0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a278a55ead50db2444c8f01410c7f5a68723990"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9cf4452e824c1e2d41c9c0b13cc8a32a0a7dec38"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8CQ-PWCV-27G6

Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30
VLAI
Details

Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T18:15:38Z",
    "severity": "HIGH"
  },
  "details": "Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-g8cq-pwcv-27g6",
  "modified": "2025-05-13T18:30:58Z",
  "published": "2025-05-13T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30324"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/photoshop/apsb25-40.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8JP-JV8P-3QR4

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2023-03-03 18:30
VLAI
Details

An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-02T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.",
  "id": "GHSA-g8jp-jv8p-3qr4",
  "modified": "2023-03-03T18:30:25Z",
  "published": "2022-05-24T16:52:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14523"
    },
    {
      "type": "WEB",
      "url": "https://github.com/schismtracker/schismtracker/issues/202"
    },
    {
      "type": "WEB",
      "url": "https://github.com/schismtracker/schismtracker/releases/tag/20190805"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-12"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00072.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00083.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8PH-56PG-H88P

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-10T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.",
  "id": "GHSA-g8ph-56pg-h88p",
  "modified": "2022-05-24T19:01:56Z",
  "published": "2022-05-24T19:01:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25846"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G8RQ-RJVV-4HCC

Vulnerability from github – Published: 2025-10-16 18:30 – Updated: 2025-10-29 21:30
VLAI
Details

An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size.

  • The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\text{size}_\text{t}$ (an unsigned type, typically 64-bit) for its size member.

  • However, several functions, such as re_emit_op_u32 and other internal parsing routines, incorrectly cast or store this DynBuf $\text{size}_\text{t}$ value into a signed int (typically 32-bit).

  • When a large or complex regular expression (such as those generated by a recursive pattern in a Proof-of-Concept) causes the bytecode size to exceed $2^{31}$ bytes (the maximum positive value for a signed 32-bit integer), the size value wraps around, resulting in a negative integer when stored in the int variable (Integer Overflow).

  • This negative value is subsequently used in offset calculations. For example, within functions like re_parse_disjunction, the negative size is used to compute an offset (pos) for patching a jump instruction.

  • This negative offset is then incorrectly added to the buffer pointer (s->byte_code.buf + pos), leading to an out-of-bounds write on the first line of the snippet below:

put_u32(s->byte_code.buf + pos, len);

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-16T16:15:40Z",
    "severity": "HIGH"
  },
  "details": "An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size.\n\n  *  The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\\text{size}\\_\\text{t}$ (an unsigned type, typically 64-bit) for its size member.\n\n\n  *  However, several functions, such as re_emit_op_u32 and other internal parsing routines, incorrectly cast or store this DynBuf $\\text{size}\\_\\text{t}$ value into a signed int (typically 32-bit).\n\n\n  *  When a large or complex regular expression (such as those generated by a recursive pattern in a Proof-of-Concept) causes the bytecode size to exceed $2^{31}$ bytes (the maximum positive value for a signed 32-bit integer), the size value wraps around, resulting in a negative integer when stored in the int variable (Integer Overflow).\n\n\n  *  This negative value is subsequently used in offset calculations. For example, within functions like re_parse_disjunction, the negative size is used to compute an offset (pos) for patching a jump instruction.\n\n\n  *  This negative offset is then incorrectly added to the buffer pointer (s-\u003ebyte\\_code.buf + pos), leading to an out-of-bounds write on the first line of the snippet below:\n\nput_u32(s-\u003ebyte_code.buf + pos, len);",
  "id": "GHSA-g8rq-rjvv-4hcc",
  "modified": "2025-10-29T21:30:32Z",
  "published": "2025-10-16T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62495"
    },
    {
      "type": "WEB",
      "url": "https://bellard.org/quickjs/Changelog"
    },
    {
      "type": "WEB",
      "url": "https://issuetracker.google.com/434196926"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GCVV-7WHM-PV7C

Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2024-04-04 02:55
VLAI
Details

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-8174"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-24T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "napi_get_value_string_*() allows various kinds of memory corruption in node \u003c 10.21.0, 12.18.0, and \u003c 14.4.0.",
  "id": "GHSA-gcvv-7whm-pv7c",
  "modified": "2024-04-04T02:55:10Z",
  "published": "2022-05-24T17:24:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/784186"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-07"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20201023-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GFR4-C37G-MM3V

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2024-09-09 15:30
VLAI
Details

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-17T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).",
  "id": "GHSA-gfr4-c37g-mm3v",
  "modified": "2024-09-09T15:30:37Z",
  "published": "2022-05-24T17:26:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24370"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ"
    },
    {
      "type": "WEB",
      "url": "http://lua-users.org/lists/lua-l/2020-07/msg00324.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GHGG-V38H-7V7M

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13
VLAI
Details

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21897"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-ghgg-v38h-7v7m",
  "modified": "2022-05-24T19:13:21Z",
  "published": "2022-05-24T19:13:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21897"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BUOTYU3KKIYE4BEBUFA4MRS462P3OWM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DA4C4X5GMM65VYLUW7Q7YL6P5NDB633A"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IMGMEPTYL7WTQ333J6SMC6MUHDMMWT3O"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2H36XRMAPQBIOVIIFX6KUT5YOG2ETM6"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.