CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
640 vulnerabilities reference this CWE, most recent first.
GHSA-J8GQ-JMQ2-28CW
Vulnerability from github – Published: 2023-12-05 12:30 – Updated: 2023-12-05 12:30An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-43628"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-05T12:15:43Z",
"severity": "MODERATE"
},
"details": "An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.",
"id": "GHSA-j8gq-jmq2-28cw",
"modified": "2023-12-05T12:30:45Z",
"published": "2023-12-05T12:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43628"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1860"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFCR-39Q8-HMPX
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2019-9133"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-09T18:29:00Z",
"severity": "MODERATE"
},
"details": "When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn\u0027t check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.",
"id": "GHSA-jfcr-39q8-hmpx",
"modified": "2022-05-13T01:05:21Z",
"published": "2022-05-13T01:05:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9133"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7"
},
{
"type": "WEB",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JHF3-XXHW-2WPP
Vulnerability from github – Published: 2026-03-30 17:17 – Updated: 2026-03-31 18:50Impact
A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service (DoS) condition.
Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files.
Patches
Users should upgrade to v5.17.1, or the latest v6 pseudo-version, in order to mitigate this vulnerability.
Credit
The go-git maintainers thank @kq5y for finding and reporting this issue privately to the go-git project.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.17.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/go-git/go-git/v5"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.17.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34165"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-30T17:17:54Z",
"nvd_published_at": "2026-03-31T15:16:17Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA vulnerability has been identified in which a maliciously crafted `.idx` file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service (DoS) condition.\n\nExploitation requires write access to the local repository\u0027s `.git` directory, it order to create or alter existing `.idx` files. \n\n### Patches\n\nUsers should upgrade to `v5.17.1`, or the latest `v6` [pseudo-version](https://go.dev/ref/mod#pseudo-versions), in order to mitigate this vulnerability.\n\n### Credit\n\nThe go-git maintainers thank @kq5y for finding and reporting this issue privately to the `go-git` project.",
"id": "GHSA-jhf3-xxhw-2wpp",
"modified": "2026-03-31T18:50:40Z",
"published": "2026-03-30T17:17:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34165"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-git/go-git"
},
{
"type": "WEB",
"url": "https://github.com/go-git/go-git/releases/tag/v5.17.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "go-git: Maliciously crafted idx file can cause asymmetric memory consumption"
}
GHSA-JJ4Q-6C47-CGGX
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2025-10-22 00:32Windows NTFS Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-31956"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-08T23:15:00Z",
"severity": "HIGH"
},
"details": "Windows NTFS Elevation of Privilege Vulnerability",
"id": "GHSA-jj4q-6c47-cggx",
"modified": "2025-10-22T00:32:13Z",
"published": "2022-05-24T19:04:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31956"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31956"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JJQX-M459-2X33
Vulnerability from github – Published: 2026-06-09 15:32 – Updated: 2026-06-09 15:32A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.
{
"affected": [],
"aliases": [
"CVE-2026-11789"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T14:16:37Z",
"severity": "MODERATE"
},
"details": "A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.",
"id": "GHSA-jjqx-m459-2x33",
"modified": "2026-06-09T15:32:18Z",
"published": "2026-06-09T15:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11789"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-11789"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485422"
},
{
"type": "WEB",
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-7600"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JJVG-65V4-V3CQ
Vulnerability from github – Published: 2022-05-14 02:47 – Updated: 2024-10-21 18:30Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
{
"affected": [],
"aliases": [
"CVE-2015-8370"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-12-16T21:59:00Z",
"severity": "MODERATE"
},
"details": "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.",
"id": "GHSA-jjvg-65v4-v3cq",
"modified": "2024-10-21T18:30:44Z",
"published": "2022-05-14T02:47:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201512-03"
},
{
"type": "WEB",
"url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2015/Dec/69"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3421"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/79358"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034422"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2836-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JM36-7355-XC6R
Vulnerability from github – Published: 2025-10-23 12:31 – Updated: 2025-10-23 12:31In the Linux kernel, the following vulnerability has been resolved:
dmaengine: qcom: bam_dma: fix runtime PM underflow
Commit dbad41e7bb5f ("dmaengine: qcom: bam_dma: check if the runtime pm enabled") caused unbalanced pm_runtime_get/put() calls when the bam is controlled remotely. This commit reverts it and just enables pm_runtime in all cases, the clk_* functions already just nop when the clock is NULL.
Also clean up a bit by removing unnecessary bamclk null checks.
{
"affected": [],
"aliases": [
"CVE-2022-49650"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: bam_dma: fix runtime PM underflow\n\nCommit dbad41e7bb5f (\"dmaengine: qcom: bam_dma: check if the runtime pm enabled\")\ncaused unbalanced pm_runtime_get/put() calls when the bam is\ncontrolled remotely. This commit reverts it and just enables pm_runtime\nin all cases, the clk_* functions already just nop when the clock is NULL.\n\nAlso clean up a bit by removing unnecessary bamclk null checks.",
"id": "GHSA-jm36-7355-xc6r",
"modified": "2025-10-23T12:31:16Z",
"published": "2025-10-23T12:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49650"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ac9c3dd0d6fe293cd5044cfad10bec27d171e4e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f6ded79068cac8cff41d5d5632564165d98ee12"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b702a1077b51fcb39507cc3bd39206f539319a96"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JM5C-RV3W-W83M
Vulnerability from github – Published: 2021-06-29 21:13 – Updated: 2025-01-30 14:38Impact
Denial-of-service (crash) during block processing
Details
Affected versions suffer from a vulnerability which can be exploited through the MULMOD operation, by specifying a modulo of 0: mulmod(a,b,0), causing a panic in the underlying library.
The crash was in the uint256 library, where a buffer underflowed.
if `d == 0`, `dLen` remains `0`
and https://github.com/holiman/uint256/blob/4ce82e695c10ddad57215bdbeafb68b8c5df2c30/uint256.go#L451 will try to access index [-1].
The uint256 library was first merged in this commit, on 2020-06-08.
Exploiting this vulnerabilty would cause all vulnerable nodes to drop off the network.
The issue was brought to our attention through a bug report, showing a panic occurring on sync from genesis on the Ropsten network.
It was estimated that the least obvious way to fix this would be to merge the fix into uint256, make a new release of that library and then update the geth-dependency.
- https://github.com/holiman/uint256/releases/tag/v1.1.1 was made the same day,
- PR to address the issue: https://github.com/holiman/uint256/pull/80
- PR to update geth deps: https://github.com/ethereum/go-ethereum/pull/21368
Patches
Upgrade to v1.9.18 or higher
Workarounds
Not at this time
References
https://blog.ethereum.org/2020/11/12/geth_security_release/
For more information
If you have any questions or comments about this advisory: * Open an issue in go-ethereum * Email us at security@ethereum.org
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ethereum/go-ethereum"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.16"
},
{
"fixed": "1.9.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/holiman/uint256"
},
"ranges": [
{
"events": [
{
"introduced": "0.1.0"
},
{
"fixed": "1.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26242"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-191",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-21T21:50:44Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nDenial-of-service (crash) during block processing\n\n### Details\n\nAffected versions suffer from a vulnerability which can be exploited through the `MULMOD` operation, by specifying a modulo of `0`: `mulmod(a,b,0)`, causing a `panic` in the underlying library. \nThe crash was in the `uint256` library, where a buffer [underflowed](https://github.com/holiman/uint256/blob/4ce82e695c10ddad57215bdbeafb68b8c5df2c30/uint256.go#L442).\n\n\tif `d == 0`, `dLen` remains `0`\n\nand https://github.com/holiman/uint256/blob/4ce82e695c10ddad57215bdbeafb68b8c5df2c30/uint256.go#L451 will try to access index `[-1]`.\n\nThe `uint256` library was first merged in this [commit](https://github.com/ethereum/go-ethereum/commit/cf6674539c589f80031f3371a71c6a80addbe454), on 2020-06-08. \nExploiting this vulnerabilty would cause all vulnerable nodes to drop off the network. \n\nThe issue was brought to our attention through a [bug report](https://github.com/ethereum/go-ethereum/issues/21367), showing a `panic` occurring on sync from genesis on the Ropsten network.\n \nIt was estimated that the least obvious way to fix this would be to merge the fix into `uint256`, make a new release of that library and then update the geth-dependency.\n\n- https://github.com/holiman/uint256/releases/tag/v1.1.1 was made the same day, \n- PR to address the issue: https://github.com/holiman/uint256/pull/80 \n- PR to update geth deps: https://github.com/ethereum/go-ethereum/pull/21368 \n\n\n\n### Patches\n\nUpgrade to v1.9.18 or higher\n\n### Workarounds\n\nNot at this time\n\n### References\n\nhttps://blog.ethereum.org/2020/11/12/geth_security_release/\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [go-ethereum](https://github.com/ethereum/go-ethereum)\n* Email us at [security@ethereum.org](mailto:security@ethereum.org)\n",
"id": "GHSA-jm5c-rv3w-w83m",
"modified": "2025-01-30T14:38:53Z",
"published": "2021-06-29T21:13:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26242"
},
{
"type": "WEB",
"url": "https://github.com/holiman/uint256/pull/80"
},
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/commit/7163a6664ee664df81b9028ab3ba13b9d65a7196"
},
{
"type": "WEB",
"url": "https://github.com/holiman/uint256/commit/6785da6e3eea403260a5760029e722aa4ff1716d"
},
{
"type": "WEB",
"url": "https://blog.ethereum.org/2020/11/12/geth_security_release"
},
{
"type": "PACKAGE",
"url": "https://github.com/ethereum/go-ethereum"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0103"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of service in geth"
}
GHSA-JR2F-HW4R-48CJ
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-13 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/sun4i: dsi: Prevent underflow when computing packet sizes
Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could underflow and wrap around to near the maximal u16 value. Fix this by using signed subtraction. The call to max() will correctly handle any negative numbers that are produced.
Apply the same fix to the other timings, even though those subtractions are less likely to underflow.
{
"affected": [],
"aliases": [
"CVE-2022-50036"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sun4i: dsi: Prevent underflow when computing packet sizes\n\nCurrently, the packet overhead is subtracted using unsigned arithmetic.\nWith a short sync pulse, this could underflow and wrap around to near\nthe maximal u16 value. Fix this by using signed subtraction. The call to\nmax() will correctly handle any negative numbers that are produced.\n\nApply the same fix to the other timings, even though those subtractions\nare less likely to underflow.",
"id": "GHSA-jr2f-hw4r-48cj",
"modified": "2025-11-13T21:31:18Z",
"published": "2025-06-18T12:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50036"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/82a1356a933d8443139f8886f11b63c974a09a67"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98e28de472ef248352f04f87e29e634ebb0ec240"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1e7908f78f5a7f53f8cd83c7dcdfec974c95f26"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb837f5b83461624e525727a8f4add14b201147e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JVCR-J6X4-HH24
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-28933"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:54Z",
"severity": "HIGH"
},
"details": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"id": "GHSA-jvcr-j6x4-hh24",
"modified": "2024-04-09T18:30:27Z",
"published": "2024-04-09T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28933"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.