Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

640 vulnerabilities reference this CWE, most recent first.

GHSA-Q4R3-MQQ6-78X5

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2022-05-24 16:50
VLAI
Details

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
  "id": "GHSA-q4r3-mqq6-78x5",
  "modified": "2022-05-24T16:50:13Z",
  "published": "2022-05-24T16:50:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13602"
    },
    {
      "type": "WEB",
      "url": "https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
    },
    {
      "type": "WEB",
      "url": "https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Aug/36"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201909-02"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4074-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4504"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q94H-VC2H-J68G

Vulnerability from github – Published: 2022-05-01 01:47 – Updated: 2024-02-08 18:30
VLAI
Details

Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-0199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-05-02T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.",
  "id": "GHSA-q94h-vc2h-j68g",
  "modified": "2024-02-08T18:30:37Z",
  "published": "2022-05-01T01:47:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0199"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19143"
    },
    {
      "type": "WEB",
      "url": "http://arthur.ath.cx/pipermail/ngircd-ml/2005-January/000228.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=79705"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/14056"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/14059"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1013047"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-40.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/12397"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QC3G-XJ9R-Q7VM

Vulnerability from github – Published: 2022-05-14 02:00 – Updated: 2022-05-14 02:00
VLAI
Details

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-18T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.",
  "id": "GHSA-qc3g-xj9r-q7vm",
  "modified": "2022-05-14T02:00:29Z",
  "published": "2022-05-14T02:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11301"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
    },
    {
      "type": "WEB",
      "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=31ad3a5a7458e60f5e0ba4f492cebe1f1bda0964"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFGJ-VXWQ-R49V

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25
VLAI
Details

Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-1770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-24T20:55:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.",
  "id": "GHSA-qfgj-vxwq-r49v",
  "modified": "2022-05-13T01:25:05Z",
  "published": "2022-05-13T01:25:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1770"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:0836"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2011:1253"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2011-1770"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703011"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061366.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=linux-kernel\u0026m=130468845209036\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=linux-kernel\u0026m=130469305815140\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44932"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8286"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/ChangeLog-2.6.33.14"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47769"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025592"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM7W-RP99-M478

Vulnerability from github – Published: 2025-01-14 21:31 – Updated: 2025-01-14 21:31
VLAI
Details

Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T20:15:30Z",
    "severity": "HIGH"
  },
  "details": "Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-qm7w-rp99-m478",
  "modified": "2025-01-14T21:31:48Z",
  "published": "2025-01-14T21:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21135"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/animate/apsb25-05.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQR8-VWW9-H837

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09
VLAI
Details

An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-25T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.",
  "id": "GHSA-qqr8-vww9-h837",
  "modified": "2022-05-24T17:09:37Z",
  "published": "2022-05-24T17:09:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5148"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0938"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QW9P-XH57-VVWJ

Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30
VLAI
Details

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T17:15:58Z",
    "severity": "MODERATE"
  },
  "details": "Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.",
  "id": "GHSA-qw9p-xh57-vvwj",
  "modified": "2025-05-13T18:30:55Z",
  "published": "2025-05-13T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29974"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29974"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QWPM-85R5-4M77

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-10T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An integer underflow has been found in the latest version of ZCFees. The variables \u0027currPeriodIdx\u0027 and \u0027lastPeriodExecIdx\u0027 are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function.",
  "id": "GHSA-qwpm-85r5-4m77",
  "modified": "2022-05-24T17:41:41Z",
  "published": "2022-05-24T17:41:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24837"
    },
    {
      "type": "WEB",
      "url": "https://etherscan.io/address/0x9d79c6e2a0222b9ac7bfabc447209c58fe9e0dcc#code"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QX9J-Q623-P5FH

Vulnerability from github – Published: 2022-05-14 01:49 – Updated: 2025-10-22 03:30
VLAI
Details

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-0497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-02-05T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.",
  "id": "GHSA-qx9j-q623-p5fh",
  "modified": "2025-10-22T03:30:35Z",
  "published": "2022-05-14T01:49:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0497"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90884"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0497"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html"
    },
    {
      "type": "WEB",
      "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-04.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0137.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56437"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56737"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56780"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56799"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56839"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/33212"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/102849"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/65327"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1029715"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R4RC-XGV6-JV68

Vulnerability from github – Published: 2022-05-14 03:26 – Updated: 2022-05-14 03:26
VLAI
Details

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, integer underflow vulnerability in function qsee_register_log_buff may lead to arbitrary writing of secure memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9198"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-18T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, integer underflow vulnerability in function qsee_register_log_buff may lead to arbitrary writing of secure memory.",
  "id": "GHSA-r4rc-xgv6-jv68",
  "modified": "2022-05-14T03:26:16Z",
  "published": "2022-05-14T03:26:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9198"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-04-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.