Common Weakness Enumeration

CWE-197

Allowed

Numeric Truncation Error

Abstraction: Base · Status: Incomplete

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

93 vulnerabilities reference this CWE, most recent first.

CVE-2022-34670 (GCVE-0-2022-34670)

Vulnerability from cvelistv5 – Published: 2022-12-30 00:00 – Updated: 2025-04-11 15:44
VLAI
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) Affected: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:15:15.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415"
          },
          {
            "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html"
          },
          {
            "name": "GLSA-202310-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-34670",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-11T15:44:20.810878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-11T15:44:29.877Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-197",
              "description": "CWE-197",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-03T14:06:40.427Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415"
        },
        {
          "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html"
        },
        {
          "name": "GLSA-202310-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202310-02"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2022-34670",
    "datePublished": "2022-12-30T00:00:00.000Z",
    "dateReserved": "2022-06-27T00:00:00.000Z",
    "dateUpdated": "2025-04-11T15:44:29.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15202 (GCVE-0-2020-15202)

Vulnerability from cvelistv5 – Published: 2020-09-25 18:46 – Updated: 2024-08-04 13:08
VLAI
Title
Integer truncation in Shard API usage
Summary
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CWE
  • CWE-197 - {"CWE-197":"Numeric Truncation Error"}
  • CWE-754 - {"CWE-754":"Improper Check for Unusual or Exceptional Conditions"}
Assigner
Impacted products
Vendor Product Version
tensorflow tensorflow Affected: < 1.15.4
Affected: >= 2.0.0, < 2.0.3
Affected: >= 2.1.0, < 2.1.2
Affected: >= 2.2.0, < 2.2.1
Affected: >= 2.3.0, < 2.3.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/27b417360cbd671ef55915e4bb6bb06af8b8a832"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"
          },
          {
            "name": "openSUSE-SU-2020:1766",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.15.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.1.0, \u003c 2.1.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-197",
              "description": "{\"CWE-197\":\"Numeric Truncation Error\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "{\"CWE-754\":\"Improper Check for Unusual or Exceptional Conditions\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-29T15:06:21.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/27b417360cbd671ef55915e4bb6bb06af8b8a832"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"
        },
        {
          "name": "openSUSE-SU-2020:1766",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
        }
      ],
      "source": {
        "advisory": "GHSA-h6fg-mjxg-hqq4",
        "discovery": "UNKNOWN"
      },
      "title": "Integer truncation in Shard API usage",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15202",
          "STATE": "PUBLIC",
          "TITLE": "Integer truncation in Shard API usage"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.15.4"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.0.3"
                          },
                          {
                            "version_value": "\u003e= 2.1.0, \u003c 2.1.2"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.1"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-197\":\"Numeric Truncation Error\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-754\":\"Improper Check for Unusual or Exceptional Conditions\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/27b417360cbd671ef55915e4bb6bb06af8b8a832",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/27b417360cbd671ef55915e4bb6bb06af8b8a832"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"
            },
            {
              "name": "openSUSE-SU-2020:1766",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-h6fg-mjxg-hqq4",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15202",
    "datePublished": "2020-09-25T18:46:15.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2F2H-73PP-4P79

Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30
VLAI
Details

Windows Kerberos Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-197"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T18:15:33Z",
    "severity": "CRITICAL"
  },
  "details": "Windows Kerberos Remote Code Execution Vulnerability",
  "id": "GHSA-2f2h-73pp-4p79",
  "modified": "2024-11-12T18:30:59Z",
  "published": "2024-11-12T18:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43639"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2M69-GCR7-JV3Q

Vulnerability from github – Published: 2025-07-15 15:31 – Updated: 2026-06-18 13:01
VLAI
Summary
SQLitePCLRaw.lib.e_sqlite3 has a vulnerable dependency on SQLite
Details

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "SQLitePCLRaw.lib.e_sqlite3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "SQLitePCLRaw.lib.e_sqlite3.android"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "SQLitePCLRaw.lib.e_sqlite3.ios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-6965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-197"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T13:01:42Z",
    "nvd_published_at": "2025-07-15T14:15:31Z",
    "severity": "HIGH"
  },
  "details": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.",
  "id": "GHSA-2m69-gcr7-jv3q",
  "modified": "2026-06-18T13:01:42Z",
  "published": "2025-07-15T15:31:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/google/security-research/security/advisories/GHSA-qj7j-3jp8-8ccv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
    },
    {
      "type": "WEB",
      "url": "https://github.com/github/advisory-database/pull/7675"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-225816.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ericsink/SQLitePCL.raw"
    },
    {
      "type": "WEB",
      "url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/56"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/57"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/58"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/09/06/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SQLitePCLRaw.lib.e_sqlite3 has a vulnerable dependency on SQLite"
}

GHSA-32FW-GQ77-F2F2

Vulnerability from github – Published: 2025-12-02 09:30 – Updated: 2025-12-17 00:43
VLAI
Summary
Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes
Details

In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT topic may leak into the message body in a PUBLISH packet).

The issue arises because the length of the data passed in was converted from an int64/int32 (depending upon CPU) to an int16 without checks for overflows. The int16 length was then written, followed by the data (e.g. topic). This meant that when the data (e.g. topic) was over 65535 bytes then the amount of data written exceeds what the length field indicates. This could lead to a corrupt packet, or mean that the excess data leaks into another field (e.g. topic leaks into message body).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/eclipse/paho.mqtt.golang"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-10543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-197"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-02T17:34:33Z",
    "nvd_published_at": "2025-12-02T09:15:46Z",
    "severity": "MODERATE"
  },
  "details": "In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions \u003c=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT topic may leak into the message body in a PUBLISH packet).\n\nThe issue arises because the length of the data passed in was converted from an int64/int32 (depending upon CPU) to an int16 without checks for overflows. The int16 length was then written, followed by the data (e.g. topic). This meant that when the data (e.g. topic) was over 65535 bytes then the amount of data written exceeds what the length field indicates. This could lead to a corrupt packet, or mean that the excess data leaks into another field (e.g. topic leaks into message body).",
  "id": "GHSA-32fw-gq77-f2f2",
  "modified": "2025-12-17T00:43:02Z",
  "published": "2025-12-02T09:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10543"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse-paho/paho.mqtt.golang/issues/730"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse-paho/paho.mqtt.golang/pull/714"
    },
    {
      "type": "WEB",
      "url": "https://github.com/alpinelinux/build-server-status/commit/e3487897db32c8c3d0287643f8384a6669e93731"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-32fw-gq77-f2f2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eclipse-paho/paho.mqtt.golang"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes"
}

GHSA-3F6W-RMCX-PGMH

Vulnerability from github – Published: 2026-04-27 09:34 – Updated: 2026-04-27 15:30
VLAI
Details

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-197"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-27T07:16:04Z",
    "severity": "MODERATE"
  },
  "details": "uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.",
  "id": "GHSA-3f6w-rmcx-pgmh",
  "modified": "2026-04-27T15:30:51Z",
  "published": "2026-04-27T09:34:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42371"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uriparser/uriparser/pull/298"
    },
    {
      "type": "WEB",
      "url": "https://uriparser.github.io"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/27/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4MJW-2G27-Q8WR

Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30
VLAI
Details

Azure Kinect SDK Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38086"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-197"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T17:15:44Z",
    "severity": "MODERATE"
  },
  "details": "Azure Kinect SDK Remote Code Execution Vulnerability",
  "id": "GHSA-4mjw-2g27-q8wr",
  "modified": "2024-07-09T18:30:52Z",
  "published": "2024-07-09T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38086"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38086"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54CF-PRCC-99VC

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-49792"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-197"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T17:16:54Z",
    "severity": "HIGH"
  },
  "details": "Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.",
  "id": "GHSA-54cf-prcc-99vc",
  "modified": "2026-07-14T18:32:02Z",
  "published": "2026-07-14T18:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49792"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49792"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5JVM-83Q6-H5JJ

Vulnerability from github – Published: 2026-06-15 18:31 – Updated: 2026-06-15 18:31
VLAI
Details

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-197"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T18:16:36Z",
    "severity": "MODERATE"
  },
  "details": "LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected.",
  "id": "GHSA-5jvm-83q6-h5jj",
  "modified": "2026-06-15T18:31:19Z",
  "published": "2026-06-15T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6039"
    },
    {
      "type": "WEB",
      "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2026-6039"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6796-H2XC-M87C

Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI
Details

Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49679"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-197"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T17:15:52Z",
    "severity": "HIGH"
  },
  "details": "Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-6796-h2xc-m87c",
  "modified": "2025-07-08T18:31:47Z",
  "published": "2025-07-08T18:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49679"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49679"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Ensure that no casts, implicit or explicit, take place that move from a larger size primitive or a smaller size primitive.

No CAPEC attack patterns related to this CWE.