CWE-681
AllowedIncorrect Conversion between Numeric Types
Abstraction: Base · Status: Draft
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
126 vulnerabilities reference this CWE, most recent first.
GHSA-RG5M-35J5-V893
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.
{
"affected": [],
"aliases": [
"CVE-2018-5251"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-05T20:29:00Z",
"severity": "MODERATE"
},
"details": "In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.",
"id": "GHSA-rg5m-35j5-v893",
"modified": "2022-05-13T01:52:44Z",
"published": "2022-05-13T01:52:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5251"
},
{
"type": "WEB",
"url": "https://github.com/libming/libming/issues/97"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00008.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201904-24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RJXX-GV4F-WJ57
Vulnerability from github – Published: 2026-05-26 18:31 – Updated: 2026-05-26 18:31NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
{
"affected": [],
"aliases": [
"CVE-2026-24192"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T18:16:38Z",
"severity": "HIGH"
},
"details": "NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.",
"id": "GHSA-rjxx-gv4f-wj57",
"modified": "2026-05-26T18:31:48Z",
"published": "2026-05-26T18:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24192"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RMXG-RXM9-F8VX
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-32461"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-08T11:15:00Z",
"severity": "HIGH"
},
"details": "Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-rmxg-rxm9-f8vx",
"modified": "2022-05-24T19:07:18Z",
"published": "2022-05-24T19:07:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32461"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-773"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V254-2GQM-J372
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.
{
"affected": [],
"aliases": [
"CVE-2021-23997"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-24T14:15:00Z",
"severity": "HIGH"
},
"details": "Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 88.",
"id": "GHSA-v254-2gqm-j372",
"modified": "2022-05-24T19:06:11Z",
"published": "2022-05-24T19:06:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23997"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1701942"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-16"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V3VX-GXFC-R83R
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30DHCP Server Service Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38044"
],
"database_specific": {
"cwe_ids": [
"CWE-197",
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:32Z",
"severity": "HIGH"
},
"details": "DHCP Server Service Remote Code Execution Vulnerability",
"id": "GHSA-v3vx-gxfc-r83r",
"modified": "2024-07-09T18:30:51Z",
"published": "2024-07-09T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38044"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38044"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VMJW-C2VP-P33C
Vulnerability from github – Published: 2021-08-25 14:42 – Updated: 2024-11-13 21:00Impact
An attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5 by triggering a division by 0:
import tensorflow as tf
tf.raw_ops.NonMaxSuppressionV5(
boxes=[[0.1,0.1,0.1,0.1],[0.2,0.2,0.2,0.2],[0.3,0.3,0.3,0.3]],
scores=[1.0,2.0,3.0],
max_output_size=-1,
iou_threshold=0.5,
score_threshold=0.5,
soft_nms_sigma=1.0,
pad_to_max_output_size=True)
The implementation uses a user controlled argument to resize a std::vector:
const int output_size = max_output_size.scalar<int>()();
// ...
std::vector<int> selected;
// ...
if (pad_to_max_output_size) {
selected.resize(output_size, 0);
// ...
}
However, as std::vector::resize takes the size argument as a size_t and output_size is an int, there is an implicit conversion to usigned. If the attacker supplies a negative value, this conversion results in a crash.
A similar issue occurs in CombinedNonMaxSuppression:
import tensorflow as tf
tf.raw_ops.NonMaxSuppressionV5(
boxes=[[[[0.1,0.1,0.1,0.1],[0.2,0.2,0.2,0.2],[0.3,0.3,0.3,0.3]],[[0.1,0.1,0.1,0.1],[0.2,0.2,0.2,0.2],[0.3,0.3,0.3,0.3]],[[0.1,0.1,0.1,0.1],[0.2,0.2,0.2,0.2],[0.3,0.3,0.3,0.3]]]],
scores=[[[1.0,2.0,3.0],[1.0,2.0,3.0],[1.0,2.0,3.0]]],
max_output_size_per_class=-1,
max_total_size=10,
iou_threshold=score_threshold=0.5,
pad_per_class=True,
clip_boxes=True)
Patches
We have patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37669"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-24T14:21:16Z",
"nvd_published_at": "2021-08-12T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAn attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0:\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.NonMaxSuppressionV5(\n boxes=[[0.1,0.1,0.1,0.1],[0.2,0.2,0.2,0.2],[0.3,0.3,0.3,0.3]],\n scores=[1.0,2.0,3.0],\n max_output_size=-1,\n iou_threshold=0.5,\n score_threshold=0.5,\n soft_nms_sigma=1.0,\n pad_to_max_output_size=True)\n```\n \nThe [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a `std::vector`:\n\n```cc\n const int output_size = max_output_size.scalar\u003cint\u003e()();\n // ...\n std::vector\u003cint\u003e selected;\n // ...\n if (pad_to_max_output_size) {\n selected.resize(output_size, 0);\n // ...\n }\n```\n \nHowever, as `std::vector::resize` takes the size argument as a `size_t` and `output_size` is an `int`, there is an implicit conversion to usigned. If the attacker supplies a negative value, this conversion results in a crash.\n\nA similar issue occurs in `CombinedNonMaxSuppression`:\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.NonMaxSuppressionV5(\n boxes=[[[[0.1,0.1,0.1,0.1],[0.2,0.2,0.2,0.2],[0.3,0.3,0.3,0.3]],[[0.1,0.1,0.1,0.1],[0.2,0.2,0.2,0.2],[0.3,0.3,0.3,0.3]],[[0.1,0.1,0.1,0.1],[0.2,0.2,0.2,0.2],[0.3,0.3,0.3,0.3]]]],\n scores=[[[1.0,2.0,3.0],[1.0,2.0,3.0],[1.0,2.0,3.0]]],\n max_output_size_per_class=-1,\n max_total_size=10,\n iou_threshold=score_threshold=0.5,\n pad_per_class=True,\n clip_boxes=True)\n```\n \n### Patches\nWe have patched the issue in GitHub commit [3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d](https://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d) and commit [b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58](https://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information \nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-vmjw-c2vp-p33c",
"modified": "2024-11-13T21:00:17Z",
"published": "2021-08-25T14:42:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37669"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-582.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-780.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-291.yaml"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Crash in NMS ops caused by integer conversion to unsigned"
}
GHSA-VVJ7-W55J-XGMW
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-06-07 00:00An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
{
"affected": [],
"aliases": [
"CVE-2021-27218"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-15T17:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.",
"id": "GHSA-vvj7-w55j-xgmw",
"modified": "2022-06-07T00:00:35Z",
"published": "2022-05-24T17:42:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27218"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210319-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W33C-445M-F8W7
Vulnerability from github – Published: 2023-07-12 21:30 – Updated: 2023-07-13 17:01GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.squareup.okio:okio"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0-RC1"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.squareup.okio:okio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.squareup.okio:okio-jvm"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0-RC1"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-3635"
],
"database_specific": {
"cwe_ids": [
"CWE-195",
"CWE-681"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-13T17:01:48Z",
"nvd_published_at": "2023-07-12T19:15:08Z",
"severity": "MODERATE"
},
"details": "GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\n\n",
"id": "GHSA-w33c-445m-f8w7",
"modified": "2023-07-13T17:01:48Z",
"published": "2023-07-12T21:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635"
},
{
"type": "WEB",
"url": "https://github.com/square/okio/pull/1280"
},
{
"type": "WEB",
"url": "https://github.com/square/okio/pull/1334"
},
{
"type": "WEB",
"url": "https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b"
},
{
"type": "WEB",
"url": "https://github.com/square/okio/commit/b4fa875dc24950680c386e4b1c593660ce4f7839"
},
{
"type": "PACKAGE",
"url": "https://github.com/square/okio"
},
{
"type": "WEB",
"url": "https://github.com/square/okio/blob/master/CHANGELOG.md#version-1176"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Okio Signed to Unsigned Conversion Error vulnerability"
}
GHSA-W6WH-QR7X-H932
Vulnerability from github – Published: 2022-09-02 00:01 – Updated: 2022-09-08 00:00An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2022-2639"
],
"database_specific": {
"cwe_ids": [
"CWE-192",
"CWE-681",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-01T21:15:00Z",
"severity": "HIGH"
},
"details": "An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"id": "GHSA-w6wh-qr7x-h932",
"modified": "2022-09-08T00:00:29Z",
"published": "2022-09-02T00:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2639"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084479"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X379-72WQ-8VWF
Vulnerability from github – Published: 2024-02-06 09:31 – Updated: 2024-02-06 09:31Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-28063"
],
"database_specific": {
"cwe_ids": [
"CWE-195",
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T08:15:46Z",
"severity": "MODERATE"
},
"details": "\nDell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.\n\n",
"id": "GHSA-x379-72wq-8vwf",
"modified": "2024-02-06T09:31:38Z",
"published": "2024-02-06T09:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28063"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000214780/dsa-2023-176-dell-client-bios-security-update-for-a-signed-to-unsigned-conversion-error-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Avoid making conversion between numeric types. Always check for the allowed ranges.
No CAPEC attack patterns related to this CWE.