CWE-682
DiscouragedIncorrect Calculation
Abstraction: Pillar · Status: Draft
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
159 vulnerabilities reference this CWE, most recent first.
GHSA-FFF9-CCRG-MJCR
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:37Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
{
"affected": [],
"aliases": [
"CVE-2017-8905"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-11T19:29:00Z",
"severity": "HIGH"
},
"details": "Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.",
"id": "GHSA-fff9-ccrg-mjcr",
"modified": "2025-04-20T03:37:27Z",
"published": "2022-05-13T01:47:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8905"
},
{
"type": "WEB",
"url": "https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-11"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-215.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98436"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038388"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FJ28-69VR-WRGQ
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2023-02-01 03:30In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event. This could allow a malicious local user to gain root privileges or escape from a jail.
{
"affected": [],
"aliases": [
"CVE-2019-5607"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-26T01:15:00Z",
"severity": "HIGH"
},
"details": "In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event. This could allow a malicious local user to gain root privileges or escape from a jail.",
"id": "GHSA-fj28-69vr-wrgq",
"modified": "2023-02-01T03:30:29Z",
"published": "2022-05-24T16:51:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5607"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:17.fd.asc"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190814-0003"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153755/FreeBSD-Security-Advisory-FreeBSD-SA-19-17.fd.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FR3J-GXG3-M435
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
{
"affected": [],
"aliases": [
"CVE-2011-3062"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-03-30T22:55:00Z",
"severity": "MODERATE"
},
"details": "Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.",
"id": "GHSA-fr3j-gxg3-m435",
"modified": "2022-05-13T01:27:21Z",
"published": "2022-05-13T01:27:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3062"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=739925"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74412"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15488"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=116524"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/80740"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48618"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48691"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48763"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48972"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/49047"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/49055"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-31.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026877"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FV42-492H-89PJ
Vulnerability from github – Published: 2024-07-18 09:30 – Updated: 2025-11-04 00:30In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space.
{
"affected": [],
"aliases": [
"CVE-2024-41011"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-18T07:15:02Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don\u0027t allow mapping the MMIO HDP page with large pages\n\nWe don\u0027t get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with \u003e4K pages, we end up\nexposing PAGE_SIZE of MMIO space.",
"id": "GHSA-fv42-492h-89pj",
"modified": "2025-11-04T00:30:58Z",
"published": "2024-07-18T09:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41011"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWQV-682V-F9JF
Vulnerability from github – Published: 2024-11-20 09:32 – Updated: 2026-02-23 12:31Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect calculation of effective permissions.
{
"affected": [],
"aliases": [
"CVE-2024-11176"
],
"database_specific": {
"cwe_ids": [
"CWE-682",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-20T09:15:04Z",
"severity": "MODERATE"
},
"details": "Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect calculation of effective permissions.",
"id": "GHSA-fwqv-682v-f9jf",
"modified": "2026-02-23T12:31:29Z",
"published": "2024-11-20T09:32:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11176"
},
{
"type": "WEB",
"url": "https://empower.m-files.com/security-advisories/CVE-2024-11176"
},
{
"type": "WEB",
"url": "https://product.m-files.com/security-advisories/CVE-2024-11176"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G2CH-2WMH-HPHV
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-04-20 03:41When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.
{
"affected": [],
"aliases": [
"CVE-2017-11537"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-23T03:29:00Z",
"severity": "MODERATE"
},
"details": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.",
"id": "GHSA-g2ch-2wmh-hphv",
"modified": "2025-04-20T03:41:17Z",
"published": "2022-05-13T01:42:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11537"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/560"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4019"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GFFV-5HR2-F9GJ
Vulnerability from github – Published: 2021-08-25 20:43 – Updated: 2023-06-13 20:12Affected versions of this crate did not properly reset a streaming state. Resetting a streaming state, without finalising it first, creates incorrect results. The flaw was corrected by not first checking if the state had already been reset, when calling reset().
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "orion"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-20999"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:24:37Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of this crate did not properly reset a streaming state. Resetting a streaming state, without finalising it first, creates incorrect results. The flaw was corrected by not first checking if the state had already been reset, when calling reset().",
"id": "GHSA-gffv-5hr2-f9gj",
"modified": "2023-06-13T20:12:57Z",
"published": "2021-08-25T20:43:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20999"
},
{
"type": "WEB",
"url": "https://github.com/brycx/orion/issues/46"
},
{
"type": "PACKAGE",
"url": "https://github.com/brycx/orion"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2018-0012.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Flaw in streaming state in orion"
}
GHSA-GFV7-9JPR-9XM8
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2024-06-06 21:30ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
{
"affected": [],
"aliases": [
"CVE-2019-16347"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-16T13:15:00Z",
"severity": "MODERATE"
},
"details": "ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.",
"id": "GHSA-gfv7-9jpr-9xm8",
"modified": "2024-06-06T21:30:35Z",
"published": "2022-05-24T22:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16347"
},
{
"type": "WEB",
"url": "https://github.com/miniupnp/ngiflib/issues/12"
},
{
"type": "WEB",
"url": "https://github.com/miniupnp/ngiflib/commit/37d939a6f511d16d4c95678025c235fe62e6417a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGV6-7VFJ-R2FW
Vulnerability from github – Published: 2024-02-13 21:30 – Updated: 2025-03-17 18:31Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.
{
"affected": [],
"aliases": [
"CVE-2023-31347"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T20:15:52Z",
"severity": "MODERATE"
},
"details": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u00a0",
"id": "GHSA-ggv6-7vfj-r2fw",
"modified": "2025-03-17T18:31:37Z",
"published": "2024-02-13T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31347"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJM7-VCH5-HCH8
Vulnerability from github – Published: 2026-06-25 21:31 – Updated: 2026-06-26 18:33The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret. The final carry-propagation chains in the x64 and AVX2 reduction routines could overflow into the top bit, and the high limb was not masked afterward, so the 255-bit field element was left non-canonical.
{
"affected": [],
"aliases": [
"CVE-2026-10512"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T20:17:09Z",
"severity": "LOW"
},
"details": "The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret. The final carry-propagation chains in the x64 and AVX2 reduction routines could overflow into the top bit, and the high limb was not masked afterward, so the 255-bit field element was left non-canonical.",
"id": "GHSA-gjm7-vch5-hch8",
"modified": "2026-06-26T18:33:50Z",
"published": "2026-06-25T21:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10512"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/10536"
},
{
"type": "WEB",
"url": "https://www.wolfssl.com/docs/security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
Mitigation MIT-8
Strategy: Input Validation
Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Mitigation
Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
Mitigation
Strategy: Language Selection
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation
Strategy: Libraries or Frameworks
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-128: Integer Attacks
An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.