Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

640 vulnerabilities reference this CWE, most recent first.

CVE-2022-3165 (GCVE-0-2022-3165)

Vulnerability from cvelistv5 – Published: 2022-10-17 00:00 – Updated: 2025-05-14 20:12
VLAI
Summary
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
n/a QEMU Affected: Affected 6.1.0 and later. Will be fixed in 7.2.0-rc0.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18"
          },
          {
            "name": "FEDORA-2022-8dcdfe7297",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/"
          },
          {
            "name": "FEDORA-2022-4387579e67",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221223-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-3165",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T20:11:42.481034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T20:12:28.401Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Affected 6.1.0 and later. Will be fixed in 7.2.0-rc0."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-23T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18"
        },
        {
          "name": "FEDORA-2022-8dcdfe7297",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/"
        },
        {
          "name": "FEDORA-2022-4387579e67",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221223-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-3165",
    "datePublished": "2022-10-17T00:00:00.000Z",
    "dateReserved": "2022-09-08T00:00:00.000Z",
    "dateUpdated": "2025-05-14T20:12:28.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2869 (GCVE-0-2022-2869)

Vulnerability from cvelistv5 – Published: 2022-08-17 00:00 – Updated: 2024-08-03 00:52
VLAI
Summary
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a libtiff Affected: libtiff 4.4.0rc1
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:52:59.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118869"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.4.0rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff\u0027s tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191-\u003e(CWE-125|CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118869"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2869",
    "datePublished": "2022-08-17T00:00:00.000Z",
    "dateReserved": "2022-08-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:52:59.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2867 (GCVE-0-2022-2867)

Vulnerability from cvelistv5 – Published: 2022-08-17 00:00 – Updated: 2024-08-03 00:52
VLAI
Summary
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a libtiff Affected: libtiff 4.4.0rc1
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:52:59.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118847"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.4.0rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff\u0027s tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191-\u003e(CWE-125|CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118847"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2867",
    "datePublished": "2022-08-17T00:00:00.000Z",
    "dateReserved": "2022-08-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:52:59.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2335 (GCVE-0-2022-2335)

Vulnerability from cvelistv5 – Published: 2022-08-17 20:13 – Updated: 2025-04-16 16:13
VLAI
Title
Softing Secure Integration Server Integer Underflow
Summary
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Credits
Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:09.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2335",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:49.307025Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:13:08.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Secure Integration Server",
          "vendor": "Softing",
          "versions": [
            {
              "status": "affected",
              "version": "V1.22"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-17T20:13:15.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Softing Secure Integration Server Integer Underflow",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2022-2335",
          "STATE": "PUBLIC",
          "TITLE": "Softing Secure Integration Server Integer Underflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secure Integration Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "V1.22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Softing"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-191: Integer Underflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html",
              "refsource": "CONFIRM",
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
            },
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-2335",
    "datePublished": "2022-08-17T20:13:15.000Z",
    "dateReserved": "2022-07-06T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:13:08.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1698 (GCVE-0-2022-1698)

Vulnerability from cvelistv5 – Published: 2022-05-12 15:20 – Updated: 2024-08-03 00:10
VLAI
Title
Allowing long password leads to denial of service in causefx/organizr
Summary
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
CWE
  • CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
Vendor Product Version
causefx causefx/organizr Affected: unspecified , < 2.1.2000 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "causefx/organizr",
          "vendor": "causefx",
          "versions": [
            {
              "lessThan": "2.1.2000",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T15:20:15.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
        }
      ],
      "source": {
        "advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
        "discovery": "EXTERNAL"
      },
      "title": "Allowing long password leads to denial of service in causefx/organizr",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-1698",
          "STATE": "PUBLIC",
          "TITLE": "Allowing long password leads to denial of service in causefx/organizr"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "causefx/organizr",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.1.2000"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "causefx"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56",
              "refsource": "MISC",
              "url": "https://github.com/causefx/organizr/commit/e4b4cff66c526f7b5bbaef0073c92c315c29bd56"
            },
            {
              "name": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/f4ab747b-e89a-4514-9432-ac1ea56639f3"
            }
          ]
        },
        "source": {
          "advisory": "f4ab747b-e89a-4514-9432-ac1ea56639f3",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-1698",
    "datePublished": "2022-05-12T15:20:15.000Z",
    "dateReserved": "2022-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:10:03.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0544 (GCVE-0-2022-0544)

Vulnerability from cvelistv5 – Published: 2022-02-24 18:27 – Updated: 2024-08-02 23:32
VLAI
Summary
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
Severity
No CVSS data available.
CWE
Assigner
References
URL Tags
https://developer.blender.org/T94661 x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022… mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5176 vendor-advisoryx_refsource_DEBIAN
Impacted products
Vendor Product Version
n/a Blender Affected: Blender versions prior to 2.83.19, 2.93.8 and 3.1
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.blender.org/T94661"
          },
          {
            "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
          },
          {
            "name": "DSA-5176",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Blender",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191-\u003eCWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-05T10:06:20.000Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.blender.org/T94661"
        },
        {
          "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
        },
        {
          "name": "DSA-5176",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5176"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "patrick@puiterwijk.org",
          "ID": "CVE-2022-0544",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Blender",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-191-\u003eCWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.blender.org/T94661",
              "refsource": "MISC",
              "url": "https://developer.blender.org/T94661"
            },
            {
              "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
            },
            {
              "name": "DSA-5176",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5176"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2022-0544",
    "datePublished": "2022-02-24T18:27:15.000Z",
    "dateReserved": "2022-02-08T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:32:46.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-43083 (GCVE-0-2021-43083)

Vulnerability from cvelistv5 – Published: 2021-12-19 08:25 – Updated: 2024-08-04 03:47
VLAI
Title
Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response
Summary
Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together.
Severity
No CVSS data available.
CWE
  • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache PLC4X Affected: PLC4C , ≤ 0.9.0 (custom)
Create a notification for this product.
Credits
Apache PLC4X would like to thank Eugene Lim for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:47:13.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7"
          },
          {
            "name": "[oss-security] 20211220 CVE-2021-43083: Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/20/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache PLC4X",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "0.9.0",
              "status": "affected",
              "version": "PLC4C",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Apache PLC4X would like to thank Eugene Lim for reporting this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-20T15:06:56.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7"
        },
        {
          "name": "[oss-security] 20211220 CVE-2021-43083: Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/20/2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-43083",
          "STATE": "PUBLIC",
          "TITLE": "Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache PLC4X",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "PLC4C",
                            "version_value": "0.9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Apache PLC4X would like to thank Eugene Lim for reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {}
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7"
            },
            {
              "name": "[oss-security] 20211220 CVE-2021-43083: Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/20/2"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-43083",
    "datePublished": "2021-12-19T08:25:09.000Z",
    "dateReserved": "2021-10-30T00:00:00.000Z",
    "dateUpdated": "2024-08-04T03:47:13.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41196 (GCVE-0-2021-41196)

Vulnerability from cvelistv5 – Published: 2021-11-05 19:55 – Updated: 2024-08-04 03:08
VLAI
Title
Crash in `max_pool3d` when size argument is 0 or negative
Summary
TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
CWE
  • CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
Impacted products
Vendor Product Version
tensorflow tensorflow Affected: >= 2.6.0, < 2.6.1
Affected: >= 2.5.0, < 2.5.2
Affected: < 2.4.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:08:31.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/issues/51936"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.6.0, \u003c 2.6.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.5.0, \u003c 2.5.2"
            },
            {
              "status": "affected",
              "version": "\u003c 2.4.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow\u0027s implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-05T19:55:13.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/issues/51936"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b"
        }
      ],
      "source": {
        "advisory": "GHSA-m539-j985-hcr8",
        "discovery": "UNKNOWN"
      },
      "title": "Crash in `max_pool3d` when size argument is 0 or negative",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41196",
          "STATE": "PUBLIC",
          "TITLE": "Crash in `max_pool3d` when size argument is 0 or negative"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 2.6.0, \u003c 2.6.1"
                          },
                          {
                            "version_value": "\u003e= 2.5.0, \u003c 2.5.2"
                          },
                          {
                            "version_value": "\u003c 2.4.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow\u0027s implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-191: Integer Underflow (Wrap or Wraparound)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/issues/51936",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/issues/51936"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-m539-j985-hcr8",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41196",
    "datePublished": "2021-11-05T19:55:13.000Z",
    "dateReserved": "2021-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T03:08:31.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-37706 (GCVE-0-2021-37706)

Vulnerability from cvelistv5 – Published: 2021-12-22 00:00 – Updated: 2025-11-04 16:09
VLAI
Title
Potential integer underflow upon receiving STUN message in PJSIP
Summary
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.
CWE
  • CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
Impacted products
Vendor Product Version
pjsip pjproject Affected: <= 2.11.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:09:17.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865"
          },
          {
            "name": "20220304 AST-2022-004: pjproject: integer underflow on STUN message",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Mar/0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html"
          },
          {
            "name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
          },
          {
            "name": "GLSA-202210-37",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-37"
          },
          {
            "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
          },
          {
            "name": "DSA-5285",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5285"
          },
          {
            "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pjproject",
          "vendor": "pjsip",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim\u2019s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim\u2019s machine. Users are advised to upgrade as soon as possible. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-30T00:06:40.686Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984"
        },
        {
          "url": "https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865"
        },
        {
          "name": "20220304 AST-2022-004: pjproject: integer underflow on STUN message",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Mar/0"
        },
        {
          "url": "http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html"
        },
        {
          "name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
        },
        {
          "name": "GLSA-202210-37",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-37"
        },
        {
          "name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
        },
        {
          "name": "DSA-5285",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5285"
        },
        {
          "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
        }
      ],
      "source": {
        "advisory": "GHSA-2qpg-f6wf-w984",
        "discovery": "UNKNOWN"
      },
      "title": "Potential integer underflow upon receiving STUN message in PJSIP"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-37706",
    "datePublished": "2021-12-22T00:00:00.000Z",
    "dateReserved": "2021-07-29T00:00:00.000Z",
    "dateUpdated": "2025-11-04T16:09:17.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-33536 (GCVE-0-2021-33536)

Vulnerability from cvelistv5 – Published: 2021-06-25 18:26 – Updated: 2024-09-17 03:38
VLAI
Title
WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability
Summary
In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
CWE
  • CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
Vendor Product Version
Weidmüller IE-WL(T)-BL-AP-CL-XX Affected: IE-WL-BL-AP-CL-EU (2536600000) , ≤ V1.16.18 (Build 18081617) (custom)
Affected: IE-WLT-BL-AP-CL-EU (2536650000) , ≤ V1.16.18 (Build 18081617) (custom)
Affected: IE-WL-BL-AP-CL-US (2536660000) , ≤ V1.16.18 (Build 18081617) (custom)
Affected: IE-WLT-BL-AP-CL-US (2536670000) , ≤ V1.16.18 (Build 18081617) (custom)
Create a notification for this product.
Weidmüller IE-WL(T)-VL-AP-CL-XX Affected: IE-WL-VL-AP-BR-CL-EU (2536680000) , ≤ V1.11.10 (Build 18122616) (custom)
Affected: IE-WLT-VL-AP-BR-CL-EU (2536690000) , ≤ V1.11.10 (Build 18122616) (custom)
Affected: IE-WL-VL-AP-BR-CL-US (2536700000) , ≤ V1.11.10 (Build 18122616) (custom)
Affected: IE-WLT-VL-AP-BR-CL-US (2536710000) , ≤ V1.11.10 (Build 18122616) (custom)
Create a notification for this product.
Date Public
2021-06-23 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.008Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:26:01.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33536",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-191 Integer Underflow (Wrap or Wraparound)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33536",
    "datePublished": "2021-06-25T18:26:01.011Z",
    "dateReserved": "2021-05-24T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:38:31.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.