CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
642 vulnerabilities reference this CWE, most recent first.
GHSA-4JHP-WP6W-JM5X
Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-06-11 18:30DHCP Server Service Denial of Service Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30070"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T17:15:53Z",
"severity": "HIGH"
},
"details": "DHCP Server Service Denial of Service Vulnerability",
"id": "GHSA-4jhp-wp6w-jm5x",
"modified": "2024-06-11T18:30:49Z",
"published": "2024-06-11T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30070"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30070"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JRV-6M77-VRHQ
Vulnerability from github – Published: 2024-01-15 21:30 – Updated: 2024-07-08 18:31An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-0565"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-15T20:15:43Z",
"severity": "HIGH"
},
"details": "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.",
"id": "GHSA-4jrv-6m77-vrhq",
"modified": "2024-07-08T18:31:15Z",
"published": "2024-01-15T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0565"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1532"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1533"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1607"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1614"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2093"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-0565"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240223-0002"
},
{
"type": "WEB",
"url": "https://www.spinics.net/lists/stable-commits/msg328851.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4MJP-WJ5R-MC96
Vulnerability from github – Published: 2025-01-10 15:31 – Updated: 2025-11-03 18:31In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
{
"affected": [],
"aliases": [
"CVE-2024-57823"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-10T13:15:10Z",
"severity": "CRITICAL"
},
"details": "In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().",
"id": "GHSA-4mjp-wj5r-mc96",
"modified": "2025-11-03T18:31:15Z",
"published": "2025-01-10T15:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57823"
},
{
"type": "WEB",
"url": "https://github.com/dajobe/raptor/issues/70"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896"
},
{
"type": "WEB",
"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00023.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4Q64-7W7G-5X5W
Vulnerability from github – Published: 2022-05-14 01:18 – Updated: 2022-05-14 01:18rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.
{
"affected": [],
"aliases": [
"CVE-2018-20179"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-15T18:29:00Z",
"severity": "CRITICAL"
},
"details": "rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution.",
"id": "GHSA-4q64-7w7g-5x5w",
"modified": "2022-05-14T01:18:24Z",
"published": "2022-05-14T01:18:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20179"
},
{
"type": "WEB",
"url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
},
{
"type": "WEB",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106938"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QFR-CJVM-QRCJ
Vulnerability from github – Published: 2024-11-09 12:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
net: fix crash when config small gso_max_size/gso_ipv4_max_size
Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. Call Trace: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Add check for the minimum value of gso_max_size and gso_ipv4_max_size.
{
"affected": [],
"aliases": [
"CVE-2024-50258"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-09T11:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"id": "GHSA-4qfr-cjvm-qrcj",
"modified": "2025-11-03T21:31:34Z",
"published": "2024-11-09T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50258"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90c8482a5d9791259ba77bfdc1849fc5128b4be7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ab5cf19fb0e4680f95e506d6c544259bf1111c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ac5977001eee7660c643f8e07a2de9001990b7b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e72fd1389a5364bc6aa6312ecf30bdb5891b9486"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e9365368b483328639c03fc730448dccd5a25b6b"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4V3W-RM54-5XG3
Vulnerability from github – Published: 2022-11-22 12:30 – Updated: 2022-11-30 21:30A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP and BMEH)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)
{
"affected": [],
"aliases": [
"CVE-2022-37301"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-22T12:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)\n",
"id": "GHSA-4v3w-rm54-5xg3",
"modified": "2022-11-30T21:30:23Z",
"published": "2022-11-22T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37301"
},
{
"type": "WEB",
"url": "https://www.se.com/us/en/download/document/SEVD-2022-221-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VF7-QXXR-9PXC
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2026-42981"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:14Z",
"severity": "HIGH"
},
"details": "Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-4vf7-qxxr-9pxc",
"modified": "2026-06-09T18:30:45Z",
"published": "2026-06-09T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42981"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42981"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-533G-7W58-G89M
Vulnerability from github – Published: 2024-12-23 00:30 – Updated: 2024-12-26 06:30An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn't actually exist, a crash is nearly guaranteed.
{
"affected": [],
"aliases": [
"CVE-2024-56375"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-22T23:15:06Z",
"severity": "HIGH"
},
"details": "An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn\u0027t actually exist, a crash is nearly guaranteed.",
"id": "GHSA-533g-7w58-g89m",
"modified": "2024-12-26T06:30:47Z",
"published": "2024-12-23T00:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56375"
},
{
"type": "WEB",
"url": "https://github.com/NICMx/FORT-validator/issues/154"
},
{
"type": "WEB",
"url": "https://nicmx.github.io/FORT-validator/CVE.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54C3-2724-2J2F
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-3926"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-28T17:29:00Z",
"severity": "MODERATE"
},
"details": "An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.",
"id": "GHSA-54c3-2724-2j2f",
"modified": "2022-05-13T01:01:56Z",
"published": "2022-05-13T01:01:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3926"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105162"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-56Q7-6RMR-MM9Q
Vulnerability from github – Published: 2024-12-11 00:31 – Updated: 2024-12-11 00:31Bridge versions 14.1.3, 15.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-53955"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T22:15:25Z",
"severity": "HIGH"
},
"details": "Bridge versions 14.1.3, 15.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-56q7-6rmr-mm9q",
"modified": "2024-12-11T00:31:27Z",
"published": "2024-12-11T00:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53955"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb24-103.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.