Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

642 vulnerabilities reference this CWE, most recent first.

GHSA-56X4-XCPF-4JMQ

Vulnerability from github – Published: 2024-07-16 12:30 – Updated: 2024-09-09 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

vt_ioctl: fix array_index_nospec in vt_setactivate

array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec.

Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48804"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T12:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt_ioctl: fix array_index_nospec in vt_setactivate\n\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\n\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam.",
  "id": "GHSA-56x4-xcpf-4jmq",
  "modified": "2024-09-09T18:30:29Z",
  "published": "2024-07-16T12:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48804"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-575J-8R4J-2FMQ

Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2022-05-17 00:26
VLAI
Details

An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-12T07:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.",
  "id": "GHSA-575j-8r4j-2fmq",
  "modified": "2022-05-17T00:26:31Z",
  "published": "2022-05-17T00:26:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8911"
    },
    {
      "type": "WEB",
      "url": "https://github.com/verdammelt/tnef/issues/23"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201708-02"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3869"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-58GQ-W922-G4R3

Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-05-24 17:23
VLAI
Details

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-14T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \u0027Jet Database Engine Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.",
  "id": "GHSA-58gq-w922-g4r3",
  "modified": "2022-05-24T17:23:04Z",
  "published": "2022-05-24T17:23:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1400"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1400"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-58MW-2G79-HJM6

Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2026-05-12 12:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T08:15:04Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
  "id": "GHSA-58mw-2g79-hjm6",
  "modified": "2026-05-12T12:32:07Z",
  "published": "2024-09-18T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46759"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5C3M-5FGF-53J6

Vulnerability from github – Published: 2025-07-09 00:30 – Updated: 2025-07-09 00:30
VLAI
Details

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47130"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T23:15:25Z",
    "severity": "HIGH"
  },
  "details": "Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-5c3m-5fgf-53j6",
  "modified": "2025-07-09T00:30:34Z",
  "published": "2025-07-09T00:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47130"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/framemaker/apsb25-66.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5C6Q-HVVG-576R

Vulnerability from github – Published: 2025-05-19 18:30 – Updated: 2026-06-30 15:30
VLAI
Details

A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4948"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-19T16:15:36Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.",
  "id": "GHSA-5c6q-hvvg-576r",
  "modified": "2026-06-30T15:30:30Z",
  "published": "2025-05-19T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4948"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/-/work_items/449"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/449"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367183"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-4948"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:9179"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8663"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8482"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8481"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8480"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8252"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8140"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8139"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8132"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8128"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:8126"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21657"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5F9P-3W99-9CJ2

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11
VLAI
Details

Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-2497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-19T18:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",
  "id": "GHSA-5f9p-3w99-9cj2",
  "modified": "2022-05-13T01:11:22Z",
  "published": "2022-05-13T01:11:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2497"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613154"
    },
    {
      "type": "WEB",
      "url": "https://savannah.nongnu.org/bugs/?30082"
    },
    {
      "type": "WEB",
      "url": "https://savannah.nongnu.org/bugs/?30083"
    },
    {
      "type": "WEB",
      "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=127905701201340\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=127909326909362\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48951"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2070"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5GM8-7PFQ-H7GR

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-21T10:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
  "id": "GHSA-5gm8-7pfq-h7gr",
  "modified": "2022-05-24T17:40:02Z",
  "published": "2022-05-24T17:40:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3691"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5JMQ-X85F-GPRC

Vulnerability from github – Published: 2022-01-26 00:01 – Updated: 2022-03-26 00:01
VLAI
Details

A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-25T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check.",
  "id": "GHSA-5jmq-x85f-gprc",
  "modified": "2022-03-26T00:01:04Z",
  "published": "2022-01-26T00:01:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23034"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMR6UBGJW6JKND7IILGQ2CU35EQPF3E3"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-23"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5117"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-394.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/01/25/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5QMQ-GV7W-45X3

Vulnerability from github – Published: 2025-06-28 18:32 – Updated: 2025-06-28 18:32
VLAI
Details

An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28902"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-28T16:15:21Z",
    "severity": "LOW"
  },
  "details": "An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.",
  "id": "GHSA-5qmq-gv7w-45x3",
  "modified": "2025-06-28T18:32:36Z",
  "published": "2025-06-28T18:32:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28902"
    },
    {
      "type": "WEB",
      "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2"
    },
    {
      "type": "WEB",
      "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf"
    },
    {
      "type": "WEB",
      "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.