Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

642 vulnerabilities reference this CWE, most recent first.

GHSA-6Q3F-FC2P-9RH3

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07
VLAI
Details

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 in lib/ofp-util.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-23T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.",
  "id": "GHSA-6q3f-fc2p-9rh3",
  "modified": "2022-05-13T01:07:34Z",
  "published": "2022-05-13T01:07:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9214"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2418"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2553"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2648"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2665"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2692"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2698"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2727"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6RP7-X538-XH3V

Vulnerability from github – Published: 2024-12-06 00:31 – Updated: 2024-12-06 18:30
VLAI
Details

In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-05T23:15:04Z",
    "severity": "HIGH"
  },
  "details": "In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.",
  "id": "GHSA-6rp7-x538-xh3v",
  "modified": "2024-12-06T18:30:45Z",
  "published": "2024-12-06T00:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9388"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2018-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6VJ3-8X7G-GQRQ

Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30
VLAI
Details

Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T17:15:08Z",
    "severity": "HIGH"
  },
  "details": "Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-6vj3-8x7g-gqrq",
  "modified": "2024-11-12T18:30:57Z",
  "published": "2024-11-12T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49514"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/photoshop/apsb24-89.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6W6G-H475-CX55

Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-12-18 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix MMIO write access to an invalid page in i40e_clear_hw

When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page.

Prevent the integer underflow by changing the type of related variables.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\n\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\n\nPrevent the integer underflow by changing the type of related variables.",
  "id": "GHSA-6w6g-h475-cx55",
  "modified": "2025-12-18T21:31:33Z",
  "published": "2025-07-04T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38200"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/015bac5daca978448f2671478c553ce1f300c21e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a1f4f2e36442a9bdf771acf6ee86f3cf876e5ca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3502dd42f178dae9d54696013386bb52b4f2e655"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5e75c9082987479e647c75ec8fdf18fa68263c42"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/872607632c658d3739e4e7889e4f3c419ae2c193"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8cde755f56163281ec2c46b4ae8b61f532758a6f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d88a1e8f024ba26e19350958fecbf771a9960352"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fecb2fc3fc10c95724407cc45ea35af4a65cdde2"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-757G-2V32-2P5W

Vulnerability from github – Published: 2025-11-25 09:31 – Updated: 2025-11-25 09:31
VLAI
Details

An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-25T08:15:52Z",
    "severity": "MODERATE"
  },
  "details": "An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. \nRefer to the \u0027 Security Update for ASUS Router Firmware\u0027 section on the ASUS Security Advisory for more information.",
  "id": "GHSA-757g-2v32-2p5w",
  "modified": "2025-11-25T09:31:24Z",
  "published": "2025-11-25T09:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59368"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/security-advisory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-75HG-CMPQ-5F3X

Vulnerability from github – Published: 2023-03-07 21:30 – Updated: 2023-03-13 06:30
VLAI
Details

In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-07T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028.",
  "id": "GHSA-75hg-cmpq-5f3x",
  "modified": "2023-03-13T06:30:26Z",
  "published": "2023-03-07T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20635"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/March-2023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77RQ-3336-8W4X

Vulnerability from github – Published: 2024-11-26 15:31 – Updated: 2024-11-26 15:31
VLAI
Details

An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-126",
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-26T14:15:17Z",
    "severity": "HIGH"
  },
  "details": "An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command \u0027cat /sys/kernel/debug/ipa/ip4_nat\u0027",
  "id": "GHSA-77rq-3336-8w4x",
  "modified": "2024-11-26T15:31:01Z",
  "published": "2024-11-26T15:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5852"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-789C-MGQF-5HWX

Vulnerability from github – Published: 2026-02-25 21:31 – Updated: 2026-02-25 21:31
VLAI
Details

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-25T21:16:44Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.",
  "id": "GHSA-789c-mgqf-5hwx",
  "modified": "2026-02-25T21:31:19Z",
  "published": "2026-02-25T21:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3172"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pgvector/pgvector/issues/959"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-78XF-X743-MMC6

Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-11-04 00:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: s5p-jpeg: prevent buffer overflows

The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it.

While here, remove an unused word = 0 assignment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T18:15:25Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment.",
  "id": "GHSA-78xf-x743-mmc6",
  "modified": "2025-11-04T00:32:05Z",
  "published": "2024-11-19T18:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53061"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7CP9-3M8M-4JV3

Vulnerability from github – Published: 2026-02-20 15:31 – Updated: 2026-02-20 15:31
VLAI
Details

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-20T15:20:29Z",
    "severity": "LOW"
  },
  "details": "An integer underflow vulnerability is present in Silicon Lab\u2019s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service.",
  "id": "GHSA-7cp9-3m8m-4jv3",
  "modified": "2026-02-20T15:31:03Z",
  "published": "2026-02-20T15:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14547"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/068Vm00000e1UTF"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.