CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
642 vulnerabilities reference this CWE, most recent first.
GHSA-6Q3F-FC2P-9RH3
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 in lib/ofp-util.c.
{
"affected": [],
"aliases": [
"CVE-2017-9214"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-23T17:29:00Z",
"severity": "CRITICAL"
},
"details": "In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.",
"id": "GHSA-6q3f-fc2p-9rh3",
"modified": "2022-05-13T01:07:34Z",
"published": "2022-05-13T01:07:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9214"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"type": "WEB",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6RP7-X538-XH3V
Vulnerability from github – Published: 2024-12-06 00:31 – Updated: 2024-12-06 18:30In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.
{
"affected": [],
"aliases": [
"CVE-2018-9388"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-05T23:15:04Z",
"severity": "HIGH"
},
"details": "In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.",
"id": "GHSA-6rp7-x538-xh3v",
"modified": "2024-12-06T18:30:45Z",
"published": "2024-12-06T00:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9388"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VJ3-8X7G-GQRQ
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-49514"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T17:15:08Z",
"severity": "HIGH"
},
"details": "Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-6vj3-8x7g-gqrq",
"modified": "2024-11-12T18:30:57Z",
"published": "2024-11-12T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49514"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb24-89.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6W6G-H475-CX55
Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-12-18 21:31In the Linux kernel, the following vulnerability has been resolved:
i40e: fix MMIO write access to an invalid page in i40e_clear_hw
When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page.
Prevent the integer underflow by changing the type of related variables.
{
"affected": [],
"aliases": [
"CVE-2025-38200"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-04T14:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\n\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\n\nPrevent the integer underflow by changing the type of related variables.",
"id": "GHSA-6w6g-h475-cx55",
"modified": "2025-12-18T21:31:33Z",
"published": "2025-07-04T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38200"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/015bac5daca978448f2671478c553ce1f300c21e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2a1f4f2e36442a9bdf771acf6ee86f3cf876e5ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3502dd42f178dae9d54696013386bb52b4f2e655"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e75c9082987479e647c75ec8fdf18fa68263c42"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/872607632c658d3739e4e7889e4f3c419ae2c193"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8cde755f56163281ec2c46b4ae8b61f532758a6f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d88a1e8f024ba26e19350958fecbf771a9960352"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fecb2fc3fc10c95724407cc45ea35af4a65cdde2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-757G-2V32-2P5W
Vulnerability from github – Published: 2025-11-25 09:31 – Updated: 2025-11-25 09:31An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
{
"affected": [],
"aliases": [
"CVE-2025-59368"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-25T08:15:52Z",
"severity": "MODERATE"
},
"details": "An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. \nRefer to the \u0027 Security Update for ASUS Router Firmware\u0027 section on the ASUS Security Advisory for more information.",
"id": "GHSA-757g-2v32-2p5w",
"modified": "2025-11-25T09:31:24Z",
"published": "2025-11-25T09:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59368"
},
{
"type": "WEB",
"url": "https://www.asus.com/security-advisory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-75HG-CMPQ-5F3X
Vulnerability from github – Published: 2023-03-07 21:30 – Updated: 2023-03-13 06:30In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028.
{
"affected": [],
"aliases": [
"CVE-2023-20635"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-07T21:15:00Z",
"severity": "MODERATE"
},
"details": "In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028.",
"id": "GHSA-75hg-cmpq-5f3x",
"modified": "2023-03-13T06:30:26Z",
"published": "2023-03-07T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20635"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/March-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-77RQ-3336-8W4X
Vulnerability from github – Published: 2024-11-26 15:31 – Updated: 2024-11-26 15:31An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
{
"affected": [],
"aliases": [
"CVE-2018-5852"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-26T14:15:17Z",
"severity": "HIGH"
},
"details": "An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command \u0027cat /sys/kernel/debug/ipa/ip4_nat\u0027",
"id": "GHSA-77rq-3336-8w4x",
"modified": "2024-11-26T15:31:01Z",
"published": "2024-11-26T15:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5852"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-789C-MGQF-5HWX
Vulnerability from github – Published: 2026-02-25 21:31 – Updated: 2026-02-25 21:31Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
{
"affected": [],
"aliases": [
"CVE-2026-3172"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-25T21:16:44Z",
"severity": "HIGH"
},
"details": "Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.",
"id": "GHSA-789c-mgqf-5hwx",
"modified": "2026-02-25T21:31:19Z",
"published": "2026-02-25T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3172"
},
{
"type": "WEB",
"url": "https://github.com/pgvector/pgvector/issues/959"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78XF-X743-MMC6
Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-11-04 00:32In the Linux kernel, the following vulnerability has been resolved:
media: s5p-jpeg: prevent buffer overflows
The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it.
While here, remove an unused word = 0 assignment.
{
"affected": [],
"aliases": [
"CVE-2024-53061"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T18:15:25Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment.",
"id": "GHSA-78xf-x743-mmc6",
"modified": "2025-11-04T00:32:05Z",
"published": "2024-11-19T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53061"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CP9-3M8M-4JV3
Vulnerability from github – Published: 2026-02-20 15:31 – Updated: 2026-02-20 15:31An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-14547"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-20T15:20:29Z",
"severity": "LOW"
},
"details": "An integer underflow vulnerability is present in Silicon Lab\u2019s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service.",
"id": "GHSA-7cp9-3m8m-4jv3",
"modified": "2026-02-20T15:31:03Z",
"published": "2026-02-20T15:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14547"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000e1UTF"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.