Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

642 vulnerabilities reference this CWE, most recent first.

GHSA-882H-FF2X-F86Q

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2025-02-15 03:31
VLAI
Details

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11477"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T21:15:08Z",
    "severity": "HIGH"
  },
  "details": "7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.",
  "id": "GHSA-882h-ff2x-f86q",
  "modified": "2025-02-15T03:31:24Z",
  "published": "2024-11-22T21:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11477"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250214-0007"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1532"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-886P-7GMF-J6GR

Vulnerability from github – Published: 2025-04-02 15:31 – Updated: 2025-11-03 21:33
VLAI
Details

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-02T14:15:44Z",
    "severity": "MODERATE"
  },
  "details": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\http\\nxd_http_server.c",
  "id": "GHSA-886p-7gmf-j6gr",
  "modified": "2025-11-03T21:33:29Z",
  "published": "2025-04-02T15:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50597"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2103"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88W6-Q5J8-VRRR

Vulnerability from github – Published: 2022-05-02 03:43 – Updated: 2022-05-02 03:43
VLAI
Details

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-3301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-02-16T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.",
  "id": "GHSA-88w6-q5j8-vrrr",
  "modified": "2022-05-02T03:43:49Z",
  "published": "2022-05-02T03:43:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3301"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533038"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56240"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10423"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38567"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38568"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38695"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38921"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41818"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023591"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-1995"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
    },
    {
      "type": "WEB",
      "url": "http://www.openoffice.org/security/bulletin.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0101.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38218"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-903-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0366"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0635"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2905"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-895H-4XX6-R95P

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG

The GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements bc_ackers on every inbound group ACK, even when the same member has already acknowledged the current broadcast round.

Because bc_ackers is a u16, a duplicate ACK received after the last legitimate ACK wraps the counter to 65535. Once wrapped, tipc_group_bc_cong() keeps reporting congestion and later group broadcasts on the affected socket stay blocked until the group is recreated.

Fix this by ignoring duplicate or stale ACKs before touching bc_acked or bc_ackers. This makes repeated GRP_ACK_MSG handling idempotent and prevents the underflow path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:45Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG\n\nThe GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements\nbc_ackers on every inbound group ACK, even when the same member has\nalready acknowledged the current broadcast round.\n\nBecause bc_ackers is a u16, a duplicate ACK received after the last\nlegitimate ACK wraps the counter to 65535. Once wrapped,\ntipc_group_bc_cong() keeps reporting congestion and later group\nbroadcasts on the affected socket stay blocked until the group is\nrecreated.\n\nFix this by ignoring duplicate or stale ACKs before touching bc_acked or\nbc_ackers. This makes repeated GRP_ACK_MSG handling idempotent and\nprevents the underflow path.",
  "id": "GHSA-895h-4xx6-r95p",
  "modified": "2026-04-27T15:30:46Z",
  "published": "2026-04-24T15:32:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31662"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b6f13f626665cac67ba5a012765427680518711"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36ec4fdd6250dcd5e73eb09ea92ed92e9cc28412"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3bcf7aca63f0bcd679ae28e9b99823c608e59ce3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/48a5fe38772b6f039522469ee6131a67838221a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/575faea557f1a184a5f09661bd47ebd3ef3769f8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2ea1ef0167d7a84730638d05c20ccdc421b14b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7db57ccca21f5801609065473c89a38229ecb92"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0bb732eaf77f9ac2f2638bdac9e39b81e0a9682"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8H26-HC89-G7W7

Vulnerability from github – Published: 2025-03-21 06:30 – Updated: 2025-11-03 21:33
VLAI
Details

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to address this issue. It is recommended to upgrade the affected component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2581"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-21T05:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to address this issue. It is recommended to upgrade the affected component.",
  "id": "GHSA-8h26-hc89-g7w7",
  "modified": "2025-11-03T21:33:13Z",
  "published": "2025-03-21T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2581"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.300541"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.300541"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.522216"
    },
    {
      "type": "WEB",
      "url": "https://xmedcon.sourceforge.io/Main/New"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8H54-X6JJ-V528

Vulnerability from github – Published: 2024-08-21 00:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: prime: fix refcount underflow

Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing ttm_bo) leads to a refcount underflow.

Instead of calling nouveau_bo_ref() in the unwind path of drm_gem_object_init(), clean things up manually.

(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T00:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix refcount underflow\n\nCalling nouveau_bo_ref() on a nouveau_bo without initializing it (and\nhence the backing ttm_bo) leads to a refcount underflow.\n\nInstead of calling nouveau_bo_ref() in the unwind path of\ndrm_gem_object_init(), clean things up manually.\n\n(cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)",
  "id": "GHSA-8h54-x6jj-v528",
  "modified": "2025-11-04T00:31:17Z",
  "published": "2024-08-21T00:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43867"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8H5H-G93F-3FF6

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

xfs: delete attr leaf freemap entries when empty

Back in commit 2a2b5932db6758 ("xfs: fix attr leaf header freemap.size underflow"), Brian Foster observed that it's possible for a small freemap at the end of the end of the xattr entries array to experience a size underflow when subtracting the space consumed by an expansion of the entries array. There are only three freemap entries, which means that it is not a complete index of all free space in the leaf block.

This code can leave behind a zero-length freemap entry with a nonzero base. Subsequent setxattr operations can increase the base up to the point that it overlaps with another freemap entry. This isn't in and of itself a problem because the code in _leaf_add that finds free space ignores any freemap entry with zero size.

However, there's another bug in the freemap update code in _leaf_add, which is that it fails to update a freemap entry that begins midway through the xattr entry that was just appended to the array. That can result in the freemap containing two entries with the same base but different sizes (0 for the "pushed-up" entry, nonzero for the entry that's actually tracking free space). A subsequent _leaf_add can then allocate xattr namevalue entries on top of the entries array, leading to data loss. But fixing that is for later.

For now, eliminate the possibility of confusion by zeroing out the base of any freemap entry that has zero size. Because the freemap is not intended to be a complete index of free space, a subsequent failure to find any free space for a new xattr will trigger block compaction, which regenerates the freemap.

It looks like this bug has been in the codebase for quite a long time.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:37Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: delete attr leaf freemap entries when empty\n\nBack in commit 2a2b5932db6758 (\"xfs: fix attr leaf header freemap.size\nunderflow\"), Brian Foster observed that it\u0027s possible for a small\nfreemap at the end of the end of the xattr entries array to experience\na size underflow when subtracting the space consumed by an expansion of\nthe entries array.  There are only three freemap entries, which means\nthat it is not a complete index of all free space in the leaf block.\n\nThis code can leave behind a zero-length freemap entry with a nonzero\nbase.  Subsequent setxattr operations can increase the base up to the\npoint that it overlaps with another freemap entry.  This isn\u0027t in and of\nitself a problem because the code in _leaf_add that finds free space\nignores any freemap entry with zero size.\n\nHowever, there\u0027s another bug in the freemap update code in _leaf_add,\nwhich is that it fails to update a freemap entry that begins midway\nthrough the xattr entry that was just appended to the array.  That can\nresult in the freemap containing two entries with the same base but\ndifferent sizes (0 for the \"pushed-up\" entry, nonzero for the entry\nthat\u0027s actually tracking free space).  A subsequent _leaf_add can then\nallocate xattr namevalue entries on top of the entries array, leading to\ndata loss.  But fixing that is for later.\n\nFor now, eliminate the possibility of confusion by zeroing out the base\nof any freemap entry that has zero size.  Because the freemap is not\nintended to be a complete index of free space, a subsequent failure to\nfind any free space for a new xattr will trigger block compaction, which\nregenerates the freemap.\n\nIt looks like this bug has been in the codebase for quite a long time.",
  "id": "GHSA-8h5h-g93f-3ff6",
  "modified": "2026-05-08T15:31:17Z",
  "published": "2026-05-06T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43187"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/479b05fc3ee272090f671b06a41f3da8aa78eece"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f13c1d2a6271c2e73226864a0e83de2770b6f34"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a631899025d47ea1aa6464d76db5b4d3b6d196fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa9083d97e2157da3c6fb45ddb1a97af7f188f7f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e1b8c6452ee99a30e188a88f3f3f804fb1c6004a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f31a8334e1c54b126fcecf98645a49b6bc5ad399"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3c0d1fc1eadbb4adbee5ab7757d41d35f48325b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ffaf5c99d0f862db021fb1af8b813c1416b1beb2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8H74-QH3G-94FX

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

apparmor: avoid per-cpu hold underflow in aa_get_buffer

When aa_get_buffer() pulls from the per-cpu list it unconditionally decrements cache->hold. If hold reaches 0 while count is still non-zero, the unsigned decrement wraps to UINT_MAX. This keeps hold non-zero for a very long time, so aa_put_buffer() never returns buffers to the global list, which can starve other CPUs and force repeated kmalloc(aa_g_path_max) allocations.

Guard the decrement so hold never underflows.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:02Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: avoid per-cpu hold underflow in aa_get_buffer\n\nWhen aa_get_buffer() pulls from the per-cpu list it unconditionally\ndecrements cache-\u003ehold. If hold reaches 0 while count is still non-zero,\nthe unsigned decrement wraps to UINT_MAX. This keeps hold non-zero for a\nvery long time, so aa_put_buffer() never returns buffers to the global\nlist, which can starve other CPUs and force repeated kmalloc(aa_g_path_max)\nallocations.\n\nGuard the decrement so hold never underflows.",
  "id": "GHSA-8h74-qh3g-94fx",
  "modified": "2026-06-25T21:31:20Z",
  "published": "2026-05-27T15:33:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45884"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/202824a1f89a9786c20a3d646a7c88d223abb1b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4bcddd0f6b2e52b4c7b520e4d36a115caf5b7169"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/640cf2f09575c9dc344b3f7be2498d31e3923ead"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80c334acc6d0bee8605a358a33e69b4aea1ffb92"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P6X-GW4X-W3JP

Vulnerability from github – Published: 2025-04-02 15:31 – Updated: 2025-11-03 21:33
VLAI
Details

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-02T14:15:44Z",
    "severity": "MODERATE"
  },
  "details": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\web\\nx_web_http_server.c",
  "id": "GHSA-8p6x-gw4x-w3jp",
  "modified": "2025-11-03T21:33:29Z",
  "published": "2025-04-02T15:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50596"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2103"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8Q9M-RQ6X-55F4

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:47
VLAI
Details

Possible integer underflow can happen when calculating length of elementary stream info from invalid section length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearable in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-2244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-24T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Possible integer underflow can happen when calculating length of elementary stream info from invalid section length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearable in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016",
  "id": "GHSA-8q9m-rq6x-55f4",
  "modified": "2024-04-04T00:47:43Z",
  "published": "2022-05-24T16:46:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2244"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins#_CVE-2019-2244"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.