CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
640 vulnerabilities reference this CWE, most recent first.
GHSA-VGM9-QPVF-CP5W
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
hwmon: (lm95234) Fix underflows seen when writing limit attributes
DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
{
"affected": [],
"aliases": [
"CVE-2024-46758"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:04Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
"id": "GHSA-vgm9-qpvf-cp5w",
"modified": "2024-09-23T18:30:34Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46758"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VH32-2CMQ-5XPC
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-23 18:30In the Linux kernel, the following vulnerability has been resolved:
hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
{
"affected": [],
"aliases": [
"CVE-2024-46757"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:04Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
"id": "GHSA-vh32-2cmq-5xpc",
"modified": "2024-09-23T18:30:34Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46757"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJWH-4XJH-5595
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
{
"affected": [],
"aliases": [
"CVE-2016-2316"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-02-22T15:59:00Z",
"severity": "HIGH"
},
"details": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.",
"id": "GHSA-vjwh-4xjh-5595",
"modified": "2022-05-17T00:27:42Z",
"published": "2022-05-17T00:27:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2316"
},
{
"type": "WEB",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3700"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/82651"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034930"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM9W-MQXM-485Q
Vulnerability from github – Published: 2026-06-01 21:30 – Updated: 2026-06-02 15:32FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.
{
"affected": [],
"aliases": [
"CVE-2026-37231"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T19:16:33Z",
"severity": "HIGH"
},
"details": "FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.",
"id": "GHSA-vm9w-mqxm-485q",
"modified": "2026-06-02T15:32:01Z",
"published": "2026-06-01T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37231"
},
{
"type": "WEB",
"url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37231.md"
},
{
"type": "WEB",
"url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VMR3-XRH5-2R29
Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32Information disclosure while parsing sub-IE length during new IE generation.
{
"affected": [],
"aliases": [
"CVE-2024-21466"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T15:15:15Z",
"severity": "MODERATE"
},
"details": "Information disclosure while parsing sub-IE length during new IE generation.",
"id": "GHSA-vmr3-xrh5-2r29",
"modified": "2024-07-01T15:32:44Z",
"published": "2024-07-01T15:32:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21466"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VP3J-RHGW-HR9F
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
{
"affected": [],
"aliases": [
"CVE-2013-6424"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-01-18T19:55:00Z",
"severity": "MODERATE"
},
"details": "Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.",
"id": "GHSA-vp3j-rhgw-hr9f",
"modified": "2022-05-13T01:04:23Z",
"published": "2022-05-13T01:04:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6424"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2013:1868"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2013-6424"
},
{
"type": "WEB",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=67484"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1037984"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-64"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html"
},
{
"type": "WEB",
"url": "http://lists.x.org/archives/xorg-devel/2013-October/037996.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1868.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2822"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/12/03/8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/12/04/8"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2500-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VQ3C-WGC6-RVMQ
Vulnerability from github – Published: 2026-07-14 00:31 – Updated: 2026-07-14 18:31OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData).
{
"affected": [],
"aliases": [
"CVE-2026-51540"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T22:16:47Z",
"severity": "CRITICAL"
},
"details": "OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData).",
"id": "GHSA-vq3c-wgc6-rvmq",
"modified": "2026-07-14T18:31:51Z",
"published": "2026-07-14T00:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-51540"
},
{
"type": "WEB",
"url": "https://github.com/EIPStackGroup/OpENer/issues/568"
},
{
"type": "WEB",
"url": "https://gist.github.com/MrAlaskan/5e0c2af7f4a1d188814c7fa8f812c8da"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQGR-F24J-7RXX
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
{
"affected": [],
"aliases": [
"CVE-2014-9087"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-12-01T15:59:00Z",
"severity": "HIGH"
},
"details": "Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.",
"id": "GHSA-vqgr-f24j-7rxx",
"modified": "2022-05-13T01:25:22Z",
"published": "2022-05-13T01:25:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9087"
},
{
"type": "WEB",
"url": "https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2014-0498.html"
},
{
"type": "WEB",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60073"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60189"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60233"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-3078"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:234"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:151"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/71285"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2427-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VVVV-2V7H-W64M
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-61826"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T18:15:42Z",
"severity": "HIGH"
},
"details": "Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-vvvv-2v7h-w64m",
"modified": "2025-11-11T18:30:22Z",
"published": "2025-11-11T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61826"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-111.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VWHR-CXJH-7VPW
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.
{
"affected": [],
"aliases": [
"CVE-2021-25849"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-10T11:15:00Z",
"severity": "HIGH"
},
"details": "An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.",
"id": "GHSA-vwhr-cxjh-7vpw",
"modified": "2022-05-24T19:01:56Z",
"published": "2022-05-24T19:01:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25849"
},
{
"type": "WEB",
"url": "https://www.moxa.com/en"
},
{
"type": "WEB",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.