CWE-681
AllowedIncorrect Conversion between Numeric Types
Abstraction: Base · Status: Draft
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
126 vulnerabilities reference this CWE, most recent first.
GHSA-G9CG-CHVX-P8M5
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-53733"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T18:15:43Z",
"severity": "HIGH"
},
"details": "Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.",
"id": "GHSA-g9cg-chvx-p8m5",
"modified": "2025-08-12T18:31:32Z",
"published": "2025-08-12T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53733"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53733"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GF47-3HHJ-GV96
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2025-10-22 00:32Windows MSHTML Platform Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-33742"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-681",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-08T23:15:00Z",
"severity": "HIGH"
},
"details": "Windows MSHTML Platform Remote Code Execution Vulnerability",
"id": "GHSA-gf47-3hhj-gv96",
"modified": "2025-10-22T00:32:13Z",
"published": "2022-05-24T19:04:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33742"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33742"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GF88-J2MG-CC82
Vulnerability from github – Published: 2021-08-25 14:42 – Updated: 2024-11-13 20:54Impact
An attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments:
import tensorflow as tf
from tensorflow.python.ops import gen_boosted_trees_ops
import numpy as np
v= tf.Variable([0.0, 0.0, 0.0, 0.0, 0.0])
gen_boosted_trees_ops.boosted_trees_create_quantile_stream_resource(
quantile_stream_resource_handle = v.handle,
epsilon = [74.82224],
num_streams = [-49],
max_elements = np.int32(586))
The implementation does not validate that num_streams only contains non-negative numbers. In turn, this results in using this value to allocate memory:
class BoostedTreesQuantileStreamResource : public ResourceBase {
public:
BoostedTreesQuantileStreamResource(const float epsilon,
const int64 max_elements,
const int64 num_streams)
: are_buckets_ready_(false),
epsilon_(epsilon),
num_streams_(num_streams),
max_elements_(max_elements) {
streams_.reserve(num_streams_);
...
}
}
However, reserve receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library.
Patches
We have patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37661"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-24T13:23:52Z",
"nvd_published_at": "2021-08-12T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAn attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative arguments:\n\n```python\nimport tensorflow as tf\nfrom tensorflow.python.ops import gen_boosted_trees_ops\nimport numpy as np\n\nv= tf.Variable([0.0, 0.0, 0.0, 0.0, 0.0])\ngen_boosted_trees_ops.boosted_trees_create_quantile_stream_resource(\n quantile_stream_resource_handle = v.handle,\n epsilon = [74.82224],\n num_streams = [-49], \n max_elements = np.int32(586))\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that `num_streams` only contains non-negative numbers. In turn, [this results in using this value to allocate memory](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40):\n\n```cc\nclass BoostedTreesQuantileStreamResource : public ResourceBase {\n public:\n BoostedTreesQuantileStreamResource(const float epsilon,\n const int64 max_elements,\n const int64 num_streams)\n : are_buckets_ready_(false),\n epsilon_(epsilon),\n num_streams_(num_streams),\n max_elements_(max_elements) {\n streams_.reserve(num_streams_);\n ...\n }\n}\n```\n\nHowever, `reserve` receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library.\n\n### Patches\nWe have patched the issue in GitHub commit [8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992](https://github.com/tensorflow/tensorflow/commit/8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-gf88-j2mg-cc82",
"modified": "2024-11-13T20:54:40Z",
"published": "2021-08-25T14:42:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf88-j2mg-cc82"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37661"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-574.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-772.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-283.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Crash caused by integer conversion to unsigned"
}
GHSA-GHRH-GXWW-GQFR
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-21861"
],
"database_specific": {
"cwe_ids": [
"CWE-681",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-16T20:15:00Z",
"severity": "HIGH"
},
"details": "An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the \u0027hdlr\u0027 FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.",
"id": "GHSA-ghrh-gxww-gqfr",
"modified": "2022-05-24T19:11:10Z",
"published": "2022-05-24T19:11:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21861"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4966"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GMPM-XP43-F7G6
Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-06-24 01:23An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.4.3"
},
"package": {
"ecosystem": "npm",
"name": "hermes-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1913"
],
"database_specific": {
"cwe_ids": [
"CWE-195",
"CWE-681"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-24T01:23:39Z",
"nvd_published_at": "2020-09-09T19:15:00Z",
"severity": "HIGH"
},
"details": "An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.",
"id": "GHSA-gmpm-xp43-f7g6",
"modified": "2022-06-24T01:23:39Z",
"published": "2022-05-24T17:27:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1913"
},
{
"type": "WEB",
"url": "https://github.com/facebook/hermes/commit/2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6"
},
{
"type": "WEB",
"url": "https://www.facebook.com/security/advisories/cve-2020-1913"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Signed to Unsigned Conversion Error in Facebook Hermes"
}
GHSA-H5QR-R3M8-3G2V
Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-49093"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T02:04:34Z",
"severity": "HIGH"
},
"details": "Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability",
"id": "GHSA-h5qr-r3m8-3g2v",
"modified": "2024-12-12T03:33:05Z",
"published": "2024-12-12T03:33:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49093"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49093"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H6JH-7GV5-28VG
Vulnerability from github – Published: 2021-08-25 14:43 – Updated: 2024-11-13 17:20Impact
The implementation of tf.raw_ops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value.
import tensorflow as tf
tf.raw_ops.StringNGrams(
data=['',''],
data_splits=[0,2],
separator=' '*100,
ngram_widths=[-80,0,0,-60],
left_pad=' ',
right_pad=' ',
pad_width=100,
preserve_short_sequences=False)
The implementation calls reserve on a tstring with a value that sometimes can be negative if user supplies negative ngram_widths. The reserve method calls TF_TString_Reserve which has an unsigned long argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer.
Patches
We have patched the issue in GitHub commit c283e542a3f422420cfdb332414543b62fc4e4a5.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37646"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-23T19:25:38Z",
"nvd_published_at": "2021-08-12T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value.\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.StringNGrams(\n data=[\u0027\u0027,\u0027\u0027],\n data_splits=[0,2],\n separator=\u0027 \u0027*100,\n ngram_widths=[-80,0,0,-60],\n left_pad=\u0027 \u0027,\n right_pad=\u0027 \u0027,\n pad_width=100,\n preserve_short_sequences=False)\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/string_ngrams_op.cc#L184) calls `reserve` on a `tstring` with a value that sometimes can be negative if user supplies negative `ngram_widths`. The `reserve` method calls `TF_TString_Reserve` which has an `unsigned long` argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer.\n\n### Patches\nWe have patched the issue in GitHub commit [c283e542a3f422420cfdb332414543b62fc4e4a5](https://github.com/tensorflow/tensorflow/commit/c283e542a3f422420cfdb332414543b62fc4e4a5).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-h6jh-7gv5-28vg",
"modified": "2024-11-13T17:20:00Z",
"published": "2021-08-25T14:43:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6jh-7gv5-28vg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37646"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/c283e542a3f422420cfdb332414543b62fc4e4a5"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-559.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-757.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-268.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Bad alloc in `StringNGrams` caused by integer conversion"
}
GHSA-HC92-9H3M-C39J
Vulnerability from github – Published: 2021-08-25 20:55 – Updated: 2021-08-18 21:32An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a u8 to a u64.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "anymap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.12.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-38187"
],
"database_specific": {
"cwe_ids": [
"CWE-681",
"CWE-704"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-18T21:32:29Z",
"nvd_published_at": "2021-08-08T06:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64.",
"id": "GHSA-hc92-9h3m-c39j",
"modified": "2021-08-18T21:32:29Z",
"published": "2021-08-25T20:55:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38187"
},
{
"type": "WEB",
"url": "https://github.com/chris-morgan/anymap/issues/37"
},
{
"type": "PACKAGE",
"url": "https://github.com/chris-morgan/anymap"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0065.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incorrect cast in anymap"
}
GHSA-HVF9-XW27-729C
Vulnerability from github – Published: 2023-06-28 15:30 – Updated: 2023-06-28 15:30A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.
{
"affected": [],
"aliases": [
"CVE-2023-20006"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-28T15:15:09Z",
"severity": "HIGH"
},
"details": "A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.",
"id": "GHSA-hvf9-xw27-729c",
"modified": "2023-06-28T15:30:23Z",
"published": "2023-06-28T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20006"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-uu7mV5p6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JVW4-XFQP-Q5QH
Vulnerability from github – Published: 2022-05-01 23:58 – Updated: 2024-02-08 03:32Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.
{
"affected": [],
"aliases": [
"CVE-2008-3282"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-08-29T18:41:00Z",
"severity": "HIGH"
},
"details": "Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a \"numeric truncation error,\" a different vulnerability than CVE-2008-2152.",
"id": "GHSA-jvw4-xfqp-q5qh",
"modified": "2024-02-08T03:32:44Z",
"published": "2022-05-01T23:58:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3282"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=455867"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458056"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44742"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11345"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00120.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00494.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31640"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31646"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31778"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1020764"
},
{
"type": "WEB",
"url": "http://www.openoffice.org/issues/show_bug.cgi?id=92217"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0835.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/30866"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2449"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Avoid making conversion between numeric types. Always check for the allowed ranges.
No CAPEC attack patterns related to this CWE.