Common Weakness Enumeration

CWE-682

Discouraged

Incorrect Calculation

Abstraction: Pillar · Status: Draft

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

159 vulnerabilities reference this CWE, most recent first.

GHSA-Q9HV-HPM4-HJ6X

Vulnerability from github – Published: 2026-02-25 19:17 – Updated: 2026-02-25 19:17
VLAI
Summary
CIRCL has an incorrect calculation in secp384r1 CombinedMult
Details

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected.

The bug was fixed in v1.6.3.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cloudflare/circl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-1229"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-25T19:17:50Z",
    "nvd_published_at": "2026-02-24T08:16:28Z",
    "severity": "LOW"
  },
  "details": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in **[v1.6.3](https://github.com/cloudflare/circl/releases/tag/v1.6.3)**.",
  "id": "GHSA-q9hv-hpm4-hj6x",
  "modified": "2026-02-25T19:17:50Z",
  "published": "2026-02-25T19:17:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/circl/pull/583"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/circl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/circl/releases/tag/v1.6.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber",
      "type": "CVSS_V4"
    }
  ],
  "summary": "CIRCL has an incorrect calculation in secp384r1 CombinedMult"
}

GHSA-QG3G-2MGH-33J8

Vulnerability from github – Published: 2018-09-10 15:19 – Updated: 2021-09-16 19:58
VLAI
Summary
Sensitive Data Exposure in msrcrypto
Details

Versions of msrcrypto prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography (ECC) implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is no published proof-of-concept for this vulnerability.

Recommendation

Upgrade to version 1.4.1 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "msrcrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-8319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:51:47Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Versions of `msrcrypto` prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package\u0027s Elliptic Curve Cryptography (ECC) implementation may leak information about a server\u0027s private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is no published proof-of-concept for this vulnerability.\n\n\n## Recommendation\n\nUpgrade to version 1.4.1 or later.",
  "id": "GHSA-qg3g-2mgh-33j8",
  "modified": "2021-09-16T19:58:01Z",
  "published": "2018-09-10T15:19:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8319"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-qg3g-2mgh-33j8"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1112"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104655"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sensitive Data Exposure in msrcrypto"
}

GHSA-QHJ8-Q5R6-8Q6J

Vulnerability from github – Published: 2025-09-11 21:23 – Updated: 2025-09-11 21:23
VLAI
Summary
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
Details

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalized_power_level() method can cause a panic if a room member has a power level of Int::Min.

Patches

The issue is fixed in matrix-sdk-base 0.14.1.

Workarounds

The affected method isn’t used internally, so avoiding calling RoomMember::normalized_power_level() prevents the panic.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "matrix-sdk-base"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-11T21:23:55Z",
    "nvd_published_at": "2025-09-11T18:15:35Z",
    "severity": "LOW"
  },
  "details": "In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`.\n\n### Patches\nThe issue is fixed in matrix-sdk-base 0.14.1.\n\n### Workarounds\nThe affected method isn\u2019t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.",
  "id": "GHSA-qhj8-q5r6-8q6j",
  "modified": "2025-09-11T21:23:55Z",
  "published": "2025-09-11T21:23:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59047"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/matrix-rust-sdk/pull/5635"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/matrix-org/matrix-rust-sdk"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0065.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method"
}

GHSA-QJ3V-Q2VJ-4C8H

Vulnerability from github – Published: 2021-08-25 20:55 – Updated: 2021-08-18 21:27
VLAI
Summary
Calculation error in ark-r1cs-std
Details

An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "ark-r1cs-std"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.2.0"
            },
            {
              "fixed": "0.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-38194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-18T21:27:27Z",
    "nvd_published_at": "2021-08-08T06:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.",
  "id": "GHSA-qj3v-q2vj-4c8h",
  "modified": "2021-08-18T21:27:27Z",
  "published": "2021-08-25T20:55:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/arkworks-rs/r1cs-std/pull/70"
    },
    {
      "type": "WEB",
      "url": "https://github.com/arkworks-rs/r1cs-std/commit/47ddbaa411afe7c499311a248a38135e5a192b67"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/arkworks-rs/r1cs-std"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ark-r1cs-std/RUSTSEC-2021-0075.md"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0075.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Calculation error in ark-r1cs-std"
}

GHSA-RQ6Q-MVJ3-3H4X

Vulnerability from github – Published: 2023-08-08 15:33 – Updated: 2024-04-04 06:39
VLAI
Details

A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T15:15:10Z",
    "severity": "HIGH"
  },
  "details": "\nA vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.\n\n",
  "id": "GHSA-rq6q-mvj3-3h4x",
  "modified": "2024-04-04T06:39:53Z",
  "published": "2023-08-08T15:33:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2423"
    },
    {
      "type": "WEB",
      "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RRXH-8G9J-52X9

Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:01
VLAI
Details

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26517"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-05T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
  "id": "GHSA-rrxh-8g9j-52x9",
  "modified": "2022-05-14T00:01:38Z",
  "published": "2022-05-06T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26517"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K54082580"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RWVC-J5JR-MGVH

Vulnerability from github – Published: 2025-11-07 03:30 – Updated: 2025-12-02 01:27
VLAI
Summary
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files
Details

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "ai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.0.52"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "ai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.1.0-beta.0"
            },
            {
              "fixed": "5.1.0-beta.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48985"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-07T17:39:01Z",
    "nvd_published_at": "2025-11-07T01:15:36Z",
    "severity": "LOW"
  },
  "details": "A vulnerability in Vercel\u2019s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.",
  "id": "GHSA-rwvc-j5jr-mgvh",
  "modified": "2025-12-02T01:27:15Z",
  "published": "2025-11-07T03:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48985"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vercel/ai/issues/8881"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vercel/ai"
    },
    {
      "type": "WEB",
      "url": "https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Vercel\u2019s AI SDK\u0027s filetype whitelists can be bypassed when uploading files"
}

GHSA-V57H-6HMH-G2P4

Vulnerability from github – Published: 2022-09-23 22:07 – Updated: 2024-10-24 21:55
VLAI
Summary
Weight not properly refunded after EVM execution
Details

Impact

Previously, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as a result inflate up the chain gas prices. This issue is fixed by properly refund unused weights after each EVM execution.

The impact of this issue is limited in that the spamming attack would still be costly for any adversary, and it has no ability to alter any chain state.

Patches

The issue is fixed in https://github.com/paritytech/frontier/pull/851

Workarounds

None.

References

Are there any links users can visit to find out more?

For more information

If you have any questions or comments about this advisory: * Open an issue in Frontier repo * Email Wei

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "pallet-ethereum"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-23T22:07:10Z",
    "nvd_published_at": "2022-09-24T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nPreviously, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as a result inflate up the chain gas prices. This issue is fixed by properly refund unused weights after each EVM execution.\n\nThe impact of this issue is limited in that the spamming attack would still be costly for any adversary, and it has no ability to alter any chain state. \n\n### Patches\n\nThe issue is fixed in https://github.com/paritytech/frontier/pull/851\n\n### Workarounds\n\nNone.\n\n### References\n_Are there any links users can visit to find out more?_\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Frontier repo](https://github.com/paritytech/frontier/issues)\n* Email [Wei](mailto:wei@that.world)\n",
  "id": "GHSA-v57h-6hmh-g2p4",
  "modified": "2024-10-24T21:55:59Z",
  "published": "2022-09-23T22:07:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/paritytech/frontier/security/advisories/GHSA-v57h-6hmh-g2p4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39242"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paritytech/frontier/pull/851"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/paritytech/frontier"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Weight not properly refunded after EVM execution"
}

GHSA-V592-XF75-856P

Vulnerability from github – Published: 2021-06-29 21:12 – Updated: 2025-01-30 14:39
VLAI
Summary
Erroneous Proof of Work calculation in geth
Details

Impact

An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected.

Patches

This issue is also fixed as of 1.9.24. Thanks to @slavikus for bringing the issue to our attention and writing the fix.

Workarounds

This PR implements a patch: https://github.com/ethereum/go-ethereum/pull/21793

References

https://blog.ethereum.org/2020/11/12/geth_security_release/

For more information

If you have any questions or comments about this advisory: * Open an issue in go-ethereum * Email us at security@ethereum.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ethereum/go-ethereum"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26240"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T21:52:58Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nAn ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected.\n\n### Patches\nThis issue is also fixed as of 1.9.24. Thanks to @slavikus for bringing the issue to our attention and writing the fix. \n\n### Workarounds\nThis PR implements a patch: https://github.com/ethereum/go-ethereum/pull/21793 \n\n### References\nhttps://blog.ethereum.org/2020/11/12/geth_security_release/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [go-ethereum](https://github.com/ethereum/go-ethereum)\n* Email us at [security@ethereum.org](mailto:security@ethereum.org)",
  "id": "GHSA-v592-xf75-856p",
  "modified": "2025-01-30T14:39:18Z",
  "published": "2021-06-29T21:12:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26240"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ethereum/go-ethereum/pull/21793"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
    },
    {
      "type": "WEB",
      "url": "https://blog.ethereum.org/2020/11/12/geth_security_release"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ethereum/go-ethereum"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Erroneous Proof of Work calculation in geth"
}

GHSA-VR7G-PRHX-JMVM

Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40
VLAI
Details

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0679"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-682"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-06T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978.",
  "id": "GHSA-vr7g-prhx-jmvm",
  "modified": "2022-05-13T01:40:27Z",
  "published": "2022-05-13T01:40:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0679"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-07-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99478"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.

Mitigation MIT-8
Implementation

Strategy: Input Validation

Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.

Mitigation
Implementation

Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.

Mitigation
Architecture and Design

Strategy: Language Selection

  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation MIT-26
Implementation

Strategy: Compilation or Build Hardening

Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

CAPEC-128: Integer Attacks

An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.

CAPEC-129: Pointer Manipulation

This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.