CWE-682
DiscouragedIncorrect Calculation
Abstraction: Pillar · Status: Draft
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
159 vulnerabilities reference this CWE, most recent first.
CVE-2020-26262 (GCVE-0-2020-26262)
Vulnerability from cvelistv5 – Published: 2021-01-13 18:15 – Updated: 2024-08-04 15:56| URL | Tags |
|---|---|
| https://github.com/coturn/coturn/security/advisor… | x_refsource_CONFIRM |
| https://github.com/coturn/coturn/commit/abfe1fd08… | x_refsource_MISC |
| https://github.com/coturn/coturn/blob/57180ab60af… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48"
},
{
"name": "FEDORA-2021-dee141fc61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/"
},
{
"name": "FEDORA-2021-32d0068851",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coturn",
"vendor": "coturn",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T02:06:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48"
},
{
"name": "FEDORA-2021-dee141fc61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/"
},
{
"name": "FEDORA-2021-32d0068851",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/"
}
],
"source": {
"advisory": "GHSA-6g6j-r9rf-cm7p",
"discovery": "UNKNOWN"
},
"title": "Loopback bypass in Coturn",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26262",
"STATE": "PUBLIC",
"TITLE": "Loopback bypass in Coturn"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coturn",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5.2"
}
]
}
}
]
},
"vendor_name": "coturn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-682 Incorrect Calculation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p",
"refsource": "CONFIRM",
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
},
{
"name": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d",
"refsource": "MISC",
"url": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d"
},
{
"name": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48",
"refsource": "MISC",
"url": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48"
},
{
"name": "FEDORA-2021-dee141fc61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/"
},
{
"name": "FEDORA-2021-32d0068851",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/"
}
]
},
"source": {
"advisory": "GHSA-6g6j-r9rf-cm7p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26262",
"datePublished": "2021-01-13T18:15:17.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:03.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26241 (GCVE-0-2020-26241)
Vulnerability from cvelistv5 – Published: 2020-11-25 01:25 – Updated: 2024-08-04 15:56- CWE-682 - Incorrect Calculation
| URL | Tags |
|---|---|
| https://blog.ethereum.org/2020/11/12/geth_securit… | x_refsource_MISC |
| https://github.com/ethereum/go-ethereum/security/… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| ethereum | go-ethereum |
Affected:
>= 1.9.7, < 1.9.17
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "go-ethereum",
"vendor": "ethereum",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.9.7, \u003c 1.9.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth\u0027s pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682: Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T01:25:20.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf"
}
],
"source": {
"advisory": "GHSA-69v6-xc2j-r2jf",
"discovery": "UNKNOWN"
},
"title": "Shallow copy bug in geth",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26241",
"STATE": "PUBLIC",
"TITLE": "Shallow copy bug in geth"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "go-ethereum",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.9.7, \u003c 1.9.17"
}
]
}
}
]
},
"vendor_name": "ethereum"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth\u0027s pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-682: Incorrect Calculation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.ethereum.org/2020/11/12/geth_security_release/",
"refsource": "MISC",
"url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
},
{
"name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf",
"refsource": "CONFIRM",
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf"
}
]
},
"source": {
"advisory": "GHSA-69v6-xc2j-r2jf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26241",
"datePublished": "2020-11-25T01:25:20.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:03.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26240 (GCVE-0-2020-26240)
Vulnerability from cvelistv5 – Published: 2020-11-25 01:25 – Updated: 2024-08-04 15:56- CWE-682 - Incorrect Calculation
| URL | Tags |
|---|---|
| https://blog.ethereum.org/2020/11/12/geth_securit… | x_refsource_MISC |
| https://github.com/ethereum/go-ethereum/security/… | x_refsource_CONFIRM |
| https://github.com/ethereum/go-ethereum/pull/21793 | x_refsource_MISC |
| https://github.com/ethereum/go-ethereum/commit/d9… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ethereum | go-ethereum |
Affected:
< 1.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ethereum/go-ethereum/pull/21793"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "go-ethereum",
"vendor": "ethereum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682: Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T01:25:27.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ethereum/go-ethereum/pull/21793"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
}
],
"source": {
"advisory": "GHSA-v592-xf75-856p",
"discovery": "UNKNOWN"
},
"title": "Erroneous Proof of Work calculation in geth",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26240",
"STATE": "PUBLIC",
"TITLE": "Erroneous Proof of Work calculation in geth"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "go-ethereum",
"version": {
"version_data": [
{
"version_value": "\u003c 1.9.24"
}
]
}
}
]
},
"vendor_name": "ethereum"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-682: Incorrect Calculation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.ethereum.org/2020/11/12/geth_security_release/",
"refsource": "MISC",
"url": "https://blog.ethereum.org/2020/11/12/geth_security_release/"
},
{
"name": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p",
"refsource": "CONFIRM",
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
},
{
"name": "https://github.com/ethereum/go-ethereum/pull/21793",
"refsource": "MISC",
"url": "https://github.com/ethereum/go-ethereum/pull/21793"
},
{
"name": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0",
"refsource": "MISC",
"url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
}
]
},
"source": {
"advisory": "GHSA-v592-xf75-856p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26240",
"datePublished": "2020-11-25T01:25:27.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:04.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-25HF-X7C8-5F3H
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:40A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
{
"affected": [],
"aliases": [
"CVE-2017-8932"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-06T16:29:00Z",
"severity": "MODERATE"
},
"details": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.",
"id": "GHSA-25hf-x7c8-5f3h",
"modified": "2025-04-20T03:40:20Z",
"published": "2022-05-13T01:47:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8932"
},
{
"type": "WEB",
"url": "https://github.com/golang/go/issues/20040"
},
{
"type": "WEB",
"url": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1859"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191"
},
{
"type": "WEB",
"url": "https://go-review.googlesource.com/c/41070"
},
{
"type": "WEB",
"url": "https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-27CX-9PGR-3GXW
Vulnerability from github – Published: 2022-05-17 02:45 – Updated: 2022-05-17 02:45All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges.
{
"affected": [],
"aliases": [
"CVE-2017-0342"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-09T21:29:00Z",
"severity": "HIGH"
},
"details": "All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges.",
"id": "GHSA-27cx-9pgr-3gxw",
"modified": "2022-05-17T02:45:14Z",
"published": "2022-05-17T02:45:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0342"
},
{
"type": "WEB",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-27WJ-6VJV-96MM
Vulnerability from github – Published: 2022-05-17 02:24 – Updated: 2022-05-17 02:24Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.
{
"affected": [],
"aliases": [
"CVE-2016-9377"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-22T16:59:00Z",
"severity": "MODERATE"
},
"details": "Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.",
"id": "GHSA-27wj-6vjv-96mm",
"modified": "2022-05-17T02:24:17Z",
"published": "2022-05-17T02:24:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9377"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201612-56"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94475"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037345"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-196.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2GQG-96R8-5H58
Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2024-23981"
],
"database_specific": {
"cwe_ids": [
"CWE-128",
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T14:15:20Z",
"severity": "CRITICAL"
},
"details": "Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-2gqg-96r8-5h58",
"modified": "2024-08-14T15:31:15Z",
"published": "2024-08-14T15:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23981"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2M3F-FQ78-CF9H
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2024-06-06 21:30ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
{
"affected": [],
"aliases": [
"CVE-2019-16346"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-16T13:15:00Z",
"severity": "MODERATE"
},
"details": "ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.",
"id": "GHSA-2m3f-fq78-cf9h",
"modified": "2024-06-06T21:30:34Z",
"published": "2022-05-24T22:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16346"
},
{
"type": "WEB",
"url": "https://github.com/miniupnp/ngiflib/issues/11"
},
{
"type": "WEB",
"url": "https://github.com/miniupnp/ngiflib/commit/37d939a6f511d16d4c95678025c235fe62e6417a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2P94-8669-XG86
Vulnerability from github – Published: 2025-02-21 22:43 – Updated: 2025-04-09 20:11Vyper's sqrt() builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results.
the fix is tracked in https://github.com/vyperlang/vyper/pull/4486
Vulnerability Details
Vyper injects the following code to handle calculation of decimal sqrt. x is the input provided by user.
assert x >= 0.0
z: decimal = 0.0
if x == 0.0:
z = 0.0
else:
z = x / 2.0 + 0.5
y: decimal = x
for i: uint256 in range(256):
if z == y:
break
y = z
z = (x / z + z) / 2.0
Notably, the terminal condition of the algorithm is either z_cur == z_prev, or the algorithm runs for 256 rounds.
However, for certain inputs, z might actually oscillate between N and N + epsilon, where N ** 2 <= x < (N + epsilon) ** 2. This means that the current behavior does not define whether it will round up or down to the nearest epsilon.
The example snippet here returns 0.9999999999, the rounded up result for sqrt(0.9999999998). This is due to the oscillation ending in N + epsilon instead of N.
@external
def test():
d: decimal = 0.9999999998
r: decimal = sqrt(d) #this will be 0.9999999999
Note that sqrt() diverges from isqrt() here -- isqrt() consistently rounds down, so it is not subject to the same issue.
Impact Details
Since sqrt() can be used for determining boundary conditions, rounding down is preferred. However, since sqrt() is used very rarely in the wild, this advisory has been assigned an impact of low.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.4.0"
},
"package": {
"ecosystem": "PyPI",
"name": "vyper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-26622"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-21T22:43:30Z",
"nvd_published_at": "2025-02-21T22:15:13Z",
"severity": "LOW"
},
"details": "Vyper\u0027s `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results.\n\nthe fix is tracked in https://github.com/vyperlang/vyper/pull/4486\n\n### Vulnerability Details\n\nVyper injects the following code to handle calculation of decimal sqrt. x is the input provided by user.\n```python\nassert x \u003e= 0.0\nz: decimal = 0.0\n\nif x == 0.0:\n z = 0.0\nelse:\n z = x / 2.0 + 0.5\n y: decimal = x\n\n for i: uint256 in range(256):\n if z == y:\n break\n y = z\n z = (x / z + z) / 2.0\n```\nNotably, the terminal condition of the algorithm is either `z_cur == z_prev`, or the algorithm runs for 256 rounds.\n\nHowever, for certain inputs, `z` might actually oscillate between `N` and `N + epsilon`, where `N ** 2 \u003c= x \u003c (N + epsilon) ** 2`. This means that the current behavior does not define whether it will round up or down to the nearest epsilon.\n\nThe example snippet here returns 0.9999999999, the rounded up result for sqrt(0.9999999998). This is due to the oscillation ending in N + epsilon instead of N.\n```vyper\n@external\ndef test():\n d: decimal = 0.9999999998\n r: decimal = sqrt(d) #this will be 0.9999999999\n```\n\nNote that `sqrt()` diverges from `isqrt()` here -- `isqrt()` consistently rounds down, so it is not subject to the same issue.\n\n### Impact Details\n\nSince `sqrt()` can be used for determining boundary conditions, rounding down is preferred. However, since `sqrt()` is used very rarely in the wild, this advisory has been assigned an impact of `low`.",
"id": "GHSA-2p94-8669-xg86",
"modified": "2025-04-09T20:11:26Z",
"published": "2025-02-21T22:43:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-2p94-8669-xg86"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26622"
},
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/pull/4486"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2025-29.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vyperlang/vyper"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Vyper\u0027s sqrt doesn\u0027t define rounding behavior"
}
GHSA-2PWF-3X8M-5X9Q
Vulnerability from github – Published: 2026-05-21 09:32 – Updated: 2026-05-21 09:32Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths.
{
"affected": [],
"aliases": [
"CVE-2026-44074"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-21T09:16:29Z",
"severity": "LOW"
},
"details": "Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths.",
"id": "GHSA-2pwf-3x8m-5x9q",
"modified": "2026-05-21T09:32:12Z",
"published": "2026-05-21T09:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44074"
},
{
"type": "WEB",
"url": "https://netatalk.io/security/CVE-2026-44074"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
Mitigation MIT-8
Strategy: Input Validation
Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Mitigation
Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
Mitigation
Strategy: Language Selection
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation
Strategy: Libraries or Frameworks
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-128: Integer Attacks
An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.