Common Weakness Enumeration

CWE-190

Allowed

Integer Overflow or Wraparound

Abstraction: Base · Status: Stable

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

3869 vulnerabilities reference this CWE, most recent first.

GHSA-JHQ5-5C6H-9XJ2

Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2025-02-18 18:33
VLAI
Details

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-29T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user.",
  "id": "GHSA-jhq5-5c6h-9xj2",
  "modified": "2025-02-18T18:33:01Z",
  "published": "2023-03-29T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28501"
    },
    {
      "type": "WEB",
      "url": "https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHQH-84V8-3CW2

Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27
VLAI
Details

An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-04T09:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.",
  "id": "GHSA-jhqh-84v8-3cw2",
  "modified": "2022-05-17T00:27:13Z",
  "published": "2022-05-17T00:27:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12425"
    },
    {
      "type": "WEB",
      "url": "https://github.com/varnishcache/varnish-cache/issues/2379"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477222"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1051917"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-security-announce/2017/msg00186.html"
    },
    {
      "type": "WEB",
      "url": "https://www.varnish-cache.org/security/VSV00001.html#vsv00001"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHV6-83WH-9VJ5

Vulnerability from github – Published: 2026-06-21 18:32 – Updated: 2026-06-21 18:32
VLAI
Details

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-21T16:16:28Z",
    "severity": "MODERATE"
  },
  "details": "xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.",
  "id": "GHSA-jhv6-83wh-9vj5",
  "modified": "2026-06-21T18:32:21Z",
  "published": "2026-06-21T18:32:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56409"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexpat/libexpat/pull/1259"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHV7-GF64-J752

Vulnerability from github – Published: 2024-11-18 12:30 – Updated: 2025-01-13 12:31
VLAI
Details

Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-18T10:15:06Z",
    "severity": "HIGH"
  },
  "details": "Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.",
  "id": "GHSA-jhv7-gf64-j752",
  "modified": "2025-01-13T12:31:58Z",
  "published": "2024-11-18T12:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42384"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/blog"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42384"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JJ3R-MG29-QJWQ

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2025-04-11 03:38
VLAI
Details

Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-2959"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-09-08T20:00:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.",
  "id": "GHSA-jj3r-mg29-qjwq",
  "modified": "2025-04-11T03:38:48Z",
  "published": "2022-05-13T01:18:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2959"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625699"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5b75c4973ce779520b9d1e392483207d6f842cde"
    },
    {
      "type": "WEB",
      "url": "http://jon.oberheide.org/files/i-can-haz-modharden.c"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41512"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2094"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/20/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/42585"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2430"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JJ47-X69X-MXRM

Vulnerability from github – Published: 2022-04-05 15:55 – Updated: 2022-05-26 18:54
VLAI
Summary
Buffer Overflow in yajl-ruby
Details

NOTE: A previous patch, 1.4.2, fixed the heap memory issue, but could still lead to a DoS infinite loop. Please update to version 1.4.3

The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs.

Details

The reallocation logic at yajl_buf.c#L64 may result in the need 32bit integer wrapping to 0 when need approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk.

These integers are declared as size_t in the 2.x branch of yajl, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which size_t is a 32bit integer.

Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption.

Impact

We rate this as a moderate severity vulnerability which mostly impacts process availability as we believe exploitation for arbitrary code execution to be unlikely.

Patches

Patched in yajl-ruby 1.4.3

Workarounds

Avoid passing large inputs to YAJL

References

https://github.com/brianmario/yajl-ruby/blob/7168bd79b888900aa94523301126f968a93eb3a6/ext/yajl/yajl_buf.c#L64

For more information

If you have any questions or comments about this advisory: * Open an issue in yajl-ruby

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.4.2"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "yajl-ruby"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-190"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-05T15:55:51Z",
    "nvd_published_at": "2022-04-05T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "_NOTE: A previous patch, 1.4.2, fixed the heap memory issue, but could still lead to a DoS infinite loop. Please update to version 1.4.3_\n\nThe 1.x branch and the 2.x branch of [yajl](https://github.com/lloyd/yajl) contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs.\n\n### Details\n\nThe [reallocation logic at yajl_buf.c#L64](https://github.com/brianmario/yajl-ruby/blob/7168bd79b888900aa94523301126f968a93eb3a6/ext/yajl/yajl_buf.c#L64) may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf-\u003ealloc into a small heap chunk.\n\nThese integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer.\n\nSubsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption.\n\n### Impact\n\nWe rate this as a moderate severity vulnerability which mostly impacts process availability as we believe exploitation for arbitrary code execution to be unlikely.\n\n### Patches\n\nPatched in yajl-ruby 1.4.3\n\n### Workarounds\n\nAvoid passing large inputs to YAJL\n\n### References\nhttps://github.com/brianmario/yajl-ruby/blob/7168bd79b888900aa94523301126f968a93eb3a6/ext/yajl/yajl_buf.c#L64\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [yajl-ruby](https://github.com/brianmario/yajl-ruby/issues)\n",
  "id": "GHSA-jj47-x69x-mxrm",
  "modified": "2022-05-26T18:54:24Z",
  "published": "2022-04-05T15:55:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24795"
    },
    {
      "type": "WEB",
      "url": "https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/brianmario/yajl-ruby"
    },
    {
      "type": "WEB",
      "url": "https://github.com/brianmario/yajl-ruby/blob/7168bd79b888900aa94523301126f968a93eb3a6/ext/yajl/yajl_buf.c#L64"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yajl-ruby/CVE-2022-24795.yml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Buffer Overflow in yajl-ruby"
}

GHSA-JJ6F-649Q-27MH

Vulnerability from github – Published: 2025-02-27 03:34 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix possible int overflows in nilfs_fiemap()

Since nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result by being prepared to go through potentially maxblocks == INT_MAX blocks, the value in n may experience an overflow caused by left shift of blkbits.

While it is extremely unlikely to occur, play it safe and cast right hand expression to wider type to mitigate the issue.

Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T03:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
  "id": "GHSA-jj6f-649q-27mh",
  "modified": "2025-11-03T21:32:59Z",
  "published": "2025-02-27T03:34:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21736"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/250423300b4b0335918be187ef3cade248c06e6a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58b1c6881081f5ddfb9a14dc241a74732c0f855c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6438ef381c183444f7f9d1de18f22661cba1e946"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7649937987fed51ed09985da4019d50189fc534e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f41df5fd4c11d26e929a85f7239799641f92da7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9495a9109abc31d3170f7aad7d48aa64610a1a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2bd0f1ab47822fe5bd699c8458b896c4b2edea1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3d80f34f58445355fa27b9579a449fb186aa64e"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JJ88-6656-W759

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2024-07-03 18:32
VLAI
Details

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41345"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-13T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489.",
  "id": "GHSA-jj88-6656-w759",
  "modified": "2024-07-03T18:32:33Z",
  "published": "2022-05-24T19:17:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41345"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41345"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JJF8-5854-RGJH

Vulnerability from github – Published: 2025-10-31 15:30 – Updated: 2025-10-31 15:30
VLAI
Details

Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects  are urged to update and recompile immediately.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-31T15:15:41Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects\u00a0 are urged to update and recompile immediately.",
  "id": "GHSA-jjf8-5854-rgjh",
  "modified": "2025-10-31T15:30:31Z",
  "published": "2025-10-31T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12501"
    },
    {
      "type": "WEB",
      "url": "https://blogs.opera.com/security/2025/10/gamemaker-security-update-cve-2025-12501"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JJGP-JXFQ-2W96

Vulnerability from github – Published: 2022-05-14 03:30 – Updated: 2022-05-14 03:30
VLAI
Details

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-23T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.",
  "id": "GHSA-jjgp-jxfq-2w96",
  "modified": "2022-05-14T03:30:39Z",
  "published": "2022-05-14T03:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15325"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Requirements

Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Implementation

Strategy: Input Validation

  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
Implementation
  • Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation MIT-26
Implementation

Strategy: Compilation or Build Hardening

Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.