CWE-190
AllowedInteger Overflow or Wraparound
Abstraction: Base · Status: Stable
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
3867 vulnerabilities reference this CWE, most recent first.
GHSA-MV4Q-V62J-C98M
Vulnerability from github – Published: 2022-05-14 01:11 – Updated: 2022-05-14 01:11An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694.
{
"affected": [],
"aliases": [
"CVE-2019-0682"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-09T00:29:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka \u0027Windows Subsystem for Linux Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694.",
"id": "GHSA-mv4q-v62j-c98m",
"modified": "2022-05-14T01:11:26Z",
"published": "2022-05-14T01:11:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0682"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0682"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MV68-VMR3-PXQ2
Vulnerability from github – Published: 2022-05-14 03:12 – Updated: 2022-05-14 03:12The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
{
"affected": [],
"aliases": [
"CVE-2018-13673"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-09T06:29:00Z",
"severity": "HIGH"
},
"details": "The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",
"id": "GHSA-mv68-vmr3-pxq2",
"modified": "2022-05-14T03:12:36Z",
"published": "2022-05-14T03:12:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13673"
},
{
"type": "WEB",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"type": "WEB",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GoldTokenERC20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MV8Q-H58C-FRJF
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2017-12081"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-24T19:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.",
"id": "GHSA-mv8q-h58c-frjf",
"modified": "2022-05-13T01:01:42Z",
"published": "2022-05-13T01:01:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12081"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4248"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW2M-V92W-Q9WW
Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-07-15 15:32In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Fix integer overflow in UNMAP bounds check
sbc_execute_unmap() checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow.
Add an overflow check matching the pattern already used for WRITE_SAME in the same file.
{
"affected": [],
"aliases": [
"CVE-2026-53021"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T17:17:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Fix integer overflow in UNMAP bounds check\n\nsbc_execute_unmap() checks LBA + range does not exceed the device capacity,\nbut does not guard against LBA + range wrapping around on 64-bit overflow.\n\nAdd an overflow check matching the pattern already used for WRITE_SAME in\nthe same file.",
"id": "GHSA-mw2m-v92w-q9ww",
"modified": "2026-07-15T15:32:44Z",
"published": "2026-06-24T18:32:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53021"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/02115986d027ade793e7f6be87e91d6a796d0aa3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2bf2d65f76697820dbc4227d13866293576dd90a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e1ed9a7b6ea5bfefb5d80a02b1c71c7dee1f0dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3facdecc3fcf115cc4f9b3d8f118d6705e2456a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/51075df70c46e60a9773f2dcd28299e40dac36fb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5efc3ef4758f8d98c257419fa21daca3227de61a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c08ab702c4699c6efb9d60bdb15b73e7a627ee7e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d7aef29573c7c5cdb2dfad939253287a6329c2a4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW6J-HH29-H379
Vulnerability from github – Published: 2022-05-25 19:33 – Updated: 2022-05-25 19:33Impact
The implementation of depthwise ops in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:
import tensorflow as tf
input = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)
filter_sizes = tf.constant(1879048192, shape=[13], dtype=tf.int32)
out_backprop = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)
tf.raw_ops.DepthwiseConv2dNativeBackpropFilter(
input=input, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 1, 1, 1], padding="SAME")
This is another instance of TFSA-2021-198 (CVE-2021-41197).
Patches
We have patched the issue in GitHub commit 3796cc4fcd93ae55812a457abc96dcd55fbb854b.
The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou from Secure Systems Lab at Brown University.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-25T19:33:50Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nThe implementation of depthwise ops in TensorFlow is vulnerable to a denial of service via `CHECK`-failure (assertion failure) caused by overflowing the number of elements in a tensor:\n\n```python\nimport tensorflow as tf\n\ninput = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)\nfilter_sizes = tf.constant(1879048192, shape=[13], dtype=tf.int32)\nout_backprop = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)\ntf.raw_ops.DepthwiseConv2dNativeBackpropFilter(\n input=input, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 1, 1, 1], padding=\"SAME\")\n```\n \nThis is another instance of [TFSA-2021-198](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md) (CVE-2021-41197).\n \n### Patches\nWe have patched the issue in GitHub commit [3796cc4fcd93ae55812a457abc96dcd55fbb854b](https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b).\n\nThe fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou from Secure Systems Lab at Brown University.",
"id": "GHSA-mw6j-hh29-h379",
"modified": "2022-05-25T19:33:50Z",
"published": "2022-05-25T19:33:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "`CHECK` failure in depthwise ops via overflows"
}
GHSA-MW6V-CRH8-8533
Vulnerability from github – Published: 2019-04-30 15:36 – Updated: 2024-10-28 14:24Issue Description
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. The block size in meta file might contain a large int64 value which causes an integer overflow upon addition. Subsequent code using n as index may cause an out-of-bounds read.
Impact
A maliciously crafted meta checkpoint could be used to cause the TensorFlow process to perform an out of bounds read on in process memory.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-7575"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": true,
"github_reviewed_at": "2019-04-30T15:16:08Z",
"nvd_published_at": "2019-04-24T21:29:00Z",
"severity": "CRITICAL"
},
"details": "### Issue Description\nGoogle TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. The block size in meta file might contain a large int64 value which causes an integer overflow upon addition. Subsequent code using n as index may cause an out-of-bounds read.\n\n### Impact\nA maliciously crafted meta checkpoint could be used to cause the TensorFlow process to perform an out of bounds read on in process memory.\n",
"id": "GHSA-mw6v-crh8-8533",
"modified": "2024-10-28T14:24:41Z",
"published": "2019-04-30T15:36:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7575"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/d107fee1e4a9a4462f01564798d345802acc2aef"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-mw6v-crh8-8533"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-223.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-230.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-205.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Integer Overflow or Wraparound in Google TensorFlow"
}
GHSA-MWCF-JV2P-MMPX
Vulnerability from github – Published: 2025-05-19 18:30 – Updated: 2026-03-19 18:31A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
{
"affected": [],
"aliases": [
"CVE-2025-4945"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-19T17:15:29Z",
"severity": "LOW"
},
"details": "A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.",
"id": "GHSA-mwcf-jv2p-mmpx",
"modified": "2026-03-19T18:31:14Z",
"published": "2025-05-19T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4945"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/448"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367175"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-4945"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:22013"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21772"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21666"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21665"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21664"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21657"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21656"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21655"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21032"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:20959"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19720"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19714"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:19713"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MWGQ-3H9H-3Q6G
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Fix coverity issue with unintentional integer overflow
-
Instead of multiplying 2 variable of different types. Change to assign a value of one variable and then multiply the other variable.
-
Add a int variable for multiplier calculation instead of calculating different types multiplier with dma_addr_t variable directly.
{
"affected": [],
"aliases": [
"CVE-2023-52857"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:22Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix coverity issue with unintentional integer overflow\n\n1. Instead of multiplying 2 variable of different types. Change to\nassign a value of one variable and then multiply the other variable.\n\n2. Add a int variable for multiplier calculation instead of calculating\ndifferent types multiplier with dma_addr_t variable directly.",
"id": "GHSA-mwgq-3h9h-3q6g",
"modified": "2025-11-03T21:31:05Z",
"published": "2024-05-21T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52857"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d8a1df39d3fc34560e2cc663b5c340d06a25396"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/96312a251d4dcee5d36e32edba3002bfde0ddd9c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a12bd675100531f9fb4508fd4430dd1632325a0e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWHV-JVVP-CGJP
Vulnerability from github – Published: 2025-10-14 12:31 – Updated: 2025-10-14 15:31In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515.
{
"affected": [],
"aliases": [
"CVE-2025-20710"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T10:15:35Z",
"severity": "HIGH"
},
"details": "In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515.",
"id": "GHSA-mwhv-jvvp-cgjp",
"modified": "2025-10-14T15:31:25Z",
"published": "2025-10-14T12:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20710"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/October-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWJ8-5VFM-5R28
Vulnerability from github – Published: 2022-05-14 03:12 – Updated: 2022-05-14 03:12The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
{
"affected": [],
"aliases": [
"CVE-2018-13687"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-09T06:29:00Z",
"severity": "HIGH"
},
"details": "The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",
"id": "GHSA-mwj8-5vfm-5r28",
"modified": "2022-05-14T03:12:42Z",
"published": "2022-05-14T03:12:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13687"
},
{
"type": "WEB",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"type": "WEB",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/normikaivo"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
- Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Strategy: Input Validation
- Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
- Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
- Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
- Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.