CWE-190
AllowedInteger Overflow or Wraparound
Abstraction: Base · Status: Stable
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
3867 vulnerabilities reference this CWE, most recent first.
GHSA-P5PJ-G9WC-C3V2
Vulnerability from github – Published: 2025-12-12 21:31 – Updated: 2025-12-17 21:30An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to gain root privileges.
{
"affected": [],
"aliases": [
"CVE-2025-46285"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-12T21:15:57Z",
"severity": "HIGH"
},
"details": "An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to gain root privileges.",
"id": "GHSA-p5pj-g9wc-c3v2",
"modified": "2025-12-17T21:30:44Z",
"published": "2025-12-12T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46285"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125884"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125885"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125886"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125887"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125888"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125889"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125890"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125891"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P644-42G7-JQ85
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2017-12179"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-391"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-24T15:29:00Z",
"severity": "CRITICAL"
},
"details": "xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",
"id": "GHSA-p644-42g7-jq85",
"modified": "2022-05-13T01:38:13Z",
"published": "2022-05-13T01:38:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12179"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509220"
},
{
"type": "WEB",
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=d088e3c1286b548a58e62afdc70bb40981cdb9e8"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-05"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P6Q3-C5P7-24J9
Vulnerability from github – Published: 2022-05-14 03:12 – Updated: 2022-05-14 03:12A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.
{
"affected": [],
"aliases": [
"CVE-2018-10751"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-29T20:29:00Z",
"severity": "MODERATE"
},
"details": "A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.",
"id": "GHSA-p6q3-c5p7-24j9",
"modified": "2022-05-14T03:12:36Z",
"published": "2022-05-14T03:12:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10751"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44724"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P737-3P9F-C6FR
Vulnerability from github – Published: 2022-05-14 03:13 – Updated: 2022-05-14 03:13The mintToken function of a smart contract implementation for LandCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
{
"affected": [],
"aliases": [
"CVE-2018-13765"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-09T06:29:00Z",
"severity": "HIGH"
},
"details": "The mintToken function of a smart contract implementation for LandCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",
"id": "GHSA-p737-3p9f-c6fr",
"modified": "2022-05-14T03:13:48Z",
"published": "2022-05-14T03:13:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13765"
},
{
"type": "WEB",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"type": "WEB",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LandCoin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P795-3XJQ-48VX
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-06-29 00:00Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
{
"affected": [],
"aliases": [
"CVE-2020-28020"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-06T13:15:00Z",
"severity": "CRITICAL"
},
"details": "Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.",
"id": "GHSA-p795-3xjq-48vx",
"modified": "2022-06-29T00:00:32Z",
"published": "2022-05-24T19:01:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28020"
},
{
"type": "WEB",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/07/25/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/08/03/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P79C-WVWJ-46G3
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-1949"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-20T07:15:00Z",
"severity": "HIGH"
},
"details": "Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-p79c-wvwj-46g3",
"modified": "2022-05-24T19:18:24Z",
"published": "2022-05-24T19:18:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1949"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P7F3-29HP-23C8
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.
{
"affected": [],
"aliases": [
"CVE-2011-1121"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-03-01T23:00:00Z",
"severity": "HIGH"
},
"details": "Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.",
"id": "GHSA-p7f3-29hp-23c8",
"modified": "2022-05-13T01:25:54Z",
"published": "2022-05-13T01:25:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1121"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65739"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14685"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=71855"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4808"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4981"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4999"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46614"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P7H7-FF68-WGX2
Vulnerability from github – Published: 2022-05-14 01:08 – Updated: 2022-05-14 01:08Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
{
"affected": [],
"aliases": [
"CVE-2014-0143"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-10T15:29:00Z",
"severity": "HIGH"
},
"details": "Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.",
"id": "GHSA-p7h7-ff68-wgx2",
"modified": "2022-05-14T01:08:33Z",
"published": "2022-05-14T01:08:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0143"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0420"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0421"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0434"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0435"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0674"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2014-0143"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079140"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=509a41bab5306181044b5fff02eadf96d9c8676a"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=afbcc40bee4ef51731102d7d4b499ee12fc182e1"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cab60de930684c33f67d4e32c7509b567f8c445b"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=db8a31d11d6a60f48d6817530640d75aa72a9a2f"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e3737b820b45e54b059656dc3f914f895ac7a88b"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=509a41bab5306181044b5fff02eadf96d9c8676a"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=afbcc40bee4ef51731102d7d4b499ee12fc182e1"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=cab60de930684c33f67d4e32c7509b567f8c445b"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=db8a31d11d6a60f48d6817530640d75aa72a9a2f"
},
{
"type": "WEB",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=e3737b820b45e54b059656dc3f914f895ac7a88b"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-3044"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P7P2-VF3X-M7FP
Vulnerability from github – Published: 2024-05-07 09:30 – Updated: 2024-05-07 09:30in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.
{
"affected": [],
"aliases": [
"CVE-2024-3757"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-07T07:15:49Z",
"severity": "LOW"
},
"details": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.",
"id": "GHSA-p7p2-vf3x-m7fp",
"modified": "2024-05-07T09:30:32Z",
"published": "2024-05-07T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3757"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P7PF-7FVV-CV2Q
Vulnerability from github – Published: 2022-05-14 03:43 – Updated: 2022-05-14 03:43Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.
{
"affected": [],
"aliases": [
"CVE-2017-12470"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-07T17:29:00Z",
"severity": "CRITICAL"
},
"details": "Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.",
"id": "GHSA-p7pf-7fvv-cv2q",
"modified": "2022-05-14T03:43:18Z",
"published": "2022-05-14T03:43:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12470"
},
{
"type": "WEB",
"url": "https://github.com/cn-uofbasel/ccn-lite/issues/136"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
- Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Strategy: Input Validation
- Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
- Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
- Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
- Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.