Common Weakness Enumeration

CWE-191

Allowed

Integer Underflow (Wrap or Wraparound)

Abstraction: Base · Status: Draft

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

640 vulnerabilities reference this CWE, most recent first.

GHSA-VGM9-QPVF-CP5W

Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-23 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (lm95234) Fix underflows seen when writing limit attributes

DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T08:15:04Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (lm95234) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
  "id": "GHSA-vgm9-qpvf-cp5w",
  "modified": "2024-09-23T18:30:34Z",
  "published": "2024-09-18T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46758"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8c0c6198"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VH32-2CMQ-5XPC

Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-23 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T08:15:04Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775-core) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
  "id": "GHSA-vh32-2cmq-5xpc",
  "modified": "2024-09-23T18:30:34Z",
  "published": "2024-09-18T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46757"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJWH-4XJH-5595

Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27
VLAI
Details

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-2316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-02-22T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.",
  "id": "GHSA-vjwh-4xjh-5595",
  "modified": "2022-05-17T00:27:42Z",
  "published": "2022-05-17T00:27:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2316"
    },
    {
      "type": "WEB",
      "url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3700"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/82651"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034930"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VM9W-MQXM-485Q

Vulnerability from github – Published: 2026-06-01 21:30 – Updated: 2026-06-02 15:32
VLAI
Details

FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-37231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T19:16:33Z",
    "severity": "HIGH"
  },
  "details": "FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.",
  "id": "GHSA-vm9w-mqxm-485q",
  "modified": "2026-06-02T15:32:01Z",
  "published": "2026-06-01T21:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37231"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37231.md"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VMR3-XRH5-2R29

Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32
VLAI
Details

Information disclosure while parsing sub-IE length during new IE generation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-01T15:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure while parsing sub-IE length during new IE generation.",
  "id": "GHSA-vmr3-xrh5-2r29",
  "modified": "2024-07-01T15:32:44Z",
  "published": "2024-07-01T15:32:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21466"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VP3J-RHGW-HR9F

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04
VLAI
Details

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-6424"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-18T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.",
  "id": "GHSA-vp3j-rhgw-hr9f",
  "modified": "2022-05-13T01:04:23Z",
  "published": "2022-05-13T01:04:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6424"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2013:1868"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2013-6424"
    },
    {
      "type": "WEB",
      "url": "https://bugs.freedesktop.org/show_bug.cgi?id=67484"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1037984"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-64"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201710-30"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.x.org/archives/xorg-devel/2013-October/037996.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1868.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2013/dsa-2822"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/12/03/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/12/04/8"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2500-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VQ3C-WGC6-RVMQ

Vulnerability from github – Published: 2026-07-14 00:31 – Updated: 2026-07-14 18:31
VLAI
Details

OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-51540"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-13T22:16:47Z",
    "severity": "CRITICAL"
  },
  "details": "OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData).",
  "id": "GHSA-vq3c-wgc6-rvmq",
  "modified": "2026-07-14T18:31:51Z",
  "published": "2026-07-14T00:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-51540"
    },
    {
      "type": "WEB",
      "url": "https://github.com/EIPStackGroup/OpENer/issues/568"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/MrAlaskan/5e0c2af7f4a1d188814c7fa8f812c8da"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VQGR-F24J-7RXX

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25
VLAI
Details

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-9087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-12-01T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.",
  "id": "GHSA-vqgr-f24j-7rxx",
  "modified": "2022-05-13T01:25:22Z",
  "published": "2022-05-13T01:25:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9087"
    },
    {
      "type": "WEB",
      "url": "https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2014-0498.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60073"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60189"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60233"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-3078"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:234"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:151"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/71285"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2427-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VVVV-2V7H-W64M

Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30
VLAI
Details

Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-61826"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T18:15:42Z",
    "severity": "HIGH"
  },
  "details": "Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-vvvv-2v7h-w64m",
  "modified": "2025-11-11T18:30:22Z",
  "published": "2025-11-11T18:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61826"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-111.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWHR-CXJH-7VPW

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25849"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-10T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.",
  "id": "GHSA-vwhr-cxjh-7vpw",
  "modified": "2022-05-24T19:01:56Z",
  "published": "2022-05-24T19:01:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25849"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.