CWE-196
AllowedUnsigned to Signed Conversion Error
Abstraction: Variant · Status: Draft
The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.
9 vulnerabilities reference this CWE, most recent first.
CVE-2026-34155 (GCVE-0-2026-34155)
Vulnerability from cvelistv5 – Published: 2026-03-31 13:28 – Updated: 2026-03-31 15:45| URL | Tags |
|---|---|
| https://github.com/rauc/rauc/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/rauc/rauc/commit/4fb7c798d6ae4… | x_refsource_MISC |
| https://github.com/rauc/rauc/releases/tag/v1.15.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T15:44:51.772152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T15:45:04.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rauc",
"vendor": "rauc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the \u0027plain\u0027 format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-196",
"description": "CWE-196: Unsigned to Signed Conversion Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:28:14.863Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx"
},
{
"name": "https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441"
},
{
"name": "https://github.com/rauc/rauc/releases/tag/v1.15.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rauc/rauc/releases/tag/v1.15.2"
}
],
"source": {
"advisory": "GHSA-6hj7-q844-m2hx",
"discovery": "UNKNOWN"
},
"title": "RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34155",
"datePublished": "2026-03-31T13:28:14.863Z",
"dateReserved": "2026-03-25T20:12:04.196Z",
"dateUpdated": "2026-03-31T15:45:04.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14454 (GCVE-0-2026-14454)
Vulnerability from cvelistv5 – Published: 2026-07-08 12:30 – Updated: 2026-07-09 14:41{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-07-08T17:31:27.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/07/08/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-14454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:50:57.514385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:41:45.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Imager",
"product": "Imager",
"programFiles": [
"imexif.c"
],
"programRoutines": [
{
"name": "tiff_load_ifd"
}
],
"repo": "https://github.com/tonycoz/imager",
"vendor": "TONYC",
"versions": [
{
"lessThan": "1.033",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.\n\nImager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.\n\nAn attacker could craft an image with EXIF data that terminates a worker process."
}
],
"impacts": [
{
"capecId": "CAPEC-128",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-128 Integer Attacks"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-196",
"description": "CWE-196 Unsigned to Signed Conversion Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:30:20.230Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TONYC/Imager-1.033/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 1.033 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-14454",
"datePublished": "2026-07-08T12:30:20.230Z",
"dateReserved": "2026-07-02T08:18:50.542Z",
"dateUpdated": "2026-07-09T14:41:45.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0185 (GCVE-0-2023-0185)
Vulnerability from cvelistv5 – Published: 2023-04-01 04:38 – Updated: 2025-02-13 16:38- CWE-196 - Unsigned to Signed Conversion Error
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) |
Affected:
All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:39:48.959062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:39:56.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure."
}
],
"value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service, Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-196",
"description": "CWE-196: Unsigned to Signed Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T14:06:36.330Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
},
{
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2023-0185",
"datePublished": "2023-04-01T04:38:58.626Z",
"dateReserved": "2023-01-11T05:48:42.372Z",
"dateUpdated": "2025-02-13T16:38:46.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36025 (GCVE-0-2022-36025)
Vulnerability from cvelistv5 – Published: 2022-09-24 02:00 – Updated: 2025-04-23 16:55| URL | Tags |
|---|---|
| https://github.com/hyperledger/besu/security/advi… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| hyperledger | besu |
Affected:
> 22.1.3, < 22.7.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:51:59.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hyperledger/besu/security/advisories/GHSA-4456-w38r-m53x"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:51:08.380684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:55:35.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "besu",
"vendor": "hyperledger",
"versions": [
{
"status": "affected",
"version": "\u003e 22.1.3, \u003c 22.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681: Incorrect Conversion between Numeric Types",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-196",
"description": "CWE-196: Unsigned to Signed Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-24T02:00:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hyperledger/besu/security/advisories/GHSA-4456-w38r-m53x"
}
],
"source": {
"advisory": "GHSA-4456-w38r-m53x",
"discovery": "UNKNOWN"
},
"title": "Incorrect Conversion between Numeric Types in Besu Ethereum Client",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36025",
"STATE": "PUBLIC",
"TITLE": "Incorrect Conversion between Numeric Types in Besu Ethereum Client"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "besu",
"version": {
"version_data": [
{
"version_value": "\u003e 22.1.3, \u003c 22.7.1"
}
]
}
}
]
},
"vendor_name": "hyperledger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-681: Incorrect Conversion between Numeric Types"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-196: Unsigned to Signed Conversion Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hyperledger/besu/security/advisories/GHSA-4456-w38r-m53x",
"refsource": "CONFIRM",
"url": "https://github.com/hyperledger/besu/security/advisories/GHSA-4456-w38r-m53x"
}
]
},
"source": {
"advisory": "GHSA-4456-w38r-m53x",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36025",
"datePublished": "2022-09-24T02:00:13.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:55:35.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13545 (GCVE-0-2020-13545)
Vulnerability from cvelistv5 – Published: 2021-01-06 14:50 – Updated: 2024-08-04 12:18- CWE-196 - Unsigned to Signed Conversion Error
| URL | Tags |
|---|---|
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Softmaker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021\u2019s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-196",
"description": "CWE-196: Unsigned to Signed Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T14:50:15.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-13545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Softmaker",
"version": {
"version_data": [
{
"version_value": "SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021\u2019s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-196: Unsigned to Signed Conversion Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-13545",
"datePublished": "2021-01-06T14:50:15.000Z",
"dateReserved": "2020-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:18:18.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7067 (GCVE-0-2020-7067)
Vulnerability from cvelistv5 – Published: 2020-04-27 20:38 – Updated: 2024-09-17 02:21| URL | Tags |
|---|---|
| https://www.debian.org/security/2020/dsa-4717 | vendor-advisoryx_refsource_DEBIAN |
| https://www.debian.org/security/2020/dsa-4719 | vendor-advisoryx_refsource_DEBIAN |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://bugs.php.net/bug.php?id=79465 | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2020050… | x_refsource_CONFIRM |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
| https://www.tenable.com/security/tns-2021-14 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4717",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4717"
},
{
"name": "DSA-4719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=79465"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.2.x below 7.2.30"
},
{
"status": "affected",
"version": "7.3.x below 7.3.17 and 7.4.x below 7.4.5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "bigshaq at wearehackerone dot com"
}
],
"datePublic": "2020-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-196",
"description": "CWE-196 Unsigned to Signed Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:07:31.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"name": "DSA-4717",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4717"
},
{
"name": "DSA-4719",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=79465"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=79465"
],
"discovery": "EXTERNAL"
},
"title": "OOB Read in urldecode()",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2020-04-14T03:10:00.000Z",
"ID": "CVE-2020-7067",
"STATE": "PUBLIC",
"TITLE": "OOB Read in urldecode()"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.2.x below 7.2.30"
},
{
"version_value": "7.3.x below 7.3.17 and 7.4.x below 7.4.5"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "bigshaq at wearehackerone dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-196 Unsigned to Signed Conversion Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4717",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4717"
},
{
"name": "DSA-4719",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4719"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://bugs.php.net/bug.php?id=79465",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=79465"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200504-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=79465"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2020-7067",
"datePublished": "2020-04-27T20:38:39.634Z",
"dateReserved": "2020-01-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:21:12.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-4456-W38R-M53X
Vulnerability from github – Published: 2022-09-23 20:24 – Updated: 2022-09-23 20:24Impact
An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations.
In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations.
Patches
Version 22.7.1 contains a fix, ensuring that excess gas will not be allocated to inner transaction calls and correcting the excess gas errors.
Workarounds
Reverting to version 22.1.3 or earlier will prevent incorrect execution. However many ethereum mainnet networks require changes in more recent versions of Besu and should not use older versions of besu and should instead use the patched version.
Ethereum Classic and other networks not depending on a Proof of Stake transition should function fine with version 22.1.3 or earlier.
For more information
Issue was found by Martin Holst Swende using goevmlab, it is believed that no production networks have transactions that would trigger this failure.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.hyperledger.besu:evm"
},
"ranges": [
{
"events": [
{
"introduced": "22.4.0-RC1"
},
{
"fixed": "22.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-36025"
],
"database_specific": {
"cwe_ids": [
"CWE-196",
"CWE-681"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-23T20:24:21Z",
"nvd_published_at": "2022-09-24T02:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nAn error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. \n\nIn networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. \n\n### Patches\nVersion 22.7.1 contains a fix, ensuring that excess gas will not be allocated to inner transaction calls and correcting the excess gas errors.\n\n### Workarounds\nReverting to version 22.1.3 or earlier will prevent incorrect execution. However many ethereum mainnet networks require changes in more recent versions of Besu and should not use older versions of besu and should instead use the patched version. \n\nEthereum Classic and other networks not depending on a Proof of Stake transition should function fine with version 22.1.3 or earlier.\n\n### For more information\nIssue was found by [Martin Holst Swende](https://github.com/holiman) using [goevmlab](https://github.com/holiman/goevmlab), it is believed that no production networks have transactions that would trigger this failure.\n\n",
"id": "GHSA-4456-w38r-m53x",
"modified": "2022-09-23T20:24:21Z",
"published": "2022-09-23T20:24:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/hyperledger/besu/security/advisories/GHSA-4456-w38r-m53x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36025"
},
{
"type": "PACKAGE",
"url": "https://github.com/hyperledger/besu"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Besu VM vulnerable to gas allocation error in CALL operations"
}
GHSA-8785-3W2W-JPFR
Vulnerability from github – Published: 2023-04-01 06:31 – Updated: 2023-04-10 18:30NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.
{
"affected": [],
"aliases": [
"CVE-2023-0185"
],
"database_specific": {
"cwe_ids": [
"CWE-196",
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-01T05:15:00Z",
"severity": "HIGH"
},
"details": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.",
"id": "GHSA-8785-3w2w-jpfr",
"modified": "2023-04-10T18:30:22Z",
"published": "2023-04-01T06:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0185"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J48M-64VJ-6RM9
Vulnerability from github – Published: 2026-07-08 15:31 – Updated: 2026-07-09 18:31Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.
Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.
An attacker could craft an image with EXIF data that terminates a worker process.
{
"affected": [],
"aliases": [
"CVE-2026-14454"
],
"database_specific": {
"cwe_ids": [
"CWE-196"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-08T13:16:30Z",
"severity": "CRITICAL"
},
"details": "Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.\n\nImager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.\n\nAn attacker could craft an image with EXIF data that terminates a worker process.",
"id": "GHSA-j48m-64vj-6rm9",
"modified": "2026-07-09T18:31:34Z",
"published": "2026-07-08T15:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14454"
},
{
"type": "WEB",
"url": "https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/TONYC/Imager-1.033/changes"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/08/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Choose a language which is not subject to these casting flaws.
Mitigation
Design object accessor functions to implicitly check values for valid sizes. Ensure that all functions which will be used as a size are checked previous to use as a size. If the language permits, throw exceptions rather than using in-band errors.
Mitigation
Error check the return values of all functions. Be aware of implicit casts made, and use unsigned variables for sizes if at all possible.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.