CWE-197
AllowedNumeric Truncation Error
Abstraction: Base · Status: Incomplete
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
93 vulnerabilities reference this CWE, most recent first.
GHSA-J35J-Q3J5-86W5
Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-43519"
],
"database_specific": {
"cwe_ids": [
"CWE-197"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T18:15:14Z",
"severity": "HIGH"
},
"details": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability",
"id": "GHSA-j35j-q3j5-86w5",
"modified": "2024-10-08T18:33:15Z",
"published": "2024-10-08T18:33:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43519"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43519"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M65G-RCVQ-QJJ5
Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-37337"
],
"database_specific": {
"cwe_ids": [
"CWE-197"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T17:15:17Z",
"severity": "HIGH"
},
"details": "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability",
"id": "GHSA-m65g-rcvq-qjj5",
"modified": "2024-09-10T18:30:44Z",
"published": "2024-09-10T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37337"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MQMG-RCJR-35HF
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30024"
],
"database_specific": {
"cwe_ids": [
"CWE-197"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:16:57Z",
"severity": "HIGH"
},
"details": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability",
"id": "GHSA-mqmg-rcjr-35hf",
"modified": "2024-05-14T18:31:04Z",
"published": "2024-05-14T18:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30024"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P3VQ-4CXH-GFP9
Vulnerability from github – Published: 2023-01-02 09:31 – Updated: 2025-10-22 00:32A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
{
"affected": [],
"aliases": [
"CVE-2022-42475"
],
"database_specific": {
"cwe_ids": [
"CWE-197",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-02T09:15:00Z",
"severity": "CRITICAL"
},
"details": "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.",
"id": "GHSA-p3vq-4cxh-gfp9",
"modified": "2025-10-22T00:32:37Z",
"published": "2023-01-02T09:31:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42475"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-22-398"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42475"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PXX2-JXR9-C92G
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30SQL Server Native Client Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-49018"
],
"database_specific": {
"cwe_ids": [
"CWE-197"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T18:15:41Z",
"severity": "HIGH"
},
"details": "SQL Server Native Client Remote Code Execution Vulnerability",
"id": "GHSA-pxx2-jxr9-c92g",
"modified": "2024-11-12T18:30:59Z",
"published": "2024-11-12T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49018"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QC29-C5FH-CMCF
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30029"
],
"database_specific": {
"cwe_ids": [
"CWE-197"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:17:01Z",
"severity": "HIGH"
},
"details": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability",
"id": "GHSA-qc29-c5fh-cmcf",
"modified": "2024-05-14T18:31:04Z",
"published": "2024-05-14T18:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30029"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30029"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RG8V-554V-GV5Q
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30009"
],
"database_specific": {
"cwe_ids": [
"CWE-197"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:16:39Z",
"severity": "HIGH"
},
"details": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability",
"id": "GHSA-rg8v-554v-gv5q",
"modified": "2024-05-14T18:31:03Z",
"published": "2024-05-14T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30009"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V3VX-GXFC-R83R
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30DHCP Server Service Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38044"
],
"database_specific": {
"cwe_ids": [
"CWE-197",
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:32Z",
"severity": "HIGH"
},
"details": "DHCP Server Service Remote Code Execution Vulnerability",
"id": "GHSA-v3vx-gxfc-r83r",
"modified": "2024-07-09T18:30:51Z",
"published": "2024-07-09T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38044"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38044"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM6W-V59C-562F
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-55142"
],
"database_specific": {
"cwe_ids": [
"CWE-197"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:18:21Z",
"severity": "MODERATE"
},
"details": "Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally.",
"id": "GHSA-vm6w-v59c-562f",
"modified": "2026-07-14T18:32:36Z",
"published": "2026-07-14T18:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55142"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55142"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W45G-X7X3-468C
Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 18:31Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38125"
],
"database_specific": {
"cwe_ids": [
"CWE-197"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T18:15:14Z",
"severity": "HIGH"
},
"details": "Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability",
"id": "GHSA-w45g-x7x3-468c",
"modified": "2024-08-13T18:31:16Z",
"published": "2024-08-13T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38125"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38125"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that no casts, implicit or explicit, take place that move from a larger size primitive or a smaller size primitive.
No CAPEC attack patterns related to this CWE.