CWE-682
DiscouragedIncorrect Calculation
Abstraction: Pillar · Status: Draft
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
159 vulnerabilities reference this CWE, most recent first.
GHSA-MF74-QWPW-GJ2W
Vulnerability from github – Published: 2025-09-25 18:30 – Updated: 2025-09-29 18:33pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
{
"affected": [],
"aliases": [
"CVE-2025-55552"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-25T16:15:34Z",
"severity": "MODERATE"
},
"details": "pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.",
"id": "GHSA-mf74-qwpw-gj2w",
"modified": "2025-09-29T18:33:12Z",
"published": "2025-09-25T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55552"
},
{
"type": "WEB",
"url": "https://github.com/pytorch/pytorch/issues/147847"
},
{
"type": "WEB",
"url": "https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P35R-5HV5-759H
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.
{
"affected": [],
"aliases": [
"CVE-2021-34573"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-16T13:15:00Z",
"severity": "MODERATE"
},
"details": "In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and \"no flow\" are not reconized or misinterpreted. This may lead to wrong values and missing events.",
"id": "GHSA-p35r-5hv5-759h",
"modified": "2022-05-24T19:14:51Z",
"published": "2022-05-24T19:14:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34573"
},
{
"type": "WEB",
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34573.en"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P44M-V46W-3VP6
Vulnerability from github – Published: 2022-12-06 00:30 – Updated: 2022-12-09 03:30An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
{
"affected": [],
"aliases": [
"CVE-2022-35258"
],
"database_specific": {
"cwe_ids": [
"CWE-128",
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-05T22:15:00Z",
"severity": "HIGH"
},
"details": "An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.",
"id": "GHSA-p44m-v46w-3vp6",
"modified": "2022-12-09T03:30:25Z",
"published": "2022-12-06T00:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35258"
},
{
"type": "WEB",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P72V-37H5-753V
Vulnerability from github – Published: 2025-06-03 15:31 – Updated: 2025-06-03 21:30When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
{
"affected": [],
"aliases": [
"CVE-2025-4435"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T13:15:20Z",
"severity": "HIGH"
},
"details": "When using a TarFile.errorlevel = 0\u00a0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0\u00a0in affected versions is that the member would still be extracted and not skipped.",
"id": "GHSA-p72v-37h5-753v",
"modified": "2025-06-03T21:30:36Z",
"published": "2025-06-03T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4435"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P9RF-64QJ-22RW
Vulnerability from github – Published: 2024-11-26 18:38 – Updated: 2025-07-23 21:36There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
{
"affected": [],
"aliases": [
"CVE-2024-11407"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-26T17:15:22Z",
"severity": "MODERATE"
},
"details": "There exists a denial of service through Data corruption in gRPC-C++ -\u00a0gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit\u00a0e9046b2bbebc0cb7f5dc42008f807f6c7e98e791",
"id": "GHSA-p9rf-64qj-22rw",
"modified": "2025-07-23T21:36:43Z",
"published": "2024-11-26T18:38:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11407"
},
{
"type": "WEB",
"url": "https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green",
"type": "CVSS_V4"
}
]
}
GHSA-PFMV-2R4F-J9MJ
Vulnerability from github – Published: 2022-02-10 00:01 – Updated: 2025-05-05 18:30In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
{
"affected": [],
"aliases": [
"CVE-2021-45960"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-01T19:15:00Z",
"severity": "HIGH"
},
"details": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).",
"id": "GHSA-pfmv-2r4f-j9mj",
"modified": "2025-05-05T18:30:48Z",
"published": "2022-02-10T00:01:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"type": "WEB",
"url": "https://github.com/libexpat/libexpat/issues/531"
},
{
"type": "WEB",
"url": "https://github.com/libexpat/libexpat/pull/534"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220121-0004"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-05"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PGRC-MVJG-QFR7
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:23library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.
{
"affected": [],
"aliases": [
"CVE-2019-17514"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-12T13:15:00Z",
"severity": "HIGH"
},
"details": "library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated \"finds all the pathnames matching a specified pattern according to the rules used by the Unix shell,\" one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.",
"id": "GHSA-pgrc-mvjg-qfr7",
"modified": "2024-04-04T02:23:36Z",
"published": "2022-05-24T16:58:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17514"
},
{
"type": "WEB",
"url": "https://bugs.python.org/issue33275"
},
{
"type": "WEB",
"url": "https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L380"
},
{
"type": "WEB",
"url": "https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L405"
},
{
"type": "WEB",
"url": "https://pubs.acs.org/doi/full/10.1021/acs.orglett.9b03216"
},
{
"type": "WEB",
"url": "https://pubs.acs.org/doi/suppl/10.1021/acs.orglett.9b03216/suppl_file/ol9b03216_si_002.zip"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191107-0005"
},
{
"type": "WEB",
"url": "https://twitter.com/LucasCMoore/status/1181615421922824192"
},
{
"type": "WEB",
"url": "https://twitter.com/chris_bloke/status/1181997278136958976"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4428-1"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20150822013622/https://docs.python.org/3/library/glob.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20150906020027/https://docs.python.org/2.7/library/glob.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20160309211341/https://docs.python.org/3/library/glob.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20160526201356/https://docs.python.org/2.7/library/glob.html"
},
{
"type": "WEB",
"url": "https://www.vice.com/en_us/article/zmjwda/a-code-glitch-may-have-caused-errors-in-more-than-100-published-studies"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PXV8-QHRH-JC7V
Vulnerability from github – Published: 2024-06-06 18:21 – Updated: 2024-09-06 21:40Impact
This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts.
Wrong spendable balance computation
The spendable balance is not updated properly when delegating vested tokens. The following example help in describing the issue:
- Given a clawback vesting account with a starting 15M vesting schedule. The initial spendable balance is 0.
- Time passes and 5M are vested. The spendable balance is now 5M.
- The account delegate 5M. The spendable balance should be 0, but returns 5M
- The account can send 5M to another account.
The issue allowed a clawback vesting account to anticipate the release of unvested tokens.
Missing precompile checks
Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different.
The vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module.
Missing create validator check
This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond.
Patches
- The spendable balance function has been fixed correcting the
TrackDelegationfunction. - The checks for the staking module, for the delegation and the create validator, has been moved into the
MsgServerof a wrapper around the Cosmos SDK staking module.
The issues have been patched in versions >=V18.0.0.
References
For more information
If you have any questions or comments about this advisory:
Reach out to the Core Team in Discord Open a discussion in evmos/evmos Email us at security@evmos.org for security questions
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 17.0.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v17"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 16.0.4"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v16"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 15.0.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v15"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 14.1.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v14"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 13.0.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v13"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.1.6"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v12"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.0.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v10"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.1.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v9"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.2.3"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.0.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v7"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.4"
},
"package": {
"ecosystem": "Go",
"name": "github.com/evmos/evmos/v6"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-32873"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-06T18:21:05Z",
"nvd_published_at": "2024-06-06T19:15:56Z",
"severity": "LOW"
},
"details": "## Impact\n\nThis advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts.\n\n### Wrong spendable balance computation\n\nThe spendable balance is not updated properly when delegating vested tokens. The following example help in describing the issue:\n- Given a clawback vesting account with a starting `15M` vesting schedule. The initial spendable balance is `0`.\n- Time passes and `5M` are vested. The spendable balance is now `5M`.\n- The account delegate `5M`. The spendable balance should be `0`, but returns `5M`\n- The account can send `5M` to another account.\n\nThe issue allowed a clawback vesting account to anticipate the release of unvested tokens.\n\n### Missing precompile checks\n\nPreliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different.\n\nThe vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module.\n\n### Missing create validator check\n\nThis vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond.\n\n## Patches\n\n- The spendable balance function has been fixed correcting the `TrackDelegation` function.\n- The checks for the staking module, for the delegation and the create validator, has been moved into the `MsgServer` of a wrapper around the Cosmos SDK staking module. \n\nThe issues have been patched in versions \u003e=V18.0.0.\n\n## References\n1. [Evmos vesting module](https://docs.evmos.org/protocol/modules/vesting)\n\n## For more information\nIf you have any questions or comments about this advisory:\n\nReach out to the Core Team in [Discord](https://discord.gg/evmos)\nOpen a discussion in [evmos/evmos](https://github.com/evmos/evmos/discussions)\nEmail us at [security@evmos.org](mailto:security@evmos.org) for security questions",
"id": "GHSA-pxv8-qhrh-jc7v",
"modified": "2024-09-06T21:40:06Z",
"published": "2024-06-06T18:21:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32873"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37158"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37159"
},
{
"type": "WEB",
"url": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb"
},
{
"type": "PACKAGE",
"url": "https://github.com/evmos/evmos"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-2891"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "evmos allows transferring unvested tokens after delegations"
}
GHSA-Q29P-9PFR-J652
Vulnerability from github – Published: 2026-03-26 17:59 – Updated: 2026-03-26 17:59The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE (168 for SHAKE128, 136 for SHAKE256) bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF output.
Impact
This bug impacts users that rely on this XOF API to squeeze more than RATE bytes. It does not impact the use of libcrux-sha3 in libcrux-ml-kem or libcrux-ml-dsa.
Mitigation
Starting from version 0.0.8 the squeeze functions correctly output all blocks including the first block.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "libcrux-sha3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-26T17:59:34Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than `RATE` (168 for SHAKE128, 136 for SHAKE256) bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of `RATE` bytes of valid XOF output.\n\n## Impact\nThis bug impacts users that rely on this XOF API to squeeze more than `RATE` bytes. It does not impact the use of libcrux-sha3 in libcrux-ml-kem or libcrux-ml-dsa.\n\n## Mitigation\nStarting from version `0.0.8` the squeeze functions correctly output all blocks including the first block.",
"id": "GHSA-q29p-9pfr-j652",
"modified": "2026-03-26T17:59:34Z",
"published": "2026-03-26T17:59:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cryspen/libcrux/pull/1352"
},
{
"type": "PACKAGE",
"url": "https://github.com/cryspen/libcrux"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0074.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "libcrux-sha3: Incorrect output from SHAKE squeeze functions"
}
GHSA-Q5C9-W6W2-M4FW
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02A vulnerability has been identified in SCALANCE XM-400 Family (All versions < V6.4), SCALANCE XR-500 Family (All versions < V6.4). The OSPF protocol implementation in affected devices incorrectly handles the number of LSA fields in combination with other modified fields. An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.
{
"affected": [],
"aliases": [
"CVE-2020-28393"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-12T14:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SCALANCE XM-400 Family (All versions \u003c V6.4), SCALANCE XR-500 Family (All versions \u003c V6.4). The OSPF protocol implementation in affected devices incorrectly handles the number of LSA fields in combination with other modified fields. An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.",
"id": "GHSA-q5c9-w6w2-m4fw",
"modified": "2022-05-24T19:02:15Z",
"published": "2022-05-24T19:02:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28393"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
Mitigation MIT-8
Strategy: Input Validation
Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Mitigation
Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
Mitigation
Strategy: Language Selection
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation
Strategy: Libraries or Frameworks
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-128: Integer Attacks
An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.