CWE-192
Integer Coercion Error
Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.
CVE-2014-125011 (GCVE-0-2014-125011)
Vulnerability from cvelistv5 – Published: 2022-06-18 06:15 – Updated: 2025-04-15 14:22
VLAI?
Title
FFmpeg ansi.c decode_frame integer coercion
Summary
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
Severity ?
5.3 (Medium)
CWE
- CWE-192 - Integer Coercion Error
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%… | x_refsource_MISC |
| https://vuldb.com/?id.12391 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | FFmpeg |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.12391"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2014-125011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:58:07.164242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:22:34.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FFmpeg",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mateusz Jurczyk/Gynvael Coldwind"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-192",
"description": "CWE-192 Integer Coercion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-18T06:15:58.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=d42ec8433c687fcbccefa51a7716d81920218e4f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.12391"
}
],
"title": "FFmpeg ansi.c decode_frame integer coercion",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2014-125011",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "FFmpeg ansi.c decode_frame integer coercion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FFmpeg",
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Mateusz Jurczyk/Gynvael Coldwind",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-192 Integer Coercion Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d42ec8433c687fcbccefa51a7716d81920218e4f",
"refsource": "MISC",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d42ec8433c687fcbccefa51a7716d81920218e4f"
},
{
"name": "https://vuldb.com/?id.12391",
"refsource": "MISC",
"url": "https://vuldb.com/?id.12391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2014-125011",
"datePublished": "2022-06-18T06:15:58.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:22:34.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-125012 (GCVE-0-2014-125012)
Vulnerability from cvelistv5 – Published: 2022-06-18 06:16 – Updated: 2025-04-15 14:22
VLAI?
Title
FFmpeg dxtroy.c integer coercion
Summary
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
Severity ?
5.3 (Medium)
CWE
- CWE-192 - Integer Coercion Error
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%… | x_refsource_MISC |
| https://vuldb.com/?id.12390 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | FFmpeg |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a392bf657015c9a79a5a13adfbfb15086c1943b9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.12390"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2014-125012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:58:02.913432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:22:27.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FFmpeg",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mateusz Jurczyk/Gynvael Coldwind"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-192",
"description": "CWE-192 Integer Coercion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-18T06:16:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a392bf657015c9a79a5a13adfbfb15086c1943b9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.12390"
}
],
"title": "FFmpeg dxtroy.c integer coercion",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2014-125012",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "FFmpeg dxtroy.c integer coercion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FFmpeg",
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Mateusz Jurczyk/Gynvael Coldwind",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-192 Integer Coercion Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9",
"refsource": "MISC",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9"
},
{
"name": "https://vuldb.com/?id.12390",
"refsource": "MISC",
"url": "https://vuldb.com/?id.12390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2014-125012",
"datePublished": "2022-06-18T06:16:00.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:22:27.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32996 (GCVE-0-2021-32996)
Vulnerability from cvelistv5 – Published: 2022-01-07 22:39 – Updated: 2025-04-17 18:48
VLAI?
Summary
The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required.
Severity ?
7.5 (High)
CWE
- CWE-192 - INTEGER COERCION ERROR
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| FANUC | R-30iA, R-30iA Mate |
Affected:
v7 , ≤ v7.70
(custom)
|
|
| FANUC | R-30iB, R-30iB Mate, R-30iB Compact |
Affected:
v8 , ≤ v8.36
(custom)
|
|
| FANUC | R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus |
Affected:
V9 , ≤ v9.40
(custom)
|
Date Public ?
2021-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-32996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:53:39.607407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681 Incorrect Conversion between Numeric Types",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:48:35.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R-30iA, R-30iA Mate",
"vendor": "FANUC",
"versions": [
{
"lessThanOrEqual": "v7.70",
"status": "affected",
"version": "v7",
"versionType": "custom"
}
]
},
{
"product": "R-30iB, R-30iB Mate, R-30iB Compact",
"vendor": "FANUC",
"versions": [
{
"lessThanOrEqual": "v8.36",
"status": "affected",
"version": "v8",
"versionType": "custom"
}
]
},
{
"product": "R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus",
"vendor": "FANUC",
"versions": [
{
"lessThanOrEqual": "v9.40",
"status": "affected",
"version": "V9",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-192",
"description": "CWE-192 INTEGER COERCION ERROR",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T22:39:08.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-07T17:00:00.000Z",
"ID": "CVE-2021-32996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R-30iA, R-30iA Mate",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v7",
"version_value": "v7.70"
}
]
}
},
{
"product_name": "R-30iB, R-30iB Mate, R-30iB Compact",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v8",
"version_value": "v8.36"
}
]
}
},
{
"product_name": "R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V9",
"version_value": "v9.40"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-192 INTEGER COERCION ERROR"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32996",
"datePublished": "2022-01-07T22:39:08.821Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-17T18:48:35.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2639 (GCVE-0-2022-2639)
Vulnerability from cvelistv5 – Published: 2022-09-01 20:32 – Updated: 2024-08-03 00:46
VLAI?
Summary
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Severity ?
No CVSS data available.
CWE
- CWE-192 - >CWE-787
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2084479 | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/cefa91b2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084479"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-192",
"description": "CWE-192-\u003eCWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T20:32:54.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084479"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-2639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.18"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-192-\u003eCWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2084479",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084479"
},
{
"name": "https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2639",
"datePublished": "2022-09-01T20:32:54.000Z",
"dateReserved": "2022-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:46:03.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-8275 (GCVE-0-2026-8275)
Vulnerability from cvelistv5 – Published: 2026-05-11 05:00 – Updated: 2026-05-11 17:31 X_Open Source
VLAI?
Title
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippReadChunkedBody integer coercion
Summary
A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. The patch is named 3731d5576cffae9eefe3721cd46a40933304129f. To fix this issue, it is recommended to deploy a patch.
Severity ?
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/362572 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/362572/cti | signaturepermissions-required |
| https://vuldb.com/submit/811145 | third-party-advisory |
| https://github.com/bettercap/bettercap/issues/1263 | issue-tracking |
| https://github.com/bettercap/bettercap/pull/1264 | issue-trackingpatch |
| https://github.com/user-attachments/files/2685284… | exploit |
| https://github.com/bettercap/bettercap/commit/373… | patch |
| https://github.com/bettercap/bettercap/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8275",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T15:54:45.411935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T17:31:02.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"zerogod IPP Service"
],
"product": "bettercap",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.41.0"
},
{
"status": "affected",
"version": "2.41.1"
},
{
"status": "affected",
"version": "2.41.2"
},
{
"status": "affected",
"version": "2.41.3"
},
{
"status": "affected",
"version": "2.41.4"
},
{
"status": "affected",
"version": "2.41.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dapickle (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. The patch is named 3731d5576cffae9eefe3721cd46a40933304129f. To fix this issue, it is recommended to deploy a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-192",
"description": "Integer Coercion Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-189",
"description": "Numeric Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T05:00:19.083Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-362572 | bettercap zerogod IPP Service zerogod_ipp_primitives.go ippReadChunkedBody integer coercion",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/362572"
},
{
"name": "VDB-362572 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/362572/cti"
},
{
"name": "Submit #811145 | bettercap \u003c=v2.41.5 Integer Coercion Error",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811145"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/bettercap/bettercap/issues/1263"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/bettercap/bettercap/pull/1264"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/26852847/poc.py"
},
{
"tags": [
"patch"
],
"url": "https://github.com/bettercap/bettercap/commit/3731d5576cffae9eefe3721cd46a40933304129f"
},
{
"tags": [
"product"
],
"url": "https://github.com/bettercap/bettercap/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-10T18:10:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "bettercap zerogod IPP Service zerogod_ipp_primitives.go ippReadChunkedBody integer coercion"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8275",
"datePublished": "2026-05-11T05:00:19.083Z",
"dateReserved": "2026-05-10T16:05:45.629Z",
"dateUpdated": "2026-05-11T17:31:02.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8276 (GCVE-0-2026-8276)
Vulnerability from cvelistv5 – Published: 2026-05-11 05:15 – Updated: 2026-05-11 12:46 X_Open Source
VLAI?
Title
bettercap MySQL Server mysql_server.go integer coercion
Summary
A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been published and may be used. This patch is called 0eaa375c5e5446bfba94a290eff92967a5deac9e. It is advisable to implement a patch to correct this issue.
Severity ?
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/362573 | vdb-entry |
| https://vuldb.com/vuln/362573/cti | signaturepermissions-required |
| https://vuldb.com/submit/811163 | third-party-advisory |
| https://github.com/bettercap/bettercap/issues/1265 | issue-tracking |
| https://github.com/bettercap/bettercap/pull/1266 | issue-trackingpatch |
| https://github.com/bettercap/bettercap/issues/126… | exploitissue-tracking |
| https://github.com/bettercap/bettercap/commit/0ea… | patch |
| https://github.com/bettercap/bettercap/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8276",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T12:46:31.913831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T12:46:41.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"MySQL Server"
],
"product": "bettercap",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.41.0"
},
{
"status": "affected",
"version": "2.41.1"
},
{
"status": "affected",
"version": "2.41.2"
},
{
"status": "affected",
"version": "2.41.3"
},
{
"status": "affected",
"version": "2.41.4"
},
{
"status": "affected",
"version": "2.41.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dapickle (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been published and may be used. This patch is called 0eaa375c5e5446bfba94a290eff92967a5deac9e. It is advisable to implement a patch to correct this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-192",
"description": "Integer Coercion Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-189",
"description": "Numeric Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T05:15:10.508Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-362573 | bettercap MySQL Server mysql_server.go integer coercion",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/362573"
},
{
"name": "VDB-362573 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/362573/cti"
},
{
"name": "Submit #811163 | Bettercap \u003c=v2.41.5 Integer Coercion Error",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811163"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/bettercap/bettercap/issues/1265"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/bettercap/bettercap/pull/1266"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/bettercap/bettercap/issues/1265#issue-4287957382"
},
{
"tags": [
"patch"
],
"url": "https://github.com/bettercap/bettercap/commit/0eaa375c5e5446bfba94a290eff92967a5deac9e"
},
{
"tags": [
"product"
],
"url": "https://github.com/bettercap/bettercap/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-10T18:10:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "bettercap MySQL Server mysql_server.go integer coercion"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8276",
"datePublished": "2026-05-11T05:15:10.508Z",
"dateReserved": "2026-05-10T16:05:47.998Z",
"dateUpdated": "2026-05-11T12:46:41.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Requirements
Description:
- A language which throws exceptions on ambiguous data casts might be chosen.
Mitigation
Phase: Architecture and Design
Description:
- Design objects and program flow such that multiple or complex casts are unnecessary
Mitigation
Phase: Implementation
Description:
- Ensure that any data type casting that you must used is entirely understood in order to reduce the plausibility of error in use.
No CAPEC attack patterns related to this CWE.