Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-50944

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Dec, 2024 | 00:00
Updated At-28 Dec, 2024 | 18:25
Rejected At-
Credits

Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Dec, 2024 | 00:00
Updated At:28 Dec, 2024 | 18:25
Rejected At:
▼CVE Numbering Authority (CNA)

Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/simplcommerce/SimplCommerce
N/A
https://www.simplcommerce.com/
N/A
https://github.com/AbdullahAlmutawa/CVE-2024-50944
N/A
https://github.com/simplcommerce/SimplCommerce/issues/1110
N/A
Hyperlink: https://github.com/simplcommerce/SimplCommerce
Resource: N/A
Hyperlink: https://www.simplcommerce.com/
Resource: N/A
Hyperlink: https://github.com/AbdullahAlmutawa/CVE-2024-50944
Resource: N/A
Hyperlink: https://github.com/simplcommerce/SimplCommerce/issues/1110
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190 Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Dec, 2024 | 19:15
Updated At:28 Dec, 2024 | 19:15

Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-190Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-190
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/AbdullahAlmutawa/CVE-2024-50944cve@mitre.org
N/A
https://github.com/simplcommerce/SimplCommercecve@mitre.org
N/A
https://github.com/simplcommerce/SimplCommerce/issues/1110cve@mitre.org
N/A
https://www.simplcommerce.com/cve@mitre.org
N/A
Hyperlink: https://github.com/AbdullahAlmutawa/CVE-2024-50944
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/simplcommerce/SimplCommerce
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/simplcommerce/SimplCommerce/issues/1110
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.simplcommerce.com/
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

264Records found
CVE-2024-1917
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.39%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 00:02
Updated-27 Aug, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-MELSEC-Q Series Q26UDPVCPUMELSEC-Q Series Q50UDEHCPUMELSEC-L Series L06CPUMELSEC-Q Series Q20UDEHCPUMELSEC-Q Series Q06UDEHCPUMELSEC-Q Series Q04UDEHCPUMELSEC-Q Series Q04UDVCPUMELSEC-L Series L02CPUMELSEC-Q Series Q03UDECPUMELSEC-L Series L26CPU-BTMELSEC-Q Series Q13UDPVCPUMELSEC-L Series L26CPU-PMELSEC-Q Series Q06UDPVCPUMELSEC-Q Series Q06UDVCPUMELSEC-Q Series Q26UDEHCPUMELSEC-Q Series Q100UDEHCPUMELSEC-L Series L26CPU-PBTMELSEC-Q Series Q03UDVCPUMELSEC-Q Series Q13UDEHCPUMELSEC-Q Series Q13UDVCPUMELSEC-Q Series Q04UDPVCPUMELSEC-Q Series Q26UDVCPUMELSEC-L Series L06CPU-PMELSEC-L Series L26CPUMELSEC-L Series L02CPU-PMELSEC-Q Series Q10UDEHCPUmelsec_q13udpvcpumelsec_q03udvcpumelsec_l02cpu-pmelsec_q-q03udecpumelsec_l06cpu-pmelsec_l26cpu-pl02cpu-pl26cpu-btmelsec_q-q100udehcpumelsec_q-q10udehcpumelsec_q06udpvcpumelsec_q-q06udehcpumelsec_l06cpu\(-p\)melsec_q-q26udehcpumelsec_q-q04udehcpumelsec_q-q20udehcpumelsec_q13udvcpumelsec_q26udvcpumelsec_q-q13udehcpumelsec_q-q50udehcpumelsec_q06udvcpumelsec_q04udvcpumelsec_l26cpu-pbtmelsec_l26cpu\(-p\)melsec_q26udpvcpu
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-37454
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.80% / 82.02%
||
7 Day CHG+0.17%
Published-21 Oct, 2022 | 00:00
Updated-08 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Action-Not Available
Vendor-sha3_projectpypypysha3_projectextended_keccak_code_package_projectn/aThe PHP GroupDebian GNU/LinuxPython Software FoundationFedora Project
Product-fedorapysha3sha3debian_linuxextended_keccak_code_packagepythonpypyphpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-36934
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.8||CRITICAL
EPSS-8.26% / 91.90%
||
7 Day CHG~0.00%
Published-22 Sep, 2022 | 21:30
Updated-27 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in WhatsApp could result in remote code execution in an established video call.

Action-Not Available
Vendor-WhatsApp LLCMeta Platforms, Inc.
Product-whatsappWhatsApp for AndroidWhatsApp Business for AndroidWhatsApp for iOSWhatsApp Business for iOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-3515
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.60%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

Action-Not Available
Vendor-gnupggpg4winn/a
Product-libksbagpg4winvs-desktopgnupglibksba
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-35289
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.35%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

Action-Not Available
Vendor-Facebook
Product-hermesHermes
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-31572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 67.08%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 17:56
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.

Action-Not Available
Vendor-amazonn/a
Product-freertosn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-45492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.23% / 45.87%
||
7 Day CHG+0.01%
Published-30 Aug, 2024 | 00:00
Updated-18 Oct, 2024 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Action-Not Available
Vendor-libexpat_projectn/alibexpat
Product-libexpatn/aexpat
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-27433
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-3.78% / 87.60%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 20:26
Updated-16 Apr, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ARM mbed-ualloc memory library Integer Overflow or Wraparound

ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Action-Not Available
Vendor-Arm Limited
Product-mbed_uallocmbed-ualloc memory library
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-24025
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.71%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 15:50
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

Action-Not Available
Vendor-Facebook
Product-hhvmHHVM
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-5340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.86% / 90.98%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 06:02
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.

Action-Not Available
Vendor-n/aThe PHP GroupNetApp, Inc.
Product-clustered_data_ontapphpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-36671
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 49.74%
||
7 Day CHG+0.03%
Published-29 Nov, 2024 | 00:00
Updated-04 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c.

Action-Not Available
Vendor-n/anodemcu
Product-n/anodemcu
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-20110
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.34%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 14:48
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In httphandler.cpp, the agent reaching out over HTTP is vulnerable to an Integer Overflow, which can be turned into a Heap Overflow allowing for remote code execution as NT AUTHORITY/SYSTEM on the agent machine. The Integer Overflow occurs when receiving POST response from the Manage Engine server, and the agent calling "HttpQueryInfoW" in order to get the "Content-Length" size from the incoming POST request. This size is taken, but multiplied to a larger amount. If an attacker specifies a Content-Length size of 1073741823 or larger, this integer arithmetic will wrap the value back around to smaller integer, then calls "calloc" with this size to allocate memory. The following API "InternetReadFile" will copy the POST data into this buffer, which will be too small for the contents, and cause heap overflow.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_assetexplorerManage Engine Asset Explorer Agent
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-9558
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 77.73%
||
7 Day CHG~0.00%
Published-28 Feb, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."

Action-Not Available
Vendor-libdwarf_projectn/a
Product-libdwarfn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-48334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 23.18%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 00:00
Updated-27 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow.

Action-Not Available
Vendor-widevinen/a
Product-trusted_applicationn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found