Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-41605

Summary
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At-28 Apr, 2026 | 09:20
Updated At-28 Apr, 2026 | 14:27
Rejected At-
Credits

Apache Thrift: Swift Compact Protocol integer overflow

Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apache
Assigner Org ID:f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At:28 Apr, 2026 | 09:20
Updated At:28 Apr, 2026 | 14:27
Rejected At:
â–¼CVE Numbering Authority (CNA)
Apache Thrift: Swift Compact Protocol integer overflow

Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache Thrift
Default Status
unaffected
Versions
Affected
  • From 0 before 0.23.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190 Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Textual description of severity
text:
important
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Hasnain Lakhani
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql
vendor-advisory
Hyperlink: https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2026/04/28/4
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2026/04/28/4
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@apache.org
Published At:28 Apr, 2026 | 10:16
Updated At:28 Apr, 2026 | 18:39

Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
The Apache Software Foundation
apache
>>thrift>>Versions before 0.23.0(exclusive)
cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Secondarysecurity@apache.org
CWE ID: CWE-190
Type: Secondary
Source: security@apache.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwqlsecurity@apache.org
Mailing List
Patch
Release Notes
http://www.openwall.com/lists/oss-security/2026/04/28/4af854a3a-2127-422b-91ae-364da2661108
Mailing List
Hyperlink: https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql
Source: security@apache.org
Resource:
Mailing List
Patch
Release Notes
Hyperlink: http://www.openwall.com/lists/oss-security/2026/04/28/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List

Change History

0
Information is not available yet

Similar CVEs

59Records found
CVE-2021-27433
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-3.78% / 88.15%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 20:26
Updated-16 Apr, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ARM mbed-ualloc memory library Integer Overflow or Wraparound

ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Action-Not Available
Vendor-Arm Limited
Product-mbed_uallocmbed-ualloc memory library
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-27431
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-0.52% / 66.82%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 20:23
Updated-16 Apr, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ARM CMSIS RTOS2 Integer Overflow or Wraparound

ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.

Action-Not Available
Vendor-Arm Limited
Product-cmsis-rtosCMSIS RTOS2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-27435
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-3.52% / 87.74%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 20:22
Updated-16 Apr, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ARM mbed Integer Overflow or Wraparound

ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Action-Not Available
Vendor-Arm Limited
Product-mbedmbed
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-27419
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-2.55% / 85.62%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 20:20
Updated-16 Apr, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uClibc-ng Integer Overflow or Wraparound

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Action-Not Available
Vendor-uclibc-ng_projectuClibc-ng
Product-uclibc-nguClibc-ng
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-27425
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-1.98% / 83.72%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 20:21
Updated-16 Apr, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cesanta Software Mongoose-OS Integer Overflow or Wraparound

Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Action-Not Available
Vendor-cesantaCesanta Software
Product-mongoose_osMongoose-OS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-27427
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-2.11% / 84.26%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 20:16
Updated-16 Apr, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RIOT OS Integer Overflow or Wraparound

RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Action-Not Available
Vendor-riot-osRIOT OS
Product-riotRIOT OS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-22680
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-1.85% / 83.13%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 20:25
Updated-16 Apr, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NXP MQX Integer Overflow or Wraparound

NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Action-Not Available
Vendor-nxpNXP
Product-mqxMQX
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2014-4608
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-8.60% / 92.48%
||
7 Day CHG~0.00%
Published-03 Jul, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncSUSE
Product-ubuntu_linuxlinux_enterprise_real_time_extensionlinux_enterprise_serverlinux_kernelopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-11347
Matching Score-4
Assigner-Lexmark International Inc.
ShareView Details
Matching Score-4
Assigner-Lexmark International Inc.
CVSS Score-7.3||HIGH
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 18:55
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Access of Resource Using Incompatible Type in Postscript interpreter

Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

Action-Not Available
Vendor-Lexmark International, Inc.
Product-CX, XC, CS, et. al.
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • Next
Details not found