Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-53432

Summary
Assigner-CERT-PL
Assigner Org ID-4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At-30 Jun, 2026 | 12:01
Updated At-30 Jun, 2026 | 15:58
Rejected At-
Credits

Integer Overflow in fzf

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERT-PL
Assigner Org ID:4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At:30 Jun, 2026 | 12:01
Updated At:30 Jun, 2026 | 15:58
Rejected At:
▼CVE Numbering Authority (CNA)
Integer Overflow in fzf

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.

Affected Products
Vendor
fzf
Product
fzf
Repo
https://github.com/junegunn/fzf
Program Files
  • src/algo/algo.go
Program Routines
  • FuzzyMatchV2
Platforms
  • 32 bit
Default Status
unaffected
Versions
Affected
  • From 0 before 0.73.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190 Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
4.05.6MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Michał Majchrowicz (AFINE Team)
finder
Marcin Wyczechowski (AFINE Team)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://cert.pl/en/posts/2026/06/CVE-2026-53432
third-party-advisory
https://github.com/junegunn/fzf
product
https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91
issue-tracking
Hyperlink: https://cert.pl/en/posts/2026/06/CVE-2026-53432
Resource:
third-party-advisory
Hyperlink: https://github.com/junegunn/fzf
Resource:
product
Hyperlink: https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91
Resource:
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cvd@cert.pl
Published At:30 Jun, 2026 | 13:19
Updated At:02 Jul, 2026 | 19:01

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.6MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

junegunn
junegunn
>>fzf>>Versions before 0.73.1(exclusive)
cpe:2.3:a:junegunn:fzf:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Secondarycvd@cert.pl
CWE ID: CWE-190
Type: Secondary
Source: cvd@cert.pl
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cert.pl/en/posts/2026/06/CVE-2026-53432cvd@cert.pl
Third Party Advisory
https://github.com/junegunn/fzfcvd@cert.pl
Product
https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91cvd@cert.pl
Patch
Hyperlink: https://cert.pl/en/posts/2026/06/CVE-2026-53432
Source: cvd@cert.pl
Resource:
Third Party Advisory
Hyperlink: https://github.com/junegunn/fzf
Source: cvd@cert.pl
Resource:
Product
Hyperlink: https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91
Source: cvd@cert.pl
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

207Records found

CVE-2026-53433
Matching Score-8
Assigner-CERT.PL
ShareView Details
Matching Score-8
Assigner-CERT.PL
CVSS Score-5.7||MEDIUM
EPSS-0.21% / 11.89%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:01
Updated-02 Jul, 2026 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in fzf

fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity (O(n²)). A crafted POST request with many small segments can trigger excessive CPU usage during request handling.This allows a single malicious request to monopolize the single‑threaded HTTP server, blocking all other clients and resulting in denial of service. This issue was fixed in version 0.73.1.

Action-Not Available
Vendor-junegunnfzf
Product-fzffzf
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2025-6052
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.42% / 33.70%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 15:40
Updated-02 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Action-Not Available
Vendor-Siemens AGRed Hat, Inc.The GNOME Project
Product-glibRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9SIMATIC CN 4100RUGGEDCOM RST2428P
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-38787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.95% / 77.75%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 12:46
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT_ION_IOC_SUNXI_FLUSH_RANGE" to cause a system crash (denial of service).

Action-Not Available
Vendor-allwinnertechn/a
Product-r818android_q_sdkn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-8949
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.61%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in the Widget: Win32 component

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-11054
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-3.23% / 86.75%
||
7 Day CHG~0.00%
Published-31 Aug, 2018 | 18:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

Action-Not Available
Vendor-Dell Inc.RSA Security LLCOracle Corporation
Product-timesten_in-memory_databasecommunications_ip_service_activatorcore_rdbmscommunications_analyticsbsafegoldengate_application_adaptersreal_user_experience_insightapplication_testing_suitejd_edwards_enterpriseone_toolsretail_predictive_application_serverenterprise_manager_ops_centersecurity_serviceBSAFE Micro Edition Suite
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-12617
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.35% / 97.68%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxqemun/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-54472
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.38%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 09:05
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache bRPC: Redis Parser Remote Denial of Service

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers read from the network. If the integer read from the network is too large, it may cause a bad alloc error and lead to the program crashing. Attackers can exploit this feature by sending special data packets to the bRPC service to carry out a denial-of-service attack on it. The bRPC 1.14.0 version tried to fix this issue by limited the memory allocation size, however, the limitation checking code is not well implemented that may cause integer overflow and evade such limitation. So the 1.14.0 version is also vulnerable, although the integer range that affect version 1.14.0 is different from that affect version < 1.14.0. Affected scenarios: Using bRPC as a Redis server to provide network services to untrusted clients, or using bRPC as a Redis client to call untrusted Redis services. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.14.1. 2. Apply this patch ( https://github.com/apache/brpc/pull/3050 ) manually. No matter you choose which method, you should note that the patch limits the maximum length of memory allocated for each time in the bRPC Redis parser. The default limit is 64M. If some of you redis request or response have a size larger than 64M, you might encounter error after upgrade. For such case, you can modify the gflag redis_max_allocation_size to set a larger limit.

Action-Not Available
Vendor-The Apache Software Foundation
Product-brpcApache bRPC
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-41409
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 57.28%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 00:00
Updated-28 Oct, 2024 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

Action-Not Available
Vendor-pcren/a
Product-pcre2n/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-1084
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.17% / 86.47%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 17:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

Action-Not Available
Vendor-corosyncunspecifiedCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxcorosynccorosync
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-40303
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-22.79% / 97.45%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Action-Not Available
Vendor-n/aApple Inc.NetApp, Inc.libxml2 (XMLSoft)
Product-clustered_data_ontaph700sh500sh300s_firmwareh410sh410ch410c_firmwareontap_select_deploy_administration_utilitysnapmanageripadosactive_iq_unified_managerwatchoslibxml2netapp_manageability_sdkh300siphone_osmacosh410s_firmwaretvosh700s_firmwareh500s_firmwareclustered_data_ontap_antivirus_connectorn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-51495
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.52%
||
7 Day CHG~0.00%
Published-29 Sep, 2025 | 00:00
Updated-16 Oct, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.

Action-Not Available
Vendor-cesantan/a
Product-mongoosen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-6960
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.80% / 75.89%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 08:55
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable.

Action-Not Available
Vendor-apng2gif_projectn/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxapng2gifn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-7568
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-6.3||MEDIUM
EPSS-0.46% / 36.36%
||
7 Day CHG+0.21%
Published-10 May, 2026 | 03:42
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Signed integer overflow in metaphone()

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.

Action-Not Available
Vendor-Red Hat, Inc.The PHP Group
Product-phpPHPRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Hardened Images
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-46597
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.65%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 00:00
Updated-02 Apr, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bitcoin Core 0.13.0 through 29.x has an integer overflow.

Action-Not Available
Vendor-n/aBitcoin Wiki
Product-bitcoin_coren/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-38216
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.73% / 49.91%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 00:34
Updated-03 Aug, 2024 | 10:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.

Action-Not Available
Vendor-mapboxMapbox
Product-maps_software_development_kitMapbox
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-31871
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.86% / 76.66%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 05:18
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.

Action-Not Available
Vendor-klibc_projectn/aDebian GNU/Linux
Product-debian_linuxklibcn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-36125
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.35% / 68.19%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 06:50
Updated-06 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow when reading corrupted .avro file in Avro Rust SDK

It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-avroApache Avro
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-20
Improper Input Validation
CVE-2022-36015
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 41.80%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:55
Updated-23 Apr, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in math ops in TensorFlow

TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-31292
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.56% / 83.16%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.

Action-Not Available
Vendor-n/aExiv2Fedora ProjectDebian GNU/Linux
Product-exiv2debian_linuxfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-6664
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-7.5||HIGH
EPSS-0.70% / 48.57%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 00:43
Updated-14 May, 2026 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

Action-Not Available
Vendor-pgbouncern/a
Product-pgbouncerPgBouncer
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-6679
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-8.8||HIGH
EPSS-0.39% / 30.43%
||
7 Day CHG-0.00%
Published-25 Jun, 2026 | 20:13
Updated-27 Jun, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DTLS 1.3 ACK serialization heap buffer overflow via integer truncation

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-197
Numeric Truncation Error
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25662
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.03%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:41
Updated-19 Feb, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow vulnerable to integer overflow in EditDistance

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-6773
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.24%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:41
Updated-27 May, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service due to integer overflow in the Graphics: WebGPU component

Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-2147
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.05% / 94.09%
||
7 Day CHG~0.00%
Published-09 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

Action-Not Available
Vendor-busyboxn/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxbusyboxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-2105
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-39.65% / 98.44%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSEOracle CorporationOpenSSLRed Hat, Inc.Debian GNU/LinuxNode.js (OpenJS Foundation)
Product-debian_linuxubuntu_linuxenterprise_linux_workstationenterprise_linux_servermac_os_xnode.jsmysqlenterprise_linux_desktopleapenterprise_linux_hpc_node_eusenterprise_linux_server_eusenterprise_linux_hpc_nodeenterprise_linux_server_ausopensslopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-23531
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.84%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-28682
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.04% / 78.78%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 16:15
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.

Action-Not Available
Vendor-envoyproxyn/a
Product-envoyn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-28936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 54.99%
||
7 Day CHG~0.00%
Published-15 May, 2022 | 15:39
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.

Action-Not Available
Vendor-fisco-bcosn/a
Product-fisco-bcosn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-28705
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.31%
||
7 Day CHG+0.02%
Published-05 May, 2022 | 16:35
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-2831
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.22%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 19:21
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

Action-Not Available
Vendor-n/aBlender Foundation
Product-blenderBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-10159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.62% / 93.82%
||
7 Day CHG~0.00%
Published-24 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.

Action-Not Available
Vendor-n/aThe PHP GroupDebian GNU/Linux
Product-debian_linuxphpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-9445
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-3.69% / 88.36%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.

Action-Not Available
Vendor-gstreamern/a
Product-gstreamern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-23775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.21%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 00:00
Updated-05 Jun, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

Action-Not Available
Vendor-trustedfirmwaren/aArm Limited
Product-mbed_tlsn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-35940
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 41.80%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 19:45
Updated-23 Apr, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Int overflow in `RaggedRangeOp` in Tensoflow

TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-58050
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.3||HIGH
EPSS-0.33% / 25.25%
||
7 Day CHG~0.00%
Published-28 Jun, 2026 | 01:32
Updated-30 Jun, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap buffer overflow in a connecting libssh2 client.

Action-Not Available
Vendor-libssh2libssh2
Product-libssh2libssh2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-27665
Matching Score-4
Assigner-Johnson Controls
ShareView Details
Matching Score-4
Assigner-Johnson Controls
CVSS Score-7.5||HIGH
EPSS-1.48% / 70.74%
||
7 Day CHG~0.00%
Published-11 Oct, 2021 | 15:26
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
exacqVision Server 32-bit

An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.

Action-Not Available
Vendor-johnsoncontrolsJohnson Controls
Product-exacqvision_serverexacqVision Web Service
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-25314
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.65% / 90.63%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 04:25
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Action-Not Available
Vendor-libexpat_projectn/aSiemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-debian_linuxzfs_storage_appliance_kitlibexpatsinema_remote_connect_serverhttp_serverfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-25062
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.50% / 90.33%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:38
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr840n_firmwaretl-wr840nn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-22861
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.76%
||
7 Day CHG~0.00%
Published-27 Jan, 2024 | 00:00
Updated-11 Aug, 2025 | 10:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-24795
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-3.47% / 87.65%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:00
Updated-22 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow and Integer Overflow in yajl-ruby

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.

Action-Not Available
Vendor-yajl-ruby_projectbrianmario
Product-yajl-rubyyajl-ruby
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-24667
Matching Score-4
Assigner-Swift Project
ShareView Details
Matching Score-4
Assigner-Swift Project
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.17%
||
7 Day CHG+0.02%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time

Action-Not Available
Vendor-Swift ProjectApple Inc.
Product-swiftnio_http\/2SwiftNIO HTTP2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-23990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.99% / 89.26%
||
7 Day CHG+0.03%
Published-26 Jan, 2022 | 18:02
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Action-Not Available
Vendor-libexpat_projectn/aTenable, Inc.Siemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-nessusdebian_linuxlibexpatsinema_remote_connect_servercommunications_metasolv_solutionfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-43254
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.09%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 11:28
Updated-11 May, 2026 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ovpn: tcp - fix packet extraction from stream

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpn_tcp_recv, we receive large cloned skbs from __strp_rcv that may contain multiple coalesced packets. The current implementation has two bugs: 1. Header offset overflow: Using pskb_pull with large offsets on coalesced skbs causes skb->data - skb->head to exceed the u16 storage of skb->network_header. This causes skb_reset_network_header to fail on the inner decapsulated packet, resulting in packet drops. 2. Unaligned protocol headers: Extracting packets from arbitrary positions within the coalesced TCP stream provides no alignment guarantees for the packet data causing performance penalties on architectures without efficient unaligned access. Additionally, openvpn's 2-byte length prefix on TCP packets causes the subsequent 4-byte opcode and packet ID fields to be inherently misaligned. Fix both issues by allocating a new skb for each openvpn packet and using skb_copy_bits to extract only the packet content into the new buffer, skipping the 2-byte length prefix. Also, check the length before invoking the function that performs the allocation to avoid creating an invalid skb. If the packet has to be forwarded to userspace the 2-byte prefix can be pushed to the head safely, without misalignment. As a side effect, this approach also avoids the expensive linearization that pskb_pull triggers on cloned skbs with page fragments. In testing, this resulted in TCP throughput improvements of up to 74%.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-23772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.83% / 84.89%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:11
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

Action-Not Available
Vendor-n/aNetApp, Inc.GoDebian GNU/Linux
Product-debian_linuxcloud_insights_telegraf_agentbeegfs_csi_drivergostoragegridkubernetes_monitoring_operatorn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-21801
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-1.09% / 61.26%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:10
Updated-15 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-4398
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.71%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:48
Updated-17 Oct, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldvpn100usg_20w-vpnatp100atp800usg_flex_200vpn50usg_flex_100atp100wusg_flex_50watp200atp700atp500usg_flex_700vpn1000vpn50wvpn300usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmwareusg_flex_50w_firmwarevpn_firmwareatp_firmwareusg20w-vpn_firmwareusg_flex_firmware
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-23840
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-50.73% / 98.79%
||
7 Day CHG~0.00%
Published-16 Feb, 2021 | 16:55
Updated-16 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in CipherUpdate

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxFujitsu LimitedTenable, Inc.OpenSSLNode.js (OpenJS Foundation)McAfee, LLC
Product-m10-1_firmwarenessus_network_monitornode.jslog_correlation_enginem10-4s_firmwarebusiness_intelligencem12-2_firmwarem10-4m12-1_firmwarem10-4sgraalvmdebian_linuxenterprise_manager_for_storage_managementm10-1opensslm12-2s_firmwarecommunications_cloud_native_core_policym12-1nosql_databaseenterprise_manager_ops_centerepolicy_orchestratorm10-4_firmwaremysql_serverjd_edwards_enterpriseone_toolsm12-2sm12-2jd_edwards_world_securityOpenSSL
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-21454
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 28.66%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 15:06
Updated-13 Jan, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow to Buffer Overflow in Automotive Telematics

Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-c-v2x_9150_firmwareauto_5g_modem-rf_firmwareauto_4g_modemauto_5g_modem-rfc-v2x_9150auto_4g_modem_firmwareSnapdragonsnapdragon_auto_4g_modemsnapdragon_auto_5g_modem-rfc-v2x_9150
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-54417
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
ShareView Details
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
CVSS Score-8.7||HIGH
EPSS-0.42% / 33.59%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 13:25
Updated-17 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS

An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery.

Action-Not Available
Vendor-rxi
Product-microtar
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-22413
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.68% / 47.76%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:46
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found