Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-53432

Summary
Assigner-CERT-PL
Assigner Org ID-4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At-30 Jun, 2026 | 12:01
Updated At-30 Jun, 2026 | 15:58
Rejected At-
Credits

Integer Overflow in fzf

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERT-PL
Assigner Org ID:4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At:30 Jun, 2026 | 12:01
Updated At:30 Jun, 2026 | 15:58
Rejected At:
▼CVE Numbering Authority (CNA)
Integer Overflow in fzf

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.

Affected Products
Vendor
fzf
Product
fzf
Repo
https://github.com/junegunn/fzf
Program Files
  • src/algo/algo.go
Program Routines
  • FuzzyMatchV2
Platforms
  • 32 bit
Default Status
unaffected
Versions
Affected
  • From 0 before 0.73.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190 Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
4.05.6MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Michał Majchrowicz (AFINE Team)
finder
Marcin Wyczechowski (AFINE Team)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://cert.pl/en/posts/2026/06/CVE-2026-53432
third-party-advisory
https://github.com/junegunn/fzf
product
https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91
issue-tracking
Hyperlink: https://cert.pl/en/posts/2026/06/CVE-2026-53432
Resource:
third-party-advisory
Hyperlink: https://github.com/junegunn/fzf
Resource:
product
Hyperlink: https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91
Resource:
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cvd@cert.pl
Published At:30 Jun, 2026 | 13:19
Updated At:02 Jul, 2026 | 19:01

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.6MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

junegunn
junegunn
>>fzf>>Versions before 0.73.1(exclusive)
cpe:2.3:a:junegunn:fzf:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Secondarycvd@cert.pl
CWE ID: CWE-190
Type: Secondary
Source: cvd@cert.pl
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cert.pl/en/posts/2026/06/CVE-2026-53432cvd@cert.pl
Third Party Advisory
https://github.com/junegunn/fzfcvd@cert.pl
Product
https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91cvd@cert.pl
Patch
Hyperlink: https://cert.pl/en/posts/2026/06/CVE-2026-53432
Source: cvd@cert.pl
Resource:
Third Party Advisory
Hyperlink: https://github.com/junegunn/fzf
Source: cvd@cert.pl
Resource:
Product
Hyperlink: https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91
Source: cvd@cert.pl
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

207Records found

CVE-2024-23775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.21%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 00:00
Updated-05 Jun, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

Action-Not Available
Vendor-trustedfirmwaren/aArm Limited
Product-mbed_tlsn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-23531
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.84%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-24795
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-3.47% / 87.65%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:00
Updated-22 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow and Integer Overflow in yajl-ruby

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.

Action-Not Available
Vendor-yajl-ruby_projectbrianmario
Product-yajl-rubyyajl-ruby
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-22861
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.76%
||
7 Day CHG~0.00%
Published-27 Jan, 2024 | 00:00
Updated-11 Aug, 2025 | 10:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-1699
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.9||CRITICAL
EPSS-1.02% / 59.32%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 15:20
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption in causefx/organizr

Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

Action-Not Available
Vendor-organizrcausefx
Product-organizrcausefx/organizr
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-21454
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 28.66%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 15:06
Updated-13 Jan, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow to Buffer Overflow in Automotive Telematics

Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-c-v2x_9150_firmwareauto_5g_modem-rf_firmwareauto_4g_modemauto_5g_modem-rfc-v2x_9150auto_4g_modem_firmwareSnapdragonsnapdragon_auto_4g_modemsnapdragon_auto_5g_modem-rfc-v2x_9150
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-9348
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.97%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 19:08
Updated-22 Nov, 2024 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote denial of service due to resource exhaustion with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-5733
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-5.9||MEDIUM
EPSS-20.24% / 97.15%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 20:00
Updated-25 Apr, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A malicious client can overflow a reference counter in ISC dhcpd

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.Internet Systems Consortium, Inc.
Product-dhcpubuntu_linuxenterprise_linux_serverenterprise_linux_server_ausdebian_linuxenterprise_linux_desktopenterprise_linux_workstationenterprise_linux_server_eusISC DHCP
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-49441
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 46.90%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 21:20
Updated-14 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.

Action-Not Available
Vendor-thekelleysn/a
Product-dnsmasqn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-48933
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-2.44% / 82.35%
||
7 Day CHG+1.87%
Published-26 Jun, 2026 | 01:14
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Red Hat, Inc.
Product-node.jsnodeRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Hardened Images
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-4694
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 51.19%
||
7 Day CHG+0.17%
Published-24 Mar, 2026 | 12:30
Updated-30 Jun, 2026 | 03:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect boundary conditions, integer overflow in the Graphics component

Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-46384
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.40% / 31.69%
||
7 Day CHG+0.09%
Published-29 May, 2026 | 19:58
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iskorotkov/avro: Integer Overflow in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets (GOARCH=386, arm, mips, wasm, etc.), the truncation paths can silently bypass byte-slice limits, select the wrong union branch, or hit the OCF negative-make panic via wrap. Three sub-issues are not 32-bit-specific: cumulative-size arithmetic overflow in arrayDecoder.Decode / mapDecoder.Decode / mapDecoderUnmarshaler.Decode (wraps at math.MaxInt64 on amd64 / arm64 and bypasses MaxSliceAllocSize / MaxMapAllocSize), math.MinInt negation in block-header handling, and make([]byte, size) with a negative size in OCF block reads — all three panic or bypass caps on any platform, giving an attacker a denial-of-service primitive there. This vulnerability is fixed in 2.33.0.

Action-Not Available
Vendor-iskorotkovRed Hat, Inc.
Product-avroMulticluster Global HubRed Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Cryostat 4
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-4398
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.71%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:48
Updated-17 Oct, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldvpn100usg_20w-vpnatp100atp800usg_flex_200vpn50usg_flex_100atp100wusg_flex_50watp200atp700atp500usg_flex_700vpn1000vpn50wvpn300usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmwareusg_flex_50w_firmwarevpn_firmwareatp_firmwareusg20w-vpn_firmwareusg_flex_firmware
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-45686
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.36%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 15:25
Updated-03 Jun, 2026 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large <bytes> values and adds the payload delimiter length without checking for overflow. A crafted request with <bytes> set to math.MaxInt or math.MaxInt-1 causes the computed payload length to wrap negative and triggers a runtime panic in LargeBufferReader.Peek. This issue has been patched in version 0.9.0.

Action-Not Available
Vendor-opentelemetryopen-telemetry
Product-ebpf_instrumentationopentelemetry-ebpf-instrumentation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-41185
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.6||HIGH
EPSS-0.75% / 50.58%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-08 Aug, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability

Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20353.

Action-Not Available
Vendor-unified-automationUnified Automationunified-automation
Product-uagatewayUaGatewayuagateway
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-44216
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 23.73%
||
7 Day CHG+0.08%
Published-14 May, 2026 | 14:54
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wasmtime: Panic when allocating a table exceeding the size of the host's address space

Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is allocated. This is possible with the WebAssembly memory64 proposal where tables can have sizes in the 64-bit range as opposed to the previous 32-bit range which would not overflow. The panic happens when attempting to create a very large table, such as when instantiating a WebAssembly module or component. This vulnerability is fixed in 36.0.8, 43.0.2, and 44.0.1.

Action-Not Available
Vendor-bytecodealliancebytecodeallianceRed Hat, Inc.
Product-wasmtimewasmtimeRed Hat Enterprise Linux 10Red Hat Hardened Images
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-44673
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.43%
||
7 Day CHG+0.16%
Published-14 May, 2026 | 20:35
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libyang: lyb_read_string() integer overflow → heap buffer overflow

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.

Action-Not Available
Vendor-CESNETRed Hat, Inc.
Product-libyangRed Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-39125
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.96%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 00:00
Updated-08 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested program, it's just something to demonstrate it works and for the user to see how to integrate it into their own programs."

Action-Not Available
Vendor-ntsc-crt_projectn/a
Product-ntsc-crtn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-43254
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.09%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 11:28
Updated-11 May, 2026 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ovpn: tcp - fix packet extraction from stream

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpn_tcp_recv, we receive large cloned skbs from __strp_rcv that may contain multiple coalesced packets. The current implementation has two bugs: 1. Header offset overflow: Using pskb_pull with large offsets on coalesced skbs causes skb->data - skb->head to exceed the u16 storage of skb->network_header. This causes skb_reset_network_header to fail on the inner decapsulated packet, resulting in packet drops. 2. Unaligned protocol headers: Extracting packets from arbitrary positions within the coalesced TCP stream provides no alignment guarantees for the packet data causing performance penalties on architectures without efficient unaligned access. Additionally, openvpn's 2-byte length prefix on TCP packets causes the subsequent 4-byte opcode and packet ID fields to be inherently misaligned. Fix both issues by allocating a new skb for each openvpn packet and using skb_copy_bits to extract only the packet content into the new buffer, skipping the 2-byte length prefix. Also, check the length before invoking the function that performs the allocation to avoid creating an invalid skb. If the packet has to be forwarded to userspace the 2-byte prefix can be pushed to the head safely, without misalignment. As a side effect, this approach also avoids the expensive linearization that pskb_pull triggers on cloned skbs with page fragments. In testing, this resulted in TCP throughput improvements of up to 74%.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-36478
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-3.75% / 88.57%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 16:53
Updated-13 Feb, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP/2 HPACK integer overflow and buffer allocation

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.

Action-Not Available
Vendor-JenkinsDebian GNU/LinuxEclipse Foundation AISBL
Product-jenkinsdebian_linuxjettyjetty.project
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-36395
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.46% / 82.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-08 Oct, 2025 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Deployment Services Denial of Service Vulnerability

Windows Deployment Services Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-41254
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.36% / 28.47%
||
7 Day CHG~0.00%
Published-18 Apr, 2026 | 06:43
Updated-07 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

Action-Not Available
Vendor-littlecmslittlecms
Product-little_cmslittle cms color engine
CWE ID-CWE-696
Incorrect Behavior Order
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-34454
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.47% / 70.57%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 16:27
Updated-12 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
snappy-java's Integer Overflow vulnerability in compress leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function. Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array. Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error. The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place. Version 1.1.10.1 contains a patch for this issue.

Action-Not Available
Vendor-xerialxerial
Product-snappy-javasnappy-java
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-41416
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.28% / 19.69%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 18:40
Updated-28 Apr, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PJSIP: Asymmetric ptime integer overflow in Media Stream

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can lead to unexpected application termination or memory corruption This vulnerability is fixed in 2.17.

Action-Not Available
Vendor-teluupjsip
Product-pjsippjproject
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-41602
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.38%
||
7 Day CHG+0.48%
Published-28 Apr, 2026 | 09:19
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Go TFramedTransport uint32 overflow

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat Advanced Cluster Management for Kubernetes 2.16Multicluster Global Hub 1.7.1Red Hat Ceph Storage 6Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2Red Hat OpenStack Platform 18.0Multicluster Global HubMulticluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat Ceph Storage 5Red Hat AI Inference ServerRed Hat Ceph Storage 9OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-34453
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.71% / 74.52%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 16:12
Updated-12 Dec, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`. The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue. Version 1.1.10.1 contains a patch for this vulnerability.

Action-Not Available
Vendor-xerialxerial
Product-snappy-javasnappy-java
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-41849
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.68%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 03:51
Updated-09 Jun, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spring Framework Denial of Service via Integer Overflow in SpEL Expressions

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS). Affected versions: Spring Framework 5.3.0 through 5.3.48.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_frameworkSpring Framework
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-40046
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.38% / 29.48%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 15:58
Updated-13 Apr, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions. This issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4. Users are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-Apache ActiveMQ AllApache ActiveMQApache ActiveMQ MQTT
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-32307
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.30%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 22:11
Updated-13 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
heap-over-flow and integer-overflow in sofia-sip

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.

Action-Not Available
Vendor-signalwirefreeswitchDebian GNU/Linux
Product-sofia-sipdebian_linuxsofia-sip
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-3107
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-0.54% / 41.42%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 22:01
Updated-09 Jul, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote denial of service in IPv6 fragment reassembly

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.

Action-Not Available
Vendor-NetApp, Inc.FreeBSD Foundation
Product-freebsdclustered_data_ontapFreeBSD
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-3945
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
ShareView Details
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
CVSS Score-8.7||HIGH
EPSS-0.60% / 44.28%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 07:05
Updated-30 Mar, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service (DoS). The issue occurs because chunk size values are parsed using strtol() without properly validating overflow conditions (e.g., errno == ERANGE). A crafted chunk size such as 0x7fffffffffffffff (LONG_MAX) bypasses the existing validation check (chunklen < 0), leading to a signed integer overflow during arithmetic operations (chunklen + 2). This results in incorrect size calculations, causing the proxy to attempt reading an extremely large amount of request-body data and holding worker connections open indefinitely. An attacker can exploit this behavior to exhaust all available worker slots, preventing new connections from being accepted and causing complete service unavailability. Upstream addressed this issue in commit bb7edc4; however, the latest stable release (1.11.3) remains affected at the time of publication.

Action-Not Available
Vendor-tinyproxy
Product-tinyproxy
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-37555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.42%
||
7 Day CHG+0.10%
Published-29 Apr, 2026 | 00:00
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065.

Action-Not Available
Vendor-libsndfile_projectn/aRed Hat, Inc.
Product-libsndfilen/aRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-37462
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.69%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 00:00
Updated-04 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-35092
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.37%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 13:18
Updated-29 May, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Corosync: corosync: denial of service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

Action-Not Available
Vendor-corosyncRed Hat, Inc.
Product-enterprise_linuxopenshiftcorosyncRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9098
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.06% / 79.01%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-17958
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.17% / 92.62%
||
7 Day CHG~0.00%
Published-09 Oct, 2018 | 22:00
Updated-28 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.QEMU
Product-debian_linuxubuntu_linuxvirtualization_managerqemuvirtualizationenterprise_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-30463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.52%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.

Action-Not Available
Vendor-altrann/a
Product-picotcpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-34711
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.58%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 21:21
Updated-15 Jun, 2026 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowslinux_kerneliphone_osandroidmacosc2pac2pa-webCAI Content Credentials
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-28831
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.82% / 52.73%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-11 Nov, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1514sp-2_pnsimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1514sp-2_pn_firmwaresimatic_s7-1500_et_200pro_firmwaresimatic_s7-1500_cpu_1512sp_f-1_pnsimatic_s7-1500_cpu_1511c-1_pn_firmwaresiplus_s7-1500_cpu_1518hf-4_pnsimatic_s7-1500_cpu_1515t-2_pnsiplus_et_200sp_cpu_1512sp-1_pnsiplus_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1512sp-1_pnsiplus_s7-1500_cpu_1515f-2_pnsiplus_s7-1500_cpu_1516-3_pn\/dp_tx_railsimatic_s7-1500_cpu_1515-2_pnsimatic_s7-1500_cpu_1515r-2_pn_firmwaresimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1511t-1_pnsiplus_s7-1500_cpu_1517h-3_pnsimatic_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1517t-3_pn\/dpsiplus_et_200sp_cpu_1510sp_f-1_pnsiplus_et_200sp_cpu_1512sp_f-1_pn_rail_firmwaresimatic_s7-1500_cpu_1510sp-1_pn_firmwaresimatic_s7-1500_cpu_1518hf-4_pnsimatic_s7-1500_cpu_1510sp_f-1_pnsimatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1513f-1_pn_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dp_railsimatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odk_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_mfpsiplus_et_200sp_cpu_1512sp_f-1_pn_railsimatic_s7-1500_cpu_1516t-3_pn\/dpsimatic_s7-1500_cpu_1514spt_f-2_pnsimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1516tf-3_pn\/dpsiplus_s7-1500_cpu_1516f-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1515f-2_pn_t2_railsiplus_s7-1500_cpu_1516-3_pn\/dp_tx_rail_firmwaresimatic_s7-1500_cpu_1514spt-2_pn_firmwaresimatic_s7-1500_cpu_1513r-1_pn_firmwaresimatic_s7-1500_cpu_1518hf-4_pn_firmwaresimatic_s7-1500_cpu_1515tf-2_pn_firmwaresiplus_et_200sp_cpu_1510sp-1_pn_firmwaresiplus_et_200sp_cpu_1512sp-1_pn_railsiplus_s7-1500_cpu_1518-4_pn\/dp_firmwaresiplus_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1517tf-3_pn\/dpsiplus_s7-1500_cpu_1515r-2_pn_firmwaresiplus_s7-1500_cpu_1518-4_pn\/dp_mfpsimatic_s7-1500_cpu_1510sp_f-1_pn_firmwaresiplus_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmwaresimatic_drive_controller_cpu_1507d_tf_firmwaresiplus_s7-1500_cpu_1511-1_pn_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dp_rail_firmwaresimatic_s7-1500_cpu_1516tf-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1511-1_pn_t1_rail_firmwaresimatic_s7-1500_cpu_1515tf-2_pnsimatic_s7-1500_software_controller_firmwaresimatic_s7-1500_cpu_1515r-2_pnsimatic_s7-1500_cpu_1518t-4_pn\/dpsimatic_cloud_connect_7_cc712_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dpsimatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1200_cpu_firmwaresimatic_s7-1500_cpu_1514spt_f-2_pn_firmwaresimatic_s7-1500_cpu_1513r-1_pnsimatic_s7-1500_cpu_1518tf-4_pn\/dpsimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1518t-4_pn\/dp_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1516t-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1511-1_pn_tx_rail_firmwaresiplus_s7-1500_cpu_1511-1_pn_tx_railsimatic_s7-1500_cpu_1517h-3_pnsimatic_s7-1500_cpu_1512sp-1_pn_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_railsiplus_s7-1500_cpu_1513f-1_pn_firmwaresimatic_s7-1200_cpusimatic_cloud_connect_7_cc716_firmwaresimatic_s7-1500_et_200prosimatic_s7-1500_cpu_1514spt-2_pnsimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_rail_firmwaresiplus_s7-1500_cpu_1515f-2_pn_rail_firmwaresimatic_s7-1500_cpu_1511tf-1_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsiplus_s7-1500_cpu_1515f-2_pn_t2_rail_firmwaresiplus_et_200sp_cpu_1510sp-1_pn_railsimatic_s7-1500_cpu_1511f-1_pnsiplus_et_200sp_cpu_1512sp_f-1_pnsiplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1510sp-1_pnsiplus_s7-1500_cpu_1511-1_pn_t1_railsiplus_et_200sp_cpu_1510sp-1_pnsimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresiplus_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1_pnsiplus_s7-1500_cpu_1515r-2_pn_tx_railsiplus_et_200sp_cpu_1512sp-1_pn_firmwaresimatic_drive_controller_cpu_1504d_tfsiplus_et_200sp_cpu_1512sp-1_pn_rail_firmwaresiplus_et_200sp_cpu_1512sp_f-1_pn_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_1515t-2_pn_firmwaresiplus_s7-1500_cpu_1516f-3_pn\/dp_railsimatic_s7-1500_cpu_s7-1518-4_pn\/dp_odk_firmwaresimatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odksiplus_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1517h-3_pn_firmwaresimatic_s7-1500_cpu_s7-1518-4_pn\/dp_odksiplus_et_200sp_cpu_1510sp-1_pn_rail_firmwaresimatic_s7-1500_cpu_1517t-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1518f-4_pn\/dpsiplus_s7-1500_cpu_1516f-3_pn\/dp_rail_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsiplus_s7-1500_cpu_1515r-2_pn_tx_rail_firmwaresiplus_s7-1500_cpu_1517h-3_pn_firmwaresimatic_s7-1500_cpu_1512c-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1511f-1_pnsiplus_s7-1500_cpu_1515f-2_pn_railsimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1511tf-1_pn_firmwaresiplus_s7-1500_cpu_1518hf-4_pn_firmwaresimatic_s7-1500_cpu_1514sp_f-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1512c-1_pnsiplus_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1513-1_pn_firmwaresiplus_s7-1500_cpu_1513-1_pnsiplus_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1517tf-3_pn\/dp_firmwaresimatic_cloud_connect_7_cc712simatic_s7-1500_cpu_1512sp_f-1_pn_firmwaresimatic_s7-1500_cpu_1514sp_f-2_pnsiplus_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1518tf-4_pn\/dp_firmwaresiplus_s7-1500_cpu_1515r-2_pnsimatic_s7-1500_cpu_1511t-1_pn_firmwaresimatic_s7-1500_software_controllersimatic_et_200sp_open_controller_cpu_firmwaresiplus_s7-1500_cpu_1515f-2_pn_firmwaresimatic_cloud_connect_7_cc716simatic_et_200sp_open_controller_cpuSIMATIC Cloud Connect 7 CC716SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC WinCC Runtime Professional V19SIMATIC PCS 7 V9.1SIPLUS ET 200SP CPU 1512SP-1 PNSIMATIC Drive Controller CPU 1507D TFSIMATIC S7-PLCSIM AdvancedSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1511T-1 PNSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC WinCC OA V3.18SIMATIC WinCC Unified OPC UA ServerSIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIPLUS ET 200SP CPU 1510SP-1 PNSIMATIC ET 200SP CPU 1510SP F-1 PNSIMATIC NET PC Software V18SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC WinCC OPC UA ClientSIMATIC S7-1500 CPU 1516-3 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC ET 200SP CPU 1514SPT F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1512C-1 PNSIMATIC NET PC Software V16SIMATIC S7-1500 CPU 1515F-2 PNSIMATIC WinCC Runtime Professional V16SIPLUS S7-1500 CPU 1511-1 PNSIMATIC NET PC Software V17SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC BRAUMATSIMATIC S7-1500 CPU 1517T-3 PN/DPSIMATIC WinCC V8.0SIMATIC SISTARSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 Software Controller V3SIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC Comfort/Mobile RTSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC ET 200SP CPU 1514SPT-2 PNSIMATIC ET 200SP CPU 1514SP F-2 PNSIMATIC S7-1500 Software Controller V2SIPLUS ET 200SP CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC Drive Controller CPU 1504D TFSIMATIC WinCC Runtime Professional V17SIMATIC S7-1500 CPU 1513F-1 PNSIPLUS S7-1500 CPU 1515F-2 PNSIMATIC Cloud Connect 7 CC712SIMATIC WinCC OA V3.19SIMATIC S7-1500 CPU 1511-1 PNSIMATIC WinCC V7.5SIMATIC S7-1500 CPU 1515-2 PNSIMATIC IPC DiagMonitorSIMATIC WinCC V7.4SIPLUS ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSINUMERIK ONESIMATIC S7-1500 CPU 1511F-1 PNSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC NET PC Software V14SIMATIC S7-1500 CPU 1511C-1 PNSIMATIC WinCC Runtime Professional V18SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC ET 200SP CPU 1514SP-2 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1517-3 PN/DPSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC WinCC OA V3.17SIPLUS S7-1500 CPU 1513F-1 PNSIMATIC PCS neo V4.0SIMATIC S7-1500 CPU 1513-1 PNSIPLUS S7-1500 CPU 1513-1 PNSIMATIC ET 200SP CPU 1510SP-1 PNSINUMERIK MCSIMATIC S7-1500 CPU 1518T-4 PN/DPSIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU 1511TF-1 PN
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-33855
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
ShareView Details
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.08%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 05:58
Updated-26 Mar, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in MolotovCherry Android-ImageMagick7

Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

Action-Not Available
Vendor-molotovcherryMolotovCherry
Product-android-imagemagick7Android-ImageMagick7
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-33983
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.25%
||
7 Day CHG+0.17%
Published-30 Mar, 2026 | 21:42
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeRDP: Progressive Codec Quant BYTE Underflow - UB + CPU DoS

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift exponent, causing undefined behavior and an approximately 80 billion iteration loop (CPU DoS). This issue has been patched in version 3.24.2.

Action-Not Available
Vendor-Red Hat, Inc.FreeRDP
Product-freerdpFreeRDPRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-252
Unchecked Return Value
CVE-2022-1036
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-1.21% / 64.63%
||
7 Day CHG~0.00%
Published-22 Mar, 2022 | 12:40
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Able to create an account with long password leads to memory corruption / Integer Overflow in microweber/microweber

Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-0913
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.1||CRITICAL
EPSS-1.40% / 69.21%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 09:10
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in microweber/microweber

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-33900
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.43% / 34.85%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 20:50
Updated-17 Apr, 2026 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has a Heap overflow caused by integer overflow/wraparound in viff encoder on 32-bit builds

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-33662
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.23%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 18:13
Updated-28 Apr, 2026 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the amount of padding needed, "PS size", is calculated by subtracting the size of the digest and other fields required for the EMA-PKCS1-v1_5 encoding from the size of the modulus of the key. By selecting a small enough modulus, this subtraction can overflow. The padding is added as a string of 0xFF bytes with a call to memset(), and an underflowed integer will cause the memset() call to overwrite until OP-TEE crashes. This only affects platforms registering RSA acceleration.

Action-Not Available
Vendor-linaroOP-TEE
Product-op-teeoptee_os
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-33666
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.33% / 24.72%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 18:21
Updated-28 Apr, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zserio: Integer Overflow in BitStreamReader on 32-bit platforms

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes (512 MB) from a buffer that is only a few bytes long, causing a segmentation fault. This vulnerability is fixed in 2.18.1.

Action-Not Available
Vendor-nds-associationndsev
Product-zseriozserio
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-16890
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-5.35% / 91.65%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 20:00
Updated-15 Apr, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxF5, Inc.Canonical Ltd.NetApp, Inc.Red Hat, Inc.Siemens AGCURL
Product-libcurlclustered_data_ontapubuntu_linuxdebian_linuxcommunications_operations_monitorhttp_serversecure_global_desktopenterprise_linuxsinema_remote_connect_clientbig-ip_access_policy_managercurl
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-16881
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.24% / 80.67%
||
7 Day CHG~0.00%
Published-25 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

Action-Not Available
Vendor-rsyslogThe rsyslog ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverrsyslogenterprise_linux_for_scientific_computingvirtualizationdebian_linuxvirtualization_managerenterprise_linux_workstationenterprise_linuxvirtualization_hostenterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endianenterprise_linux_desktopenterprise_linux_for_power_big_endianrsyslog:
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-32875
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.22%
||
7 Day CHG+0.06%
Published-20 Mar, 2026 | 01:35
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the Python interpreter (segmentation fault) when the product of the indent parameter and the nested depth of the input exceeds INT32_MAX. It can also get stuck in an infinite loop if the indent is a large negative number. Both are caused by an integer overflow/underflow whilst calculating how much memory to reserve for indentation. And both can be used to achieve denial of service. To be vulnerable, a service must call ujson.dump()/ujson.dumps()/ujson.encode() whilst giving untrusted users control over the indent parameter and not restrict that indentation to reasonably small non-negative values. A service may also be vulnerable to the infinite loop if it uses a fixed negative indent. An underflow always occurs for any negative indent when the input data is at least one level nested but, for small negative indents, the underflow is usually accidentally rectified by another overflow. This issue has been fixed in version 5.12.0.

Action-Not Available
Vendor-ultrajson_projectultrajsonRed Hat, Inc.
Product-ultrajsonultrajsonRed Hat OpenStack Platform 17.1Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 18.0
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-33040
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.47% / 37.50%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 05:46
Updated-01 May, 2026 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE control message with an extremely large backoff (e.g. u64::MAX) can lead to Duration/Instant overflow during backoff update logic, triggering a panic in the networking state machine. This is remotely reachable over a normal libp2p connection and does not require authentication. Any application exposing a libp2p Gossipsub listener and using the affected backoff-handling path can be crashed by a network attacker that can reach the service port. The attack can be repeated by reconnecting and replaying the crafted control message. This issue has been fixed in version 0.49.3.

Action-Not Available
Vendor-protocollibp2p
Product-libp2p-gossipsubrust-libp2p
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found