Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-58050

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-28 Jun, 2026 | 01:32
Updated At-29 Jun, 2026 | 12:27
Rejected At-
Credits

libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap buffer overflow in a connecting libssh2 client.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:28 Jun, 2026 | 01:32
Updated At:29 Jun, 2026 | 12:27
Rejected At:
â–¼CVE Numbering Authority (CNA)
libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap buffer overflow in a connecting libssh2 client.

Affected Products
Vendor
libssh2
Product
libssh2
Default Status
affected
Versions
Affected
  • From 0 through 1.11.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-190Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.17.0HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
4.08.3HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Version: 4.0
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
ashdfrkl
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/bikini/exploitarium/tree/main/libssh2-publickey-list-calc-poc
exploit
third-party-advisory
https://github.com/libssh2/libssh2/blob/master/src/publickey.c
product
https://www.vulncheck.com/advisories/libssh2-integer-overflow-in-publickey-subsystem-attribute-allocation
third-party-advisory
Hyperlink: https://github.com/bikini/exploitarium/tree/main/libssh2-publickey-list-calc-poc
Resource:
exploit
third-party-advisory
Hyperlink: https://github.com/libssh2/libssh2/blob/master/src/publickey.c
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/libssh2-integer-overflow-in-publickey-subsystem-attribute-allocation
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:28 Jun, 2026 | 02:16
Updated At:30 Jun, 2026 | 20:27

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap buffer overflow in a connecting libssh2 client.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.3HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.0HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

libssh2
libssh2
>>libssh2>>Versions up to 1.11.1(inclusive)
cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Secondarydisclosure@vulncheck.com
CWE ID: CWE-190
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/bikini/exploitarium/tree/main/libssh2-publickey-list-calc-pocdisclosure@vulncheck.com
Broken Link
https://github.com/libssh2/libssh2/blob/master/src/publickey.cdisclosure@vulncheck.com
Product
https://www.vulncheck.com/advisories/libssh2-integer-overflow-in-publickey-subsystem-attribute-allocationdisclosure@vulncheck.com
Third Party Advisory
Hyperlink: https://github.com/bikini/exploitarium/tree/main/libssh2-publickey-list-calc-poc
Source: disclosure@vulncheck.com
Resource:
Broken Link
Hyperlink: https://github.com/libssh2/libssh2/blob/master/src/publickey.c
Source: disclosure@vulncheck.com
Resource:
Product
Hyperlink: https://www.vulncheck.com/advisories/libssh2-integer-overflow-in-publickey-subsystem-attribute-allocation
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

215Records found

CVE-2026-55199
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-8.2||HIGH
EPSS-0.41% / 32.68%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 18:44
Updated-26 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops.

Action-Not Available
Vendor-libssh2libssh2
Product-libssh2libssh2
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-22218
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.91% / 55.75%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.

Action-Not Available
Vendor-libssh2n/a
Product-libssh2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-7598
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.47% / 37.07%
||
7 Day CHG+0.11%
Published-01 May, 2026 | 21:30
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libssh2 userauth.c userauth_password integer overflow

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

Action-Not Available
Vendor-libssh2n/aRed Hat, Inc.
Product-libssh2libssh2Red Hat OpenShift Update ServiceRed Hat Trusted Profile AnalyzerRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 6
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-13115
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-11.66% / 95.53%
||
7 Day CHG~0.00%
Published-16 Jul, 2019 | 00:00
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.

Action-Not Available
Vendor-libssh2n/aF5, Inc.NetApp, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxtraffix_systems_signaling_delivery_controllercloud_backupontap_select_deploy_administration_utilityfedorae-series_santricity_os_controllerlibssh2n/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-3857
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.13% / 92.58%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 18:30
Updated-23 Apr, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Action-Not Available
Vendor-libssh2The libssh2 ProjectNetApp, Inc.openSUSERed Hat, Inc.Oracle CorporationFedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverpeoplesoft_enterprise_peopletoolsdebian_linuxenterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoralibssh2enterprise_linux_server_tusenterprise_linux_desktopleaplibssh2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-3863
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.44% / 87.52%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 17:52
Updated-19 Dec, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.

Action-Not Available
Vendor-libssh2The libssh2 ProjectDebian GNU/LinuxRed Hat, Inc.openSUSENetApp, Inc.
Product-enterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationontap_select_deploy_administration_utilityenterprise_linux_server_tusenterprise_linux_serverleapdebian_linuxenterprise_linux_desktoplibssh2libssh2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-3856
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.13% / 92.58%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 18:31
Updated-23 Apr, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Action-Not Available
Vendor-libssh2The libssh2 ProjectNetApp, Inc.openSUSERed Hat, Inc.Oracle CorporationFedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverpeoplesoft_enterprise_peopletoolsdebian_linuxenterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoralibssh2enterprise_linux_server_tusenterprise_linux_desktopleaplibssh2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-3855
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.22% / 94.73%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 20:13
Updated-17 Dec, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Action-Not Available
Vendor-libssh2The libssh2 ProjectDebian GNU/LinuxFedora ProjectOracle CorporationopenSUSERed Hat, Inc.NetApp, Inc.Apple Inc.
Product-enterprise_linux_serverpeoplesoft_enterprise_peopletoolsdebian_linuxenterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationfedoraenterprise_linuxxcodelibssh2enterprise_linux_server_tusenterprise_linux_desktopleaplibssh2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17498
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-3.79% / 88.69%
||
7 Day CHG+0.03%
Published-21 Oct, 2019 | 00:00
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

Action-Not Available
Vendor-libssh2n/aNetApp, Inc.Debian GNU/LinuxFedora ProjectopenSUSE
Product-bootstrap_osdebian_linuxontap_select_deploy_administration_utilityhci_management_nodefedoraactive_iq_unified_managerlibssh2hci_compute_nodeelement_softwaresolidfireleapn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-69204
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.55%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 16:56
Updated-06 Jan, 2026 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick converting a malicious MVG file to SVG caused an integer overflow.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-23324
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.27%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:40
Updated-12 Aug, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-23323
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.14%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:39
Updated-12 Aug, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-7568
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-6.3||MEDIUM
EPSS-0.46% / 36.36%
||
7 Day CHG+0.21%
Published-10 May, 2026 | 03:42
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Signed integer overflow in metaphone()

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.

Action-Not Available
Vendor-Red Hat, Inc.The PHP Group
Product-phpPHPRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Hardened Images
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-2176
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.60% / 44.52%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 07:31
Updated-10 Oct, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

Action-Not Available
Vendor-zapping-vbin/a
Product-zvbilibzvbi
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-25574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.44% / 82.31%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 18:16
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).

Action-Not Available
Vendor-hypern/a
Product-httpn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-6773
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.24%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:41
Updated-27 May, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service due to integer overflow in the Graphics: WebGPU component

Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-2174
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.76% / 50.91%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 06:31
Updated-03 Oct, 2025 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

Action-Not Available
Vendor-zapping-vbin/a
Product-zvbilibzvbi
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-6664
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-7.5||HIGH
EPSS-0.70% / 48.57%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 00:43
Updated-14 May, 2026 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

Action-Not Available
Vendor-pgbouncern/a
Product-pgbouncerPgBouncer
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-8949
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.61%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 12:29
Updated-20 May, 2026 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in the Widget: Win32 component

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-6679
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-8.8||HIGH
EPSS-0.39% / 30.43%
||
7 Day CHG-0.00%
Published-25 Jun, 2026 | 20:13
Updated-27 Jun, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DTLS 1.3 ACK serialization heap buffer overflow via integer truncation

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-197
Numeric Truncation Error
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40303
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-22.79% / 97.45%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Action-Not Available
Vendor-n/aApple Inc.NetApp, Inc.libxml2 (XMLSoft)
Product-clustered_data_ontaph700sh500sh300s_firmwareh410sh410ch410c_firmwareontap_select_deploy_administration_utilitysnapmanageripadosactive_iq_unified_managerwatchoslibxml2netapp_manageability_sdkh300siphone_osmacosh410s_firmwaretvosh700s_firmwareh500s_firmwareclustered_data_ontap_antivirus_connectorn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-12501
Matching Score-4
Assigner-Opera Norway AS
ShareView Details
Matching Score-4
Assigner-Opera Norway AS
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.72%
||
7 Day CHG+0.02%
Published-31 Oct, 2025 | 14:10
Updated-04 Nov, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects  are urged to update and recompile immediately.

Action-Not Available
Vendor-Opera Norway AS
Product-GameMaker IDE
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-38725
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.40% / 82.03%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

Action-Not Available
Vendor-oneidentityn/a
Product-syslog-ngsyslog-ng_store_boxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-38216
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.73% / 49.91%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 00:34
Updated-03 Aug, 2024 | 10:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.

Action-Not Available
Vendor-mapboxMapbox
Product-maps_software_development_kitMapbox
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-25989
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.59% / 44.09%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:50
Updated-28 Feb, 2026 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CWE ID-CWE-193
Off-by-one Error
CVE-2022-36125
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.35% / 68.19%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 06:50
Updated-06 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow when reading corrupted .avro file in Avro Rust SDK

It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-avroApache Avro
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-20
Improper Input Validation
CVE-2022-35940
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 41.80%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 19:45
Updated-23 Apr, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Int overflow in `RaggedRangeOp` in Tensoflow

TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-0181
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-2.86% / 85.02%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076

Action-Not Available
Vendor-libexif_projectn/aGoogle LLCFedora Project
Product-androidlibexiffedoraAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-36015
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 41.80%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:55
Updated-23 Apr, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in math ops in TensorFlow

TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2011-1298
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.16%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 18:47
Updated-06 Aug, 2024 | 22:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.

Action-Not Available
Vendor-n/aApple Inc.Google LLC
Product-macosblinkn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-31264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.37%
||
7 Day CHG~0.00%
Published-21 May, 2022 | 20:04
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.

Action-Not Available
Vendor-solanalabsn/a
Product-rbpfn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-31005
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.89% / 77.04%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 19:35
Updated-22 Apr, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow in Vapor's HTTP Range Request

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.

Action-Not Available
Vendor-vaporvapor
Product-vaporvapor
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-16096
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.86%
||
7 Day CHG~0.00%
Published-08 Sep, 2019 | 03:46
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row.

Action-Not Available
Vendor-kilo_projectn/a
Product-kilon/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-28705
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.31%
||
7 Day CHG+0.02%
Published-05 May, 2022 | 16:35
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-28936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 54.99%
||
7 Day CHG~0.00%
Published-15 May, 2022 | 15:39
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.

Action-Not Available
Vendor-fisco-bcosn/a
Product-fisco-bcosn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-28937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.21%
||
7 Day CHG~0.00%
Published-15 May, 2022 | 15:39
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests.

Action-Not Available
Vendor-fisco-bcosn/a
Product-fisco-bcosn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-54417
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
ShareView Details
Matching Score-4
Assigner-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
CVSS Score-8.7||HIGH
EPSS-0.42% / 33.59%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 13:25
Updated-17 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS

An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery.

Action-Not Available
Vendor-rxi
Product-microtar
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-2831
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.22%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 19:21
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

Action-Not Available
Vendor-n/aBlender Foundation
Product-blenderBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25062
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.50% / 90.33%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:38
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr840n_firmwaretl-wr840nn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-25314
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.65% / 90.63%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 04:25
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Action-Not Available
Vendor-libexpat_projectn/aSiemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-debian_linuxzfs_storage_appliance_kitlibexpatsinema_remote_connect_serverhttp_serverfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-23990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.99% / 89.26%
||
7 Day CHG+0.03%
Published-26 Jan, 2022 | 18:02
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Action-Not Available
Vendor-libexpat_projectn/aTenable, Inc.Siemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-nessusdebian_linuxlibexpatsinema_remote_connect_servercommunications_metasolv_solutionfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-23772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.83% / 84.89%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:11
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

Action-Not Available
Vendor-n/aNetApp, Inc.GoDebian GNU/Linux
Product-debian_linuxcloud_insights_telegraf_agentbeegfs_csi_drivergostoragegridkubernetes_monitoring_operatorn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-24667
Matching Score-4
Assigner-Swift Project
ShareView Details
Matching Score-4
Assigner-Swift Project
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.17%
||
7 Day CHG+0.02%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time

Action-Not Available
Vendor-Swift ProjectApple Inc.
Product-swiftnio_http\/2SwiftNIO HTTP2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-45490
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.69% / 74.23%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 00:00
Updated-12 May, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

Action-Not Available
Vendor-libexpat_projectn/alibexpat_projectSiemens AG
Product-libexpatn/aSIPLUS S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM RST2428PSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPlibexpatSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XCM-/XRM-/XCH-/XRH-300 family
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2024-45287
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-9.1||CRITICAL
EPSS-0.51% / 39.80%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 03:18
Updated-26 Sep, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in libnv

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSDfreebsd
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-42643
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 42.03%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access.

Action-Not Available
Vendor-n/asmartdns_project
Product-n/asmartdns
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.71% / 84.16%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 20:57
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).

Action-Not Available
Vendor-nfdump_projectn/aDebian GNU/LinuxFedora Project
Product-nfdumpdebian_linuxfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18298
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.38% / 81.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.74% / 74.96%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 16:07
Updated-30 Mar, 2026 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-nats-servern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2008-4309
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.93% / 91.07%
||
7 Day CHG~0.00%
Published-31 Oct, 2008 | 20:00
Updated-28 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

Action-Not Available
Vendor-n/aNet-SNMP
Product-net-snmpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found