Vulnerabilities (CVE)

Filtered by CWE-191
Total 258 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3165 2 Fedoraproject, Qemu 2 Fedora, Qemu 2024-02-28 N/A 6.5 MEDIUM
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2022-39343 1 Microsoft 1 Azure Rtos Filex 2024-02-28 N/A 7.8 HIGH
Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA.
CVE-2022-20393 1 Google 1 Android 2024-02-28 N/A 5.5 MEDIUM
In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886
CVE-2022-2869 3 Debian, Fedoraproject, Libtiff 3 Debian Linux, Fedora, Libtiff 2024-02-28 N/A 5.5 MEDIUM
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.
CVE-2022-30787 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2021-40589 1 Zangband-data Project 1 Zangband-data 2024-02-28 7.5 HIGH 9.8 CRITICAL
ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.
CVE-2021-44489 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction.
CVE-2021-44509 1 Fisglobal 1 Gt.m 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application.
CVE-2021-40054 1 Huawei 2 Emui, Magic Ui 2024-02-28 7.8 HIGH 7.5 HIGH
There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.
CVE-2022-1698 1 Organizr 1 Organizr 2024-02-28 5.0 MEDIUM 7.5 HIGH
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
CVE-2022-24046 1 Sonos 3 One, S1, S2 2024-02-28 8.3 HIGH 8.8 HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd daemon. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15828.
CVE-2022-0544 2 Blender, Debian 2 Blender, Debian Linux 2024-02-28 2.6 LOW 5.5 MEDIUM
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2021-25121 1 Bestwebsoft 1 Rating 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating
CVE-2022-20073 2 Google, Mediatek 44 Android, Mt2601, Mt6580 and 41 more 2024-02-28 4.4 MEDIUM 6.6 MEDIUM
In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841.
CVE-2022-21685 1 Parity 1 Frontier 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.
CVE-2021-41196 1 Google 1 Tensorflow 2024-02-28 2.1 LOW 5.5 MEDIUM
TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
CVE-2022-22715 1 Microsoft 4 Windows 10, Windows 11, Windows Server and 1 more 2024-02-28 7.2 HIGH 7.8 HIGH
Named Pipe File System Elevation of Privilege Vulnerability
CVE-2021-37706 4 Asterisk, Debian, Sangoma and 1 more 4 Certified Asterisk, Debian Linux, Asterisk and 1 more 2024-02-28 9.3 HIGH 9.8 CRITICAL
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.
CVE-2022-23613 2 Fedoraproject, Neutrinolabs 2 Fedora, Xrdp 2024-02-28 7.2 HIGH 7.8 HIGH
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
CVE-2021-3323 1 Zephyrproject 1 Zephyr 2024-02-28 7.5 HIGH 9.8 CRITICAL
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc