CWE-190
Integer Overflow or Wraparound
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (1,551)
page 27 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17962 | Hig | 0.49 | 7.5 | 0.04 | Oct 9, 2018 | Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. | ||
| CVE-2018-17958 | Hig | 0.49 | 7.5 | 0.06 | Oct 9, 2018 | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | ||
| CVE-2018-17050 | Hig | 0.49 | 7.5 | 0.01 | Sep 21, 2018 | The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | ||
| CVE-2018-12511 | Hig | 0.49 | 7.5 | 0.01 | Sep 21, 2018 | In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily. | ||
| CVE-2018-10911 | Hig | 0.49 | 7.5 | 0.03 | Sep 4, 2018 | A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. | ||
| CVE-2018-11054 | Hig | 0.49 | 7.5 | 0.03 | Aug 31, 2018 | RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. | ||
| CVE-2018-1000224 | Hig | 0.49 | 7.5 | 0.04 | Aug 20, 2018 | Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can… | ||
| CVE-2018-15560 | — | Hig | 0.49 | 7.5 | 0.02 | Aug 20, 2018 | PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes. | |
| CVE-2018-11687 | Hig | 0.49 | 7.5 | 0.01 | Aug 15, 2018 | An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May… | ||
| CVE-2018-11561 | Hig | 0.49 | 7.5 | 0.01 | Aug 8, 2018 | An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets. | ||
| CVE-2018-14576 | Hig | 0.49 | 7.5 | 0.02 | Aug 3, 2018 | The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable. | ||
| CVE-2018-14444 | Hig | 0.49 | 7.5 | 0.01 | Jul 20, 2018 | libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash. | ||
| CVE-2018-14343 | Hig | 0.49 | 7.5 | 0.03 | Jul 19, 2018 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. | ||
| CVE-2018-14341 | Hig | 0.49 | 7.5 | 0.04 | Jul 19, 2018 | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. | ||
| CVE-2018-14337 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2018 | The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. | ||
| CVE-2018-14006 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-14005 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-14004 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-14003 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-14002 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance. |
- risk 0.49cvss 7.5epss 0.04
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
- risk 0.49cvss 7.5epss 0.06
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
- risk 0.49cvss 7.5epss 0.01
The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- risk 0.49cvss 7.5epss 0.01
In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily.
- risk 0.49cvss 7.5epss 0.03
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
- risk 0.49cvss 7.5epss 0.03
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
- risk 0.49cvss 7.5epss 0.04
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can…
- risk 0.49cvss 7.5epss 0.02
PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.
- risk 0.49cvss 7.5epss 0.01
An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May…
- risk 0.49cvss 7.5epss 0.01
An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets.
- risk 0.49cvss 7.5epss 0.02
The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.
- risk 0.49cvss 7.5epss 0.01
libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash.
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
- risk 0.49cvss 7.5epss 0.04
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
- risk 0.49cvss 7.5epss 0.01
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.