CWE-190
Integer Overflow or Wraparound
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (1,551)
page 3 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-40765 | Cri | 0.64 | 9.8 | 0.01 | Jan 9, 2025 | An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||
| CVE-2024-50944 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2024 | Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method. | ||
| CVE-2024-45492 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||
| CVE-2024-45491 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||
| CVE-2024-41184 | Cri | 0.64 | 9.8 | 0.01 | Jul 18, 2024 | In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user. | ||
| CVE-2024-1917 | Cri | 0.64 | 9.8 | 0.01 | Mar 15, 2024 | Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. | ||
| CVE-2024-1916 | Cri | 0.64 | 9.8 | 0.01 | Mar 15, 2024 | Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. | ||
| CVE-2024-0803 | Cri | 0.64 | 9.8 | 0.01 | Mar 15, 2024 | Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. | ||
| CVE-2019-19638 | Cri | 0.64 | 9.8 | 0.01 | Dec 8, 2019 | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow. | ||
| CVE-2019-19637 | Cri | 0.64 | 9.8 | 0.01 | Dec 8, 2019 | An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c. | ||
| CVE-2019-19636 | Cri | 0.64 | 9.8 | 0.01 | Dec 8, 2019 | An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c. | ||
| CVE-2019-1010298 | Cri | 0.64 | 9.8 | 0.04 | Jul 15, 2019 | Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. | ||
| CVE-2019-1010297 | Cri | 0.64 | 9.8 | 0.03 | Jul 15, 2019 | Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. | ||
| CVE-2019-1010296 | Cri | 0.64 | 9.8 | 0.03 | Jul 15, 2019 | Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. | ||
| CVE-2018-17963 | Cri | 0.64 | 9.8 | 0.05 | Oct 9, 2018 | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2018-1000810 | Cri | 0.64 | 9.8 | 0.03 | Oct 8, 2018 | The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable… | ||
| CVE-2017-9120 | — | Cri | 0.64 | 9.8 | 0.08 | Aug 2, 2018 | PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. | |
| CVE-2018-14088 | Cri | 0.64 | 9.8 | 0.01 | Jul 16, 2018 | An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in… | ||
| CVE-2018-14087 | Cri | 0.64 | 9.8 | 0.01 | Jul 16, 2018 | An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the… | ||
| CVE-2018-14086 | Cri | 0.64 | 9.8 | 0.01 | Jul 16, 2018 | An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer… |
- risk 0.64cvss 9.8epss 0.01
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
- risk 0.64cvss 9.8epss 0.01
Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- risk 0.64cvss 9.8epss 0.01
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
- risk 0.64cvss 9.8epss 0.01
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
- risk 0.64cvss 9.8epss 0.01
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
- risk 0.64cvss 9.8epss 0.01
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.
- risk 0.64cvss 9.8epss 0.04
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
- risk 0.64cvss 9.8epss 0.03
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
- risk 0.64cvss 9.8epss 0.03
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
- risk 0.64cvss 9.8epss 0.05
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.03
The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable…
- risk 0.64cvss 9.8epss 0.08
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer…