VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 50 of 78
  • CVE-2018-13073HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13072HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13071HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13070HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13069HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13068HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13041HigJul 1, 2018
    risk 0.49cvss 7.5epss 0.01

    The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-12070HigJun 25, 2018
    risk 0.49cvss 7.5epss 0.01

    The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable…

  • CVE-2018-12068HigJun 25, 2018
    risk 0.49cvss 7.5epss 0.01

    The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable…

  • CVE-2018-12067HigJun 25, 2018
    risk 0.49cvss 7.5epss 0.01

    The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable…

  • CVE-2018-12063HigJun 25, 2018
    risk 0.49cvss 7.5epss 0.01

    The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a…

  • CVE-2018-12062HigJun 25, 2018
    risk 0.49cvss 7.5epss 0.01

    The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable…

  • CVE-2018-11446HigJun 25, 2018
    risk 0.49cvss 7.5epss 0.01

    The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable…

  • CVE-2018-11239HigMay 19, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as…

  • CVE-2018-10973HigMay 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.

  • CVE-2018-10706HigMay 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the "multiOverflow" issue.

  • CVE-2018-10376HigApr 25, 2018
    risk 0.49cvss 7.5epss 0.02

    An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in…

  • CVE-2018-10299HigApr 23, 2018
    risk 0.49cvss 7.5epss 0.03

    An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two…

  • CVE-2018-1084HigApr 12, 2018
    risk 0.49cvss 7.5epss 0.03

    corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

  • CVE-2018-6917HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be…