VYPR

CWE-191

Integer Underflow (Wrap or Wraparound)

BaseDraft

Description

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

This can happen in signed and unsigned cases.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (155)

page 1 of 8
  • CVE-2014-0497CriKEVFeb 5, 2014
    risk 0.87cvss 9.8epss 1.00

    Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2005-0199CriMay 2, 2005
    risk 0.68cvss 9.8epss 0.19

    Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a…

  • CVE-2019-14199CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.

  • CVE-2019-14192CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.

  • CVE-2018-14817CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2015-9198CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD…

  • CVE-2015-9167CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in an EMM command, an integer…

  • CVE-2015-9129CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD…

  • CVE-2017-11757CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.02

    Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads…

  • CVE-2017-9214CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.03

    In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

  • CVE-2017-8911CriMay 12, 2017
    risk 0.64cvss 9.8epss 0.02

    An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.

  • CVE-2016-1925CriJan 23, 2017
    risk 0.64cvss 9.8epss 0.03

    Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow.

  • CVE-2015-0537CriAug 20, 2015
    risk 0.64cvss 9.8epss 0.03

    Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to…

  • CVE-2025-2523CriJul 10, 2025
    risk 0.61cvss 9.4epss 0.01

    The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a…

  • CVE-2025-55118HigSep 16, 2025
    risk 0.58cvss 8.9epss 0.00

    Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent…

  • CVE-2016-10166CriMar 15, 2017
    risk 0.58cvss 9.8epss 0.11

    Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.

  • CVE-2026-37534CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.00

    Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame.

  • CVE-2018-14353CriJul 17, 2018
    risk 0.57cvss 9.8epss 0.04

    An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

  • CVE-2017-14496HigOct 3, 2017
    risk 0.57cvss 7.5epss 0.66

    Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

  • CVE-2017-14796HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.02

    The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in…