CWE-191
Integer Underflow (Wrap or Wraparound)
Description
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (155)
page 2 of 8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2311 | Cri | 0.57 | 9.8 | 0.03 | Aug 9, 2017 | Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message. | ||
| CVE-2026-45463 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-54413 | Hig | 0.53 | 8.2 | 0.00 | Jun 14, 2026 | driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_SecurityAccess() function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer… | ||
| CVE-2026-54412 | Hig | 0.53 | 8.2 | 0.00 | Jun 14, 2026 | LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt_unpack_publish_response() function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an… | ||
| CVE-2026-42981 | Hig | 0.53 | 8.1 | 0.01 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-3172 | Hig | 0.53 | 8.1 | 0.00 | Feb 25, 2026 | Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server. | ||
| CVE-2025-62291 | Hig | 0.53 | 8.1 | 0.01 | Jan 16, 2026 | In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. | ||
| CVE-2025-3947 | Hig | 0.53 | 8.2 | 0.00 | Jul 10, 2025 | The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking… | ||
| CVE-2004-0816 | Hig | 0.53 | 7.5 | 0.12 | Dec 23, 2004 | Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet. | ||
| CVE-2026-5720 | Cri | 0.52 | 9.1 | 0.01 | Apr 17, 2026 | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read… | ||
| CVE-2026-32179 | — | cri | 0.52 | — | 0.00 | Apr 16, 2026 | ### Summary Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network. ### Details Improper Input Validation Integer Underflow (Wrap or Wraparound) when decoding ACK frame. #### Patches - Fix underflow in ACK frame… | |
| CVE-2026-45469 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-42980 | Hig | 0.51 | 7.8 | 0.06 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-25104 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability | ||
| CVE-2026-40397 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33999 | Hig | 0.51 | 7.8 | 0.00 | Apr 23, 2026 | A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially… | ||
| CVE-2026-27297 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open… | ||
| CVE-2026-27296 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open… | ||
| CVE-2026-27907 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | ||
| CVE-2024-46759 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the… |
- risk 0.57cvss 9.8epss 0.03
Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.
- risk 0.55cvss 8.4epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.53cvss 8.2epss 0.00
driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_SecurityAccess() function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer…
- risk 0.53cvss 8.2epss 0.00
LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt_unpack_publish_response() function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an…
- risk 0.53cvss 8.1epss 0.01
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.00
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
- risk 0.53cvss 8.1epss 0.01
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
- risk 0.53cvss 8.2epss 0.00
The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking…
- risk 0.53cvss 7.5epss 0.12
Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet.
- risk 0.52cvss 9.1epss 0.01
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read…
- risk 0.52cvss —epss 0.00
### Summary Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network. ### Details Improper Input Validation Integer Underflow (Wrap or Wraparound) when decoding ACK frame. #### Patches - Fix underflow in ACK frame…
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.06
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially…
- risk 0.51cvss 7.8epss 0.00
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open…
- risk 0.51cvss 7.8epss 0.00
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open…
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the…