VYPR

CWE-682

Incorrect Calculation

PillarDraftLikelihood: High

Description

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

When product performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-128 · CAPEC-129

CVEs mapped to this weakness (64)

page 2 of 4
  • CVE-2018-16781MedSep 10, 2018
    risk 0.42cvss 6.5epss 0.01

    ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table.

  • CVE-2017-11537MedJul 23, 2017
    risk 0.42cvss 6.5epss 0.02

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.

  • CVE-2011-1573MedFeb 2, 2012
    risk 0.39cvss 5.9epss 0.03

    net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of…

  • CVE-2025-54427MedJul 28, 2025
    risk 0.38cvss epss 0.01

    Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic note_min_gas_price_target is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each…

  • CVE-2024-34704MedMay 14, 2024
    risk 0.38cvss 5.9epss 0.00

    era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. To perform this…

  • CVE-2016-9377MedFeb 22, 2017
    risk 0.36cvss 5.5epss 0.00

    Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.

  • CVE-2017-5462MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.03

    A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version…

  • CVE-2016-7433MedJan 13, 2017
    risk 0.35cvss 5.3epss 0.10

    NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."

  • CVE-2024-25883MedFeb 6, 2025
    risk 0.34cvss 5.3epss 0.00

    The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors.

  • CVE-2023-43490MedMar 14, 2024
    risk 0.34cvss 5.3epss 0.00

    Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2017-8932MedJul 6, 2017
    risk 0.32cvss 5.9epss 0.02

    A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar…

  • CVE-2023-7346MedMay 20, 2026
    risk 0.26cvss 4.0epss 0.00

    Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious…

  • CVE-2025-5372MedJul 4, 2025
    risk 0.26cvss 5.0epss 0.00

    A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the…

  • CVE-2025-0036LowJun 10, 2025
    risk 0.21cvss 3.2epss 0.00

    In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.

  • CVE-2026-44074LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect…

  • CVE-2026-7836LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input.

  • CVE-2025-59047LowSep 11, 2025
    risk 0.11cvss epss 0.00

    matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1.…

  • CVE-2026-1229Feb 24, 2026
    risk 0.00cvss epss 0.00

    The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3…

  • CVE-2026-24783Jan 27, 2026
    risk 0.00cvss epss 0.00

    soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product $x * y$ and the divisor $z$ were negative. The logic assumed that if the…

  • CVE-2025-48985Nov 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details:…