Total
195 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1891 | 2 Aol, Microsoft | 2 Aim, Windows | 2024-02-08 | 5.0 MEDIUM | 7.5 HIGH |
The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. | |||||
CVE-2005-0199 | 1 Barton | 1 Ngircd | 2024-02-08 | 7.5 HIGH | 9.8 CRITICAL |
Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow. | |||||
CVE-2004-1002 | 2 Canonical, Samba | 2 Ubuntu Linux, Ppp | 2024-02-08 | 5.0 MEDIUM | 7.5 HIGH |
Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location. | |||||
CVE-2004-0816 | 1 Linux | 1 Linux Kernel | 2024-02-08 | 5.0 MEDIUM | 7.5 HIGH |
Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet. | |||||
CVE-2024-0808 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-05 | N/A | 9.8 CRITICAL |
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | |||||
CVE-2023-48298 | 1 Clickhouse | 2 Clickhouse, Clickhouse Cloud | 2024-02-05 | N/A | 7.5 HIGH |
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited. | |||||
CVE-2023-43628 | 1 Gpsd Project | 1 Gpsd | 2024-02-05 | N/A | 7.5 HIGH |
An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2023-47360 | 1 Videolan | 1 Vlc Media Player | 2024-02-05 | N/A | 7.5 HIGH |
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | |||||
CVE-2023-38427 | 1 Linux | 1 Linux Kernel | 2024-02-05 | N/A | 9.8 CRITICAL |
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. | |||||
CVE-2022-28733 | 1 Gnu | 1 Grub2 | 2024-02-05 | N/A | 8.1 HIGH |
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. | |||||
CVE-2023-26421 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-04 | N/A | 7.8 HIGH |
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Integer Underflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-24820 | 1 Riot-os | 1 Riot | 2024-02-04 | N/A | 7.5 HIGH |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually. | |||||
CVE-2023-24817 | 1 Riot-os | 1 Riot | 2024-02-04 | N/A | 7.5 HIGH |
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack. | |||||
CVE-2023-35790 | 1 Libjxl Project | 1 Libjxl | 2024-02-04 | N/A | 7.5 HIGH |
An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop. | |||||
CVE-2023-24821 | 1 Riot-os | 1 Riot | 2024-02-04 | N/A | 7.5 HIGH |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | |||||
CVE-2023-20635 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2024-02-04 | N/A | 4.4 MEDIUM |
In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028. | |||||
CVE-2022-37301 | 1 Schneider-electric | 96 Modicon M340 Bmx P34-2010, Modicon M340 Bmx P34-2010 Firmware, Modicon M340 Bmx P34-2030 and 93 more | 2024-02-04 | N/A | 7.5 HIGH |
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) | |||||
CVE-2022-20483 | 1 Google | 1 Android | 2024-02-04 | N/A | 7.5 HIGH |
In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126 | |||||
CVE-2022-20516 | 1 Google | 1 Android | 2024-02-04 | N/A | 7.5 HIGH |
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331 | |||||
CVE-2022-38681 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-02-04 | N/A | 5.5 MEDIUM |
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |