Vulnerabilities (CVE)

Filtered by CWE-191
Total 245 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-21685 1 Parity 1 Frontier 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.
CVE-2021-43083 1 Apache 1 Plc4x 2024-02-04 6.5 MEDIUM 8.8 HIGH
Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together.
CVE-2021-41821 1 Wazuh 1 Wazuh 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.
CVE-2021-3323 1 Zephyrproject 1 Zephyr 2024-02-04 7.5 HIGH 9.8 CRITICAL
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
CVE-2021-1920 1 Qualcomm 342 Apq8009, Apq8009 Firmware, Apq8009w and 339 more 2024-02-04 10.0 HIGH 9.8 CRITICAL
Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-33536 1 Weidmueller 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
CVE-2021-25849 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-02-04 7.8 HIGH 7.5 HIGH
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.
CVE-2021-3472 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-02-04 7.2 HIGH 7.8 HIGH
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-31178 1 Microsoft 6 365 Apps, Excel, Office and 3 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
Microsoft Office Information Disclosure Vulnerability
CVE-2021-20240 2 Fedoraproject, Gnome 2 Fedora, Gdk-pixbuf 2024-02-04 8.3 HIGH 8.8 HIGH
A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-25846 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-02-04 7.8 HIGH 7.5 HIGH
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.
CVE-2021-1108 1 Nvidia 10 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 7 more 2024-02-04 4.6 MEDIUM 7.3 HIGH
NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.
CVE-2021-21811 1 Att 1 Xmill 2024-02-04 7.5 HIGH 9.8 CRITICAL
A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-1919 1 Qualcomm 310 Apq8009, Apq8009 Firmware, Apq8009w and 307 more 2024-02-04 10.0 HIGH 9.8 CRITICAL
Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-22379 1 Huawei 2 Emui, Magic Ui 2024-02-04 5.0 MEDIUM 7.5 HIGH
There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS of Samgr.
CVE-2021-27486 1 Fatek 1 Winproladder 2024-02-04 6.8 MEDIUM 7.8 HIGH
FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code.
CVE-2020-36228 3 Apple, Debian, Openldap 3 Macos, Debian Linux, Openldap 2024-02-04 5.0 MEDIUM 7.5 HIGH
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
CVE-2021-28362 1 Contiki-os 1 Contiki 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.
CVE-2021-28027 1 Bam Project 1 Bam 2024-02-04 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.
CVE-2020-36221 3 Apple, Debian, Openldap 4 Mac Os X, Macos, Debian Linux and 1 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).