Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-191
Total 161 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-21685 1 Parity 1 Frontier 2022-01-21 4.0 MEDIUM 6.5 MEDIUM
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.
CVE-2021-43083 1 Apache 1 Plc4x 2022-01-04 6.5 MEDIUM 8.8 HIGH
Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together.
CVE-2015-0537 1 Dell 3 Bsafe, Bsafe Crypto-c, Bsafe Ssl-c 2021-12-14 7.5 HIGH 9.8 CRITICAL
Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292.
CVE-2021-22379 1 Huawei 2 Emui, Magic Ui 2021-12-09 5.0 MEDIUM 7.5 HIGH
There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS of Samgr.
CVE-2020-15158 1 Mz-automation 1 Libiec61850 2021-11-18 7.5 HIGH 9.8 CRITICAL
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.
CVE-2021-41196 1 Google 1 Tensorflow 2021-11-09 2.1 LOW 5.5 MEDIUM
TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
CVE-2019-9133 3 Fedoraproject, Kmplayer, Microsoft 3 Fedora, Kmplayer, Windows 2021-11-03 4.3 MEDIUM 5.5 MEDIUM
When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.
CVE-2019-5459 2 Opensuse, Videolan 4 Backports, Backports Sle, Leap and 1 more 2021-11-03 5.8 MEDIUM 7.1 HIGH
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
CVE-2019-1628 1 Cisco 2 Integrated Management Controller, Unified Computing System 2021-10-29 2.1 LOW 5.5 MEDIUM
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. An exploit could allow the attacker to cause a buffer overflow, resulting in a process crash and DoS condition on the device.
CVE-2021-3323 1 Zephyrproject 1 Zephyr 2021-10-18 7.5 HIGH 9.8 CRITICAL
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
CVE-2021-3321 1 Zephyrproject 1 Zephyr 2021-10-18 5.8 MEDIUM 8.8 HIGH
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
CVE-2021-41821 1 Wazuh 1 Wazuh 2021-10-12 4.0 MEDIUM 6.5 MEDIUM
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.
CVE-2021-1919 1 Qualcomm 310 Apq8009, Apq8009 Firmware, Apq8009w and 307 more 2021-09-14 10.0 HIGH 9.8 CRITICAL
Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-1920 1 Qualcomm 342 Apq8009, Apq8009 Firmware, Apq8009w and 339 more 2021-09-14 10.0 HIGH 9.8 CRITICAL
Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2017-9214 3 Debian, Openvswitch, Redhat 6 Debian Linux, Openvswitch, Enterprise Linux and 3 more 2021-08-04 7.5 HIGH 9.8 CRITICAL
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
CVE-2021-33536 1 Weidmueller 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more 2021-07-27 5.0 MEDIUM 7.5 HIGH
In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
CVE-2019-10054 1 Suricata-ids 1 Suricata 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file.
CVE-2019-10053 1 Suricata-ids 1 Suricata 2021-07-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.
CVE-2020-1239 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-07-21 6.8 MEDIUM 8.8 HIGH
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238.
CVE-2019-9183 2 Contiki-ng, Contiki-os 2 Contiki-ng, Contiki 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame.