Vulnerabilities (CVE)

Filtered by CWE-191
Total 139 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6096 2 Fedoraproject, Gnu 2 Fedora, Glibc 2022-05-12 6.8 MEDIUM 8.1 HIGH
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.
CVE-2020-6098 1 Freediameter 1 Freediameter 2022-05-12 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-8174 3 Netapp, Nodejs, Oracle 9 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 6 more 2022-05-12 9.3 HIGH 8.1 HIGH
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
CVE-2019-5148 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-04-29 5.0 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
CVE-2019-5099 1 Leadtools 1 Leadtools 2022-04-29 6.8 MEDIUM 7.8 HIGH
An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability.
CVE-2020-15900 3 Artifex, Canonical, Opensuse 3 Ghostscript, Ubuntu Linux, Leap 2022-04-27 7.5 HIGH 9.8 CRITICAL
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
CVE-2020-1400 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2022-04-27 9.3 HIGH 7.8 HIGH
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.
CVE-2019-9755 2 Redhat, Tuxera 6 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server and 3 more 2022-04-26 4.4 MEDIUM 7.0 HIGH
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
CVE-2021-37706 4 Asterisk, Debian, Sangoma and 1 more 4 Certified Asterisk, Debian Linux, Asterisk and 1 more 2022-04-25 9.3 HIGH 9.8 CRITICAL
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.
CVE-2021-44489 2 Fisglobal, Yottadb 2 Gt.m, Yottadb 2022-04-22 5.0 MEDIUM 7.5 HIGH
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction.
CVE-2021-44509 1 Fisglobal 1 Gt.m 2022-04-22 5.0 MEDIUM 7.5 HIGH
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application.
CVE-2018-3926 1 Samsung 2 Sth-eth-250, Sth-eth-250 Firmware 2022-04-19 4.9 MEDIUM 5.5 MEDIUM
An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2018-4011 1 Getcujo 1 Smart Firewall 2022-04-19 5.0 MEDIUM 7.5 HIGH
An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.
CVE-2018-3999 1 Atlantiswordprocessor 1 Atlantis Word Processor 2022-04-19 6.8 MEDIUM 7.8 HIGH
An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.
CVE-2022-23034 2 Fedoraproject, Xen 2 Fedora, Xen 2022-04-19 2.1 LOW 5.5 MEDIUM
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check.
CVE-2019-13602 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more 2022-04-18 6.8 MEDIUM 7.8 HIGH
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
CVE-2022-20073 2 Google, Mediatek 44 Android, Mt2601, Mt6580 and 41 more 2022-04-18 4.4 MEDIUM 6.6 MEDIUM
In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841.
CVE-2019-13104 2 Denx, Opensuse 2 U-boot, Leap 2022-04-18 6.8 MEDIUM 7.8 HIGH
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
CVE-2020-36228 3 Apple, Debian, Openldap 3 Macos, Debian Linux, Openldap 2022-04-13 5.0 MEDIUM 7.5 HIGH
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
CVE-2020-36221 3 Apple, Debian, Openldap 4 Mac Os X, Macos, Debian Linux and 1 more 2022-04-13 5.0 MEDIUM 7.5 HIGH
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).