Monthly
Integer underflow in wolfSSL's ASN.1 certificate parser allows remote attackers to trigger information disclosure and potential memory access violations when processing malformed X.509 certificates with oversized Subject Alternative Name extensions. The vulnerability affects wolfSSL versions up to 5.9.0 but only impacts systems using the non-default original ASN.1 parsing implementation; no public exploit code or active exploitation has been identified at time of analysis.
Integer underflow in wolfSSL's packet sniffer (versions up to 5.9.0) allows remote attackers to crash applications during AEAD decryption by sending malformed TLS Application Data records with insufficient length for the explicit IV and authentication tag. The vulnerability wraps a 16-bit length value to an unexpectedly large integer, triggering an out-of-bounds read in decryption routines. While the CVSS score is low (2.1) due to limited practical impact (availability only), the attack requires no victim interaction beyond network exposure and affects any system passively inspecting encrypted TLS traffic through wolfSSL's ssl_DecodePacket function.
Denial of service in OpenPrinting CUPS 2.4.16 and prior allows unprivileged local users to crash the cupsd root process via integer underflow in _ppdCreateFromIPP() by supplying a negative job-password-supported IPP attribute, which wraps to a large size_t value and triggers a stack buffer overflow in memset(). When combined with systemd's automatic restart mechanism, an attacker can sustain repeated crashes without requiring elevated privileges or user interaction.
Integer underflow in Nimiq core-rs-albatross <1.3.0 enables unauthenticated remote attackers to trigger deterministic denial-of-service via crafted peer handshake. Attackers send limit=0 during discovery handshake, causing arithmetic underflow (0-1 wraps to usize::MAX) when session transitions to Established state, resulting in capacity overflow panic when allocating peer contact vector. Upstream fix available (PR/commit); released patched version 1.3.0 confirmed. No public exploit identified at time of analysis, but EPSS indicates low exploitation probability and attack is trivially reproducible given simple network message crafting.
Maliciously crafted `.idx` files in go-git v5 cause asymmetric memory consumption leading to Denial of Service through integer overflow vulnerabilities. Exploitation requires local write access to the `.git` directory, limiting attack surface to scenarios where an attacker has already compromised repository access or can inject files into a shared repository. No public exploit code or active exploitation has been confirmed; however, the low CVSS complexity and requirement for only low-privilege local access make this a moderate operational concern for development environments and CI/CD systems that process untrusted repositories.
Unauthenticated remote attackers can crash strongSwan versions 4.5.0 through 6.0.4 via integer underflow in the EAP-TTLS AVP parser during IKEv2 authentication by sending malformed AVP packets with invalid length fields. Public exploit code exists for this denial of service vulnerability, which triggers memory corruption in the charon daemon with no available patch. Organizations running affected strongSwan versions are vulnerable to service disruption without authentication or user interaction required.
Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket.
libsoup versions prior to the patched release contain an integer underflow vulnerability in zero-length resource processing that enables unauthenticated remote attackers to read adjacent memory or trigger denial of service. The vulnerability stems from improper bounds checking during content handling, affecting any application using the vulnerable libsoup library for HTTP operations. No public exploit code has been identified, and the low EPSS score (0.04%, percentile 11%) indicates exploitation is unlikely in practice despite the moderate CVSS score of 6.5.
A critical integer underflow vulnerability in libexif library versions up to 0.6.25 allows attackers to cause buffer overflows when processing malformed EXIF MakerNotes data in image files. This vulnerability can lead to arbitrary code execution or information disclosure when a victim opens a maliciously crafted image file containing specially crafted EXIF metadata. While not currently listed in CISA KEV or showing high EPSS scores, the vulnerability has a published fix and affects a widely-used image metadata processing library.
CVE-2026-3084 is an integer underflow vulnerability in GStreamer's H.266 codec parser that allows remote code execution when processing malicious media files. The vulnerability affects all versions of GStreamer (CPE indicates wildcard versioning) and can be exploited through user interaction with specially crafted H.266 video content, allowing attackers to execute arbitrary code in the context of the application. No active exploitation (not in KEV) or public POC has been reported, and the relatively high CVSS score (7.8) is tempered by the local attack vector and user interaction requirement.
Integer underflow in wolfSSL's ASN.1 certificate parser allows remote attackers to trigger information disclosure and potential memory access violations when processing malformed X.509 certificates with oversized Subject Alternative Name extensions. The vulnerability affects wolfSSL versions up to 5.9.0 but only impacts systems using the non-default original ASN.1 parsing implementation; no public exploit code or active exploitation has been identified at time of analysis.
Integer underflow in wolfSSL's packet sniffer (versions up to 5.9.0) allows remote attackers to crash applications during AEAD decryption by sending malformed TLS Application Data records with insufficient length for the explicit IV and authentication tag. The vulnerability wraps a 16-bit length value to an unexpectedly large integer, triggering an out-of-bounds read in decryption routines. While the CVSS score is low (2.1) due to limited practical impact (availability only), the attack requires no victim interaction beyond network exposure and affects any system passively inspecting encrypted TLS traffic through wolfSSL's ssl_DecodePacket function.
Denial of service in OpenPrinting CUPS 2.4.16 and prior allows unprivileged local users to crash the cupsd root process via integer underflow in _ppdCreateFromIPP() by supplying a negative job-password-supported IPP attribute, which wraps to a large size_t value and triggers a stack buffer overflow in memset(). When combined with systemd's automatic restart mechanism, an attacker can sustain repeated crashes without requiring elevated privileges or user interaction.
Integer underflow in Nimiq core-rs-albatross <1.3.0 enables unauthenticated remote attackers to trigger deterministic denial-of-service via crafted peer handshake. Attackers send limit=0 during discovery handshake, causing arithmetic underflow (0-1 wraps to usize::MAX) when session transitions to Established state, resulting in capacity overflow panic when allocating peer contact vector. Upstream fix available (PR/commit); released patched version 1.3.0 confirmed. No public exploit identified at time of analysis, but EPSS indicates low exploitation probability and attack is trivially reproducible given simple network message crafting.
Maliciously crafted `.idx` files in go-git v5 cause asymmetric memory consumption leading to Denial of Service through integer overflow vulnerabilities. Exploitation requires local write access to the `.git` directory, limiting attack surface to scenarios where an attacker has already compromised repository access or can inject files into a shared repository. No public exploit code or active exploitation has been confirmed; however, the low CVSS complexity and requirement for only low-privilege local access make this a moderate operational concern for development environments and CI/CD systems that process untrusted repositories.
Unauthenticated remote attackers can crash strongSwan versions 4.5.0 through 6.0.4 via integer underflow in the EAP-TTLS AVP parser during IKEv2 authentication by sending malformed AVP packets with invalid length fields. Public exploit code exists for this denial of service vulnerability, which triggers memory corruption in the charon daemon with no available patch. Organizations running affected strongSwan versions are vulnerable to service disruption without authentication or user interaction required.
Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket.
libsoup versions prior to the patched release contain an integer underflow vulnerability in zero-length resource processing that enables unauthenticated remote attackers to read adjacent memory or trigger denial of service. The vulnerability stems from improper bounds checking during content handling, affecting any application using the vulnerable libsoup library for HTTP operations. No public exploit code has been identified, and the low EPSS score (0.04%, percentile 11%) indicates exploitation is unlikely in practice despite the moderate CVSS score of 6.5.
A critical integer underflow vulnerability in libexif library versions up to 0.6.25 allows attackers to cause buffer overflows when processing malformed EXIF MakerNotes data in image files. This vulnerability can lead to arbitrary code execution or information disclosure when a victim opens a maliciously crafted image file containing specially crafted EXIF metadata. While not currently listed in CISA KEV or showing high EPSS scores, the vulnerability has a published fix and affects a widely-used image metadata processing library.
CVE-2026-3084 is an integer underflow vulnerability in GStreamer's H.266 codec parser that allows remote code execution when processing malicious media files. The vulnerability affects all versions of GStreamer (CPE indicates wildcard versioning) and can be exploited through user interaction with specially crafted H.266 video content, allowing attackers to execute arbitrary code in the context of the application. No active exploitation (not in KEV) or public POC has been reported, and the relatively high CVSS score (7.8) is tempered by the local attack vector and user interaction requirement.