Skip to main content

CWE-758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

14 CVEs Avg CVSS 6.6 MITRE
2
CRITICAL
3
HIGH
7
MEDIUM
2
LOW
2
POC
0
KEV

Monthly

CVE-2026-50185 Cargo MEDIUM POC PATCH GHSA This Month

Incorrect conditional-move output in the RustCrypto `cmov` crate's aarch64 backend causes cryptographic constant-time operations to silently produce wrong results on aarch64 platforms. The inline assembly implementations of `Cmov` and `CmovEq` compare full 32-bit register contents instead of the intended narrowed type widths when evaluating conditions, because Rust's inline assembly specification explicitly leaves upper register bits undefined for inputs smaller than the register size. A proof-of-concept demonstrating the failure is included in the advisory; the vulnerability is not listed in CISA KEV and no active exploitation has been reported.

Information Disclosure
NVD GitHub
CVE-2024-58350 LOW PATCH Monitor

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ghidra
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-40279 LOW PATCH Monitor

BACnet Stack prior to version 1.4.3 exhibits undefined behavior in the decode_signed32() function when processing signed-integer property values containing bytes with the high bit set, causing denial of service through integer overflow. Network-remote attackers can trigger this vulnerability by sending specially crafted BACnet packets with high-bit-set byte sequences, resulting in application instability or crash on embedded systems running vulnerable versions. The vulnerability is confirmed fixed in version 1.4.3.

Buffer Overflow Bacnet Stack
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-34537 MEDIUM This Month

Local denial of service in iccDEV prior to version 2.3.1.6 allows unauthenticated local attackers to crash applications processing ICC color profiles by crafting malicious profiles that trigger undefined behavior through invalid enum values in CIccOpDefEnvVar::Exec(). The vulnerability requires local file access but no privilege escalation, with an EPSS score of 6.2 reflecting moderate real-world risk. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34533 MEDIUM This Month

Undefined Behavior in iccDEV prior to version 2.3.1.6 allows local attackers to cause a denial of service by supplying a crafted ICC color profile containing invalid enum values for icChannelFuncSignature, which triggers an application crash during profile processing in CIccCalculatorFunc::ApplySequence(). The vulnerability requires local file access or the ability to provide a malicious ICC profile to an application using the library; no public exploit code has been identified.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34549 MEDIUM This Month

Denial of service via crafted ICC color profile in iccDEV library prior to version 2.3.1.6 triggers undefined behavior through invalid left shift operations on 32-bit unsigned integers, causing application crashes. The vulnerability affects all iccDEV versions before 2.3.1.6 and requires only local file access to exploit (no authentication or user interaction required beyond opening a malicious profile). No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34547 MEDIUM This Month

Denial of service via undefined behavior in iccDEV versions prior to 2.3.1.6 allows local attackers to crash the iccDumpProfile tool by supplying a crafted ICC color profile. The vulnerability exploits an unsafe memory operation in IccUtil.cpp triggered during profile parsing, resulting in application termination with no authentication required. No public exploit code or active exploitation has been reported at time of analysis.

Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-4718 HIGH PATCH This Week

An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially leading to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this through WebRTC signaling interactions to disclose sensitive information, though specific exploitation details remain limited in public disclosures.

Mozilla Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-4705 CRITICAL PATCH Act Now

An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially enabling information disclosure attacks. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. While specific exploitation mechanics are not fully detailed in available public sources, the vulnerability is classified as an information disclosure issue that could allow attackers to extract sensitive data through malformed WebRTC signaling messages.

Information Disclosure Mozilla Red Hat Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4724 CRITICAL PATCH Act Now

An undefined behavior vulnerability exists in the Firefox Audio/Video component that could lead to information disclosure. This affects all Firefox versions prior to 149. While specific exploitation details are limited due to missing CVSS and CWE data, the vulnerability's classification as information disclosure suggests an attacker could potentially access sensitive audio or video processing data or bypass security boundaries within the multimedia subsystem.

Mozilla Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
MEDIUM POC PATCH This Month

Incorrect conditional-move output in the RustCrypto `cmov` crate's aarch64 backend causes cryptographic constant-time operations to silently produce wrong results on aarch64 platforms. The inline assembly implementations of `Cmov` and `CmovEq` compare full 32-bit register contents instead of the intended narrowed type widths when evaluating conditions, because Rust's inline assembly specification explicitly leaves upper register bits undefined for inputs smaller than the register size. A proof-of-concept demonstrating the failure is included in the advisory; the vulnerability is not listed in CISA KEV and no active exploitation has been reported.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ghidra
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

BACnet Stack prior to version 1.4.3 exhibits undefined behavior in the decode_signed32() function when processing signed-integer property values containing bytes with the high bit set, causing denial of service through integer overflow. Network-remote attackers can trigger this vulnerability by sending specially crafted BACnet packets with high-bit-set byte sequences, resulting in application instability or crash on embedded systems running vulnerable versions. The vulnerability is confirmed fixed in version 1.4.3.

Buffer Overflow Bacnet Stack
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Local denial of service in iccDEV prior to version 2.3.1.6 allows unauthenticated local attackers to crash applications processing ICC color profiles by crafting malicious profiles that trigger undefined behavior through invalid enum values in CIccOpDefEnvVar::Exec(). The vulnerability requires local file access but no privilege escalation, with an EPSS score of 6.2 reflecting moderate real-world risk. No public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure Iccdev
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Undefined Behavior in iccDEV prior to version 2.3.1.6 allows local attackers to cause a denial of service by supplying a crafted ICC color profile containing invalid enum values for icChannelFuncSignature, which triggers an application crash during profile processing in CIccCalculatorFunc::ApplySequence(). The vulnerability requires local file access or the ability to provide a malicious ICC profile to an application using the library; no public exploit code has been identified.

Information Disclosure Iccdev
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Denial of service via crafted ICC color profile in iccDEV library prior to version 2.3.1.6 triggers undefined behavior through invalid left shift operations on 32-bit unsigned integers, causing application crashes. The vulnerability affects all iccDEV versions before 2.3.1.6 and requires only local file access to exploit (no authentication or user interaction required beyond opening a malicious profile). No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Iccdev
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Denial of service via undefined behavior in iccDEV versions prior to 2.3.1.6 allows local attackers to crash the iccDumpProfile tool by supplying a crafted ICC color profile. The vulnerability exploits an unsafe memory operation in IccUtil.cpp triggered during profile parsing, resulting in application termination with no authentication required. No public exploit code or active exploitation has been reported at time of analysis.

Information Disclosure Iccdev
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially leading to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this through WebRTC signaling interactions to disclose sensitive information, though specific exploitation details remain limited in public disclosures.

Mozilla Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An undefined behavior vulnerability exists in the WebRTC Signaling component of Mozilla Firefox and Firefox ESR, potentially enabling information disclosure attacks. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are affected. While specific exploitation mechanics are not fully detailed in available public sources, the vulnerability is classified as an information disclosure issue that could allow attackers to extract sensitive data through malformed WebRTC signaling messages.

Information Disclosure Mozilla Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

An undefined behavior vulnerability exists in the Firefox Audio/Video component that could lead to information disclosure. This affects all Firefox versions prior to 149. While specific exploitation details are limited due to missing CVSS and CWE data, the vulnerability's classification as information disclosure suggests an attacker could potentially access sensitive audio or video processing data or bypass security boundaries within the multimedia subsystem.

Mozilla Information Disclosure Red Hat +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy