Skip to main content

Integer Overflow

memory MEDIUM

Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store.

How It Works

Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store. In C/C++, this causes the value to "wrap around" to a small number—for example, if a 32-bit unsigned integer at maximum value (4,294,967,295) has 1 added, it wraps to 0. Attackers exploit this by providing carefully crafted input values that, when used in calculations, produce unexpectedly small results.

The most dangerous scenario involves memory allocation. An attacker supplies large values that overflow during size calculations (often when adding header sizes, element counts, or alignment padding), producing a small allocation size. When the program later writes the originally intended large amount of data into this undersized buffer, a heap overflow occurs. For instance: size = user_count * sizeof(struct) + header might overflow if user_count is sufficiently large, resulting in malloc() allocating a tiny buffer that subsequent operations overflow.

Integer overflows also enable logic bypasses. Length checks can be circumvented when overflowed values appear to pass validation. Loop bounds may become incorrect, causing excessive iterations or premature termination. Signed integer overflow (technically undefined behavior in C/C++) can flip positive values to negative, bypassing security checks that assume non-negative numbers.

Impact

  • Heap buffer overflow: Undersized allocations lead to memory corruption, enabling arbitrary code execution
  • Authentication bypass: Overflowed counters or size checks may skip security validations
  • Denial of service: Invalid memory operations cause crashes or infinite loops
  • Information disclosure: Incorrect bounds allow reading beyond intended memory regions
  • Privilege escalation: Combined with memory corruption, can compromise system integrity

Real-World Examples

The OpenSSH authentication bypass (CVE-2002-0639) involved an integer overflow in challenge-response handling where the number of responses could overflow, allowing authentication bypass. The overflow caused allocation of insufficient memory, which subsequent code exploited to execute arbitrary code.

ImageMagick suffered multiple integer overflow vulnerabilities (CVE-2016-3714 and related) where maliciously crafted image files with extreme dimension values caused size calculations to overflow. This resulted in small heap allocations followed by large writes, enabling remote code execution through image processing.

The Linux kernel's do_brk() function (CVE-2003-0961) contained an integer overflow when calculating memory region sizes. Attackers could wrap the size value to bypass length checks and map memory at arbitrary locations, achieving local privilege escalation.

Mitigation

  • Safe arithmetic libraries: Use compiler intrinsics (__builtin_add_overflow) or libraries (SafeInt, Rust's checked arithmetic) that detect overflow
  • Pre-calculation validation: Check that operands won't overflow before performing arithmetic operations
  • Compiler protections: Enable -ftrapv (GCC) or /RTCc (MSVC) to trap signed overflow; use UBSan for detection
  • Use larger types: Perform calculations in 64-bit integers when operands are 32-bit, verify result fits before casting down
  • Input validation: Enforce maximum reasonable values on user input before arithmetic
  • Modern languages: Use languages with overflow checking (Rust, Swift) or arbitrary precision integers (Python, Java BigInteger)

Recent CVEs (2762)

EPSS 0% CVSS 7.8
HIGH This Week

In ion, there is a possible use after free due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Denial Of Service +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In subtitle service, there is a possible application crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android +1
NVD
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 +18
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ffmpeg
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an. Rated medium severity (CVSS 5.0). No vendor patch available.

RCE Integer Overflow Nvidia +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Stb Image H +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Leadtools
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Vyper
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

In ged, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to a integer underflow. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Buffer Overflow +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gpac
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Linux +9
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Bedrock Server
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Microweber
NVD GitHub
EPSS 4% CVSS 5.5
MEDIUM POC PATCH This Month

The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Microweber
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Microweber
NVD GitHub
EPSS 50% CVSS 9.8
CRITICAL PATCH Act Now

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.4 version 2.4.52 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Apache Buffer Overflow +4
NVD
EPSS 42% CVSS 9.1
CRITICAL PATCH Act Now

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.4.52 and earlier. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Apache Buffer Overflow +7
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Microweber
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Network Block Device +2
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH This Week

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Integer Overflow Denial Of Service +1
NVD VulDB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Integer Overflow RCE +2
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Trend Micro +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE TP-Link +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE S1 +1
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libexpat +5
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libexpat +5
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

In mdp driver, there is a possible memory corruption due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Buffer Overflow +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Netgear RCE D-Link +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Information Disclosure +3
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Pjsip +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure Ezsocket +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In apusys, there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In ccu driver, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Buffer Overflow Integer Overflow +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Integer Overflow +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Integer Overflow Denial Of Service +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Fortinet RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

An Integer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft +3
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

An Integer Overflow exists in Accops HyWorks Windows Client prior to v 3.2.8.200. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft +3
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 . Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Amazon Amazon WorkSpaces agent is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Amzetta zPortal Windows zClient is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft +3
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Donglify is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

FlexiHub For Windows is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft +3
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Eltima USB Network Gate is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

NoMachine Enterprise Client is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

NoMachine Cloud Server is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

NoMachine Enterprise Desktop is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

NoMachine Server is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Integer Overflow Denial Of Service +2
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality or Availability impacted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Integer Overflow +1
NVD
EPSS 2% CVSS 5.0
MEDIUM POC PATCH This Month

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Runc +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Ark Library
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Integer Overflow Denial Of Service +1
NVD WPScan
EPSS 0% CVSS 5.5
MEDIUM This Month

In asf extractor, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In asf extractor, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Intel +1
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Gmp +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +42
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Capital Vstar +9
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Tensorflow
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Tensorflow
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In wifi driver, there is a possible system crash due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Android
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +139
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +81
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Strongswan +24
NVD GitHub
EPSS 6% CVSS 7.5
HIGH This Week

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Strongswan +19
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Zephyr
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE It Operations Director +13
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Exacqvision Server
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Hiredis is a minimalistic C client library for the Redis database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow Denial Of Service +5
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow +5
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE +5
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE +5
NVD GitHub
Prev Page 15 of 31 Next

Quick Facts

Typical Severity
MEDIUM
Category
memory
Total CVEs
2762

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy