Integer Overflow
Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store.
How It Works
Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store. In C/C++, this causes the value to "wrap around" to a small number—for example, if a 32-bit unsigned integer at maximum value (4,294,967,295) has 1 added, it wraps to 0. Attackers exploit this by providing carefully crafted input values that, when used in calculations, produce unexpectedly small results.
The most dangerous scenario involves memory allocation. An attacker supplies large values that overflow during size calculations (often when adding header sizes, element counts, or alignment padding), producing a small allocation size. When the program later writes the originally intended large amount of data into this undersized buffer, a heap overflow occurs. For instance: size = user_count * sizeof(struct) + header might overflow if user_count is sufficiently large, resulting in malloc() allocating a tiny buffer that subsequent operations overflow.
Integer overflows also enable logic bypasses. Length checks can be circumvented when overflowed values appear to pass validation. Loop bounds may become incorrect, causing excessive iterations or premature termination. Signed integer overflow (technically undefined behavior in C/C++) can flip positive values to negative, bypassing security checks that assume non-negative numbers.
Impact
- Heap buffer overflow: Undersized allocations lead to memory corruption, enabling arbitrary code execution
- Authentication bypass: Overflowed counters or size checks may skip security validations
- Denial of service: Invalid memory operations cause crashes or infinite loops
- Information disclosure: Incorrect bounds allow reading beyond intended memory regions
- Privilege escalation: Combined with memory corruption, can compromise system integrity
Real-World Examples
The OpenSSH authentication bypass (CVE-2002-0639) involved an integer overflow in challenge-response handling where the number of responses could overflow, allowing authentication bypass. The overflow caused allocation of insufficient memory, which subsequent code exploited to execute arbitrary code.
ImageMagick suffered multiple integer overflow vulnerabilities (CVE-2016-3714 and related) where maliciously crafted image files with extreme dimension values caused size calculations to overflow. This resulted in small heap allocations followed by large writes, enabling remote code execution through image processing.
The Linux kernel's do_brk() function (CVE-2003-0961) contained an integer overflow when calculating memory region sizes. Attackers could wrap the size value to bypass length checks and map memory at arbitrary locations, achieving local privilege escalation.
Mitigation
- Safe arithmetic libraries: Use compiler intrinsics (
__builtin_add_overflow) or libraries (SafeInt, Rust's checked arithmetic) that detect overflow - Pre-calculation validation: Check that operands won't overflow before performing arithmetic operations
- Compiler protections: Enable
-ftrapv(GCC) or/RTCc(MSVC) to trap signed overflow; use UBSan for detection - Use larger types: Perform calculations in 64-bit integers when operands are 32-bit, verify result fits before casting down
- Input validation: Enforce maximum reasonable values on user input before arithmetic
- Modern languages: Use languages with overflow checking (Rust, Swift) or arbitrary precision integers (Python, Java BigInteger)
Recent CVEs (2762)
Windows NT OS Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gso_max_size/gso_ipv4_max_size Config a small gso_max_size/gso_ipv4_max_size will lead to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursor_width is explicity set to 0, this causes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. Rated low severity (CVSS 3.6). Public exploit code available and no vendor patch available.
In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a sdiv overflow issue Zac Ecob reported a problem where a bpf program may cause kernel crash due to the following error:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to prevent deadlock on seq_nr overflow When submitting more than 2^32 padata objects to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uint8_t and it is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure array index tg_inst won't be -1 [WHY & HOW] tg_inst will be a negative if timing_generator_count equals 0,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
An integer overflow was addressed through improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions <. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in libexpat before 2.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
An issue was discovered in libexpat before 2.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In the Linux kernel, the following vulnerability has been resolved: bpf: fix overflow check in adjust_jmp_off() adjust_jmp_off() incorrectly used the insn->imm field for all overflow check, which is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Windows TCP/IP Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Memory corruption while allocating memory in HGSL driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
An integer overflow was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix potential integer overflow in page size calculation Explicitly cast tbo->page_alignment to u64 before bit-shifting to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow iattr::ia_size is a loff_t, which is a signed 64-bit type. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Windows Hyper-V Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Windows Workstation Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Windows Filtering Platform Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity.
Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity.
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8). This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Information disclosure while parsing sub-IE length during new IE generation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow For example, in the expression: vbo = 2 * vbo + skip. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.