CWE-190— Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.— MITRE CWE catalog
2,942 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-190page 41 of 59
- CVE-2023-3107HIGHCVSS 7.5EG 7.52023-08-01
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.
- CVE-2023-31365LOWCVSS 3.9EG 3.92025-09-06
An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity or availability.
- CVE-2023-32051HIGHCVSS 7.8EG 7.82023-07-11
Raw Image Extension Remote Code Execution Vulnerability
- CVE-2023-32058HIGHCVSS 7.5EG 7.52023-05-11
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type …
- CVE-2023-32307HIGHCVSS 7.5EG 7.52023-05-26
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential…
- CVE-2023-32434HIGHCVSS 7.8EG 9.0⚠ KEV2023-06-23
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 1…
- CVE-2023-32650HIGHCVSS 7.0EG 7.02024-01-08
An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a ma…
- CVE-2023-32823MEDIUMCVSS 6.7EG 6.72023-10-02
In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0791296…
- CVE-2023-32828MEDIUMCVSS 6.7EG 6.72023-10-02
In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; …
- CVE-2023-32829MEDIUMCVSS 6.7EG 6.72023-10-02
In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0771347…
- CVE-2023-32881MEDIUMCVSS 4.4EG 4.42024-01-02
In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0830…
- CVE-2023-33018HIGHCVSS 7.8EG 7.82023-12-05
Memory corruption while using the UIM diag command to get the operators name.
- CVE-2023-33022HIGHCVSS 8.4EG 8.42023-12-05
Memory corruption in HLOS while invoking IOCTL calls from user-space.
- CVE-2023-33032CRITICALCVSS 9.3EG 9.32024-01-02
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
- CVE-2023-33038MEDIUMCVSS 6.7EG 6.72024-01-02
Memory corruption while receiving a message in Bus Socket Transport Server.
- CVE-2023-33107HIGHCVSS 8.4EG 9.0⚠ KEV2023-12-05
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
- CVE-2023-33204HIGHCVSS 7.8EG 7.82023-05-18
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
- CVE-2023-33863CRITICALCVSS 9.8EG 9.82023-06-07
SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.
- CVE-2023-33864CRITICALCVSS 9.8EG 9.82023-06-07
StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.
- CVE-2023-33976HIGHCVSS 7.5EG 7.52024-07-30
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow…
- CVE-2023-34151MEDIUMCVSS 5.5EG 5.52023-05-30
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
- CVE-2023-34399CRITICALCVSS 9.8EG 9.82025-02-13
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.
- CVE-2023-34406LOWCVSS 3.3EG 3.32025-02-13
An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is…
- CVE-2023-34453MEDIUMCVSS 5.9EG 5.92023-06-15
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function `shuffle(int[] input)` in the file `BitShuffle.java…
- CVE-2023-34454MEDIUMCVSS 5.9EG 5.92023-06-15
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function `compress(char[] input)` in the file…
- CVE-2023-3487HIGHCVSS 7.7EG 7.72023-10-20
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.
- CVE-2023-35004HIGHCVSS 7.8EG 7.82024-01-08
An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger …
- CVE-2023-35057HIGHCVSS 7.8EG 7.82024-01-08
An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to tr…
- CVE-2023-35085CRITICALCVSS 9.8EG 9.02023-08-10
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access…
- CVE-2023-35128HIGHCVSS 7.0EG 7.02024-01-08
An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trig…
- CVE-2023-35312HIGHCVSS 7.8EG 7.82023-07-11
Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability
- CVE-2023-35315HIGHCVSS 8.8EG 8.82023-07-11
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
- CVE-2023-35341MEDIUMCVSS 6.2EG 6.22023-07-11
Microsoft DirectMusic Information Disclosure Vulnerability
- CVE-2023-35364HIGHCVSS 8.8EG 8.82023-07-11
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-35372HIGHCVSS 7.8EG 7.82023-08-08
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2023-35381HIGHCVSS 8.8EG 8.82023-08-08
Windows Fax Service Remote Code Execution Vulnerability
- CVE-2023-35383HIGHCVSS 7.5EG 7.52023-08-08
Microsoft Message Queuing Information Disclosure Vulnerability
- CVE-2023-35385CRITICALCVSS 9.8EG 9.82023-08-08
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVE-2023-35632HIGHCVSS 7.8EG 7.82023-12-12
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2023-35644HIGHCVSS 7.8EG 7.82023-12-12
Windows Sysmain Service Elevation of Privilege Vulnerability
- CVE-2023-35673HIGHCVSS 8.8EG 8.82023-09-11
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not…
- CVE-2023-35681CRITICALCVSS 9.8EG 9.82023-09-11
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed fo…
- CVE-2023-35965CRITICALCVSS 9.8EG 9.82023-10-11
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to tri…
- CVE-2023-35966CRITICALCVSS 9.8EG 9.82023-10-11
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to tri…
- CVE-2023-35967CRITICALCVSS 9.8EG 9.82023-10-11
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network r…
- CVE-2023-35968CRITICALCVSS 9.8EG 9.82023-10-11
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network r…
- CVE-2023-35989HIGHCVSS 7.8EG 7.82024-01-08
An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this …
- CVE-2023-35992HIGHCVSS 7.0EG 7.02024-01-08
An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need t…
- CVE-2023-36326CRITICALCVSS 9.8EG 9.82023-09-01
Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow functio…
- CVE-2023-36327CRITICALCVSS 9.8EG 9.82023-09-01
Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function.
Map vulnerabilities like CWE-190 to your infrastructure
EchelonGraph correlates every CVE — across CWE-190 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →