CWE-190— Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.— MITRE CWE catalog
2,945 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-190page 45 of 59
- CVE-2024-21836HIGHCVSS 8.8EG 8.82024-02-26
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigge…
- CVE-2024-21844MEDIUMCVSS 4.3EG 4.32024-08-14
Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.
- CVE-2024-21845LOWCVSS 2.9EG 2.92024-02-02
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
- CVE-2024-21851LOWCVSS 2.9EG 2.92024-02-02
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
- CVE-2024-21905MEDIUMCVSS 6.5EG 6.52024-04-26
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already …
- CVE-2024-22051CRITICALCVSS 9.8EG 9.82024-01-04
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak …
- CVE-2024-2212HIGHCVSS 7.3EG 7.32024-03-26
In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wr…
- CVE-2024-22211LOWCVSS 3.7EG 3.72024-01-19
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. Free…
- CVE-2024-22396MEDIUMCVSS 5.3EG 5.32024-03-14
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
- CVE-2024-22860CRITICALCVSS 9.8EG 9.82024-01-27
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
- CVE-2024-22861HIGHCVSS 7.5EG 7.52024-01-27
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
- CVE-2024-22862CRITICALCVSS 9.8EG 9.82024-01-27
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
- CVE-2024-23307MEDIUMCVSS 4.4EG 4.42024-01-25
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.
- CVE-2024-23337MEDIUMCVSS 4.3EG 4.32025-05-21
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a…
- CVE-2024-23372HIGHCVSS 8.4EG 8.42024-07-01
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
- CVE-2024-23496HIGHCVSS 8.8EG 8.82024-02-26
A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger …
- CVE-2024-23531HIGHCVSS 7.5EG 7.52024-04-19
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading co…
- CVE-2024-23605HIGHCVSS 8.8EG 8.82024-02-26
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger thi…
- CVE-2024-23695HIGHCVSS 7.8EG 8.42024-07-09
In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not nee…
- CVE-2024-23775HIGHCVSS 7.5EG 7.52024-01-31
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
- CVE-2024-23851MEDIUMCVSS 5.5EG 5.52024-01-23
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.
- CVE-2024-2452HIGHCVSS 7.0EG 7.02024-03-26
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.
- CVE-2024-24857MEDIUMCVSS 4.6EG 4.62024-02-05
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
- CVE-2024-25366MEDIUMCVSS 6.2EG 6.22024-02-20
Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
- CVE-2024-26171MEDIUMCVSS 6.7EG 6.72024-04-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-26184MEDIUMCVSS 6.8EG 6.82024-07-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-26668MEDIUMCVSS 5.5EG 5.52024-04-02
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very l…
- CVE-2024-26817MEDIUMCVSS 5.5EG 5.52024-04-13
In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.
- CVE-2024-26884HIGHCVSS 7.8EG 7.82024-04-17
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by…
- CVE-2024-27101HIGHCVSS 7.3EG 7.32024-03-01
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with a…
- CVE-2024-27304CRITICALCVSS 9.8EG 9.82024-03-06
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be…
- CVE-2024-27833HIGHCVSS 8.8EG 8.82024-06-10
An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to a…
- CVE-2024-28044LOWCVSS 3.3EG 3.32024-09-02
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow.
- CVE-2024-28923MEDIUMCVSS 6.4EG 6.42024-04-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-28929HIGHCVSS 8.8EG 8.82024-04-09
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28931HIGHCVSS 8.8EG 8.82024-04-09
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28936HIGHCVSS 8.8EG 8.82024-04-09
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28942HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-29784HIGHCVSS 7.8EG 7.72024-06-13
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed …
- CVE-2024-29997MEDIUMCVSS 6.8EG 6.82024-05-14
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-29999MEDIUMCVSS 6.8EG 6.82024-05-14
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-30000MEDIUMCVSS 6.8EG 6.82024-05-14
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-30001MEDIUMCVSS 6.8EG 6.82024-05-14
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-30003MEDIUMCVSS 6.8EG 6.82024-05-14
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-30004MEDIUMCVSS 6.8EG 6.82024-05-14
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-30005MEDIUMCVSS 6.8EG 6.82024-05-14
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-30012MEDIUMCVSS 6.8EG 6.82024-05-14
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-30021MEDIUMCVSS 6.8EG 6.82024-05-14
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
- CVE-2024-30064HIGHCVSS 8.8EG 8.82024-06-11
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-30067MEDIUMCVSS 5.5EG 5.52024-06-11
Winlogon Elevation of Privilege Vulnerability
Map vulnerabilities like CWE-190 to your infrastructure
EchelonGraph correlates every CVE — across CWE-190 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →