CWE-191 - Integer underflow

Description

The weakness exists due to incorrect substracting of value both in signed and unsigned cases. The final result of deducting is less than the minimum allowable integer value. Such results can cause problems with work of application and therefore crashes of other part of the system. Low value connected with data may lead to buffer overflow, arbitrary code execution and further memory corruption.
The vulnerability is introduced during Implementation stage.

Latest vulnerabilities for CWE-191

Multiple vulnerabilities in Oracle Linux 2024-04-17
High Yes

Denial of service in QEMU 2024-04-15
Low Yes

Multiple vulnerabilities in Microsoft WDAC OLE DB Provider for SQL Server 2024-04-10
High Yes

Multiple vulnerabilities in Microsoft Message Queuing (MSMQ) 2024-04-10
Medium Yes

Multiple vulnerabilities in Microsoft ODBC Driver for SQL Server 2024-04-09
High Yes

zfs update for Lua 2024-02-26
Medium Yes

Multiple vulnerabilities in Google ChromeOS TLS 2024-02-19
Critical Yes

Remote code execution in Linux kernel SMB client 2024-02-16
High Yes

Integer underflow in Wazuh 2024-02-12
Low Yes

Multiple vulnerabilities in Google ChromeOS 2024-02-08
High Yes

References

Description of CWE-191 on Mitre website