Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-191 (整数下溢(超界折返)) — Vulnerability Class 212

212 vulnerabilities classified as CWE-191 (整数下溢(超界折返)). AI Chinese analysis included.

CWE-191, Integer Underflow, is a software weakness occurring when a subtraction operation yields a result smaller than the minimum representable integer value, causing an unintended wraparound. This flaw typically arises in both signed and unsigned integer contexts, leading to incorrect calculations that can compromise program logic. Attackers often exploit this vulnerability to manipulate memory allocation sizes or loop counters, potentially triggering buffer overflows or denial-of-service conditions by forcing the system to allocate insufficient resources or enter infinite loops. To mitigate this risk, developers must implement rigorous input validation to ensure operands remain within safe bounds before arithmetic operations. Additionally, using language features that provide automatic bounds checking or employing larger integer types for intermediate calculations can prevent underflow. Regular static analysis and thorough testing are essential to identify and rectify these subtle arithmetic errors before deployment.

MITRE CWE Description
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.
Common Consequences (3)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
IntegrityModify Memory
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
Confidentiality, Availability, Access ControlExecute Unauthorized Code or Commands, Bypass Protection Mechanism
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
Examples (2)
The following example subtracts from a 32 bit signed integer.
#include <stdio.h> #include <stdbool.h> main (void) { int i; i = -2147483648; i = i - 1; return 0; }
Bad · C
This code performs a stack allocation based on a length calculation.
int a = 5, b = 6; size_t len = a - b; char buf[len];    // Just blows up the stack }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-7736 osrg GoBGP mrt.go parseRibEntry integer underflow — GoBGP 7.3 High2026-05-04
CVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragment 7.5 High2026-04-30
CVE-2026-7424 Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP — FreeRTOS-Plus-TCP 8.1 High2026-04-29
CVE-2026-7423 Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP — FreeRTOS-Plus-TCP 5.3 Medium2026-04-29
CVE-2026-6914 MD5 checksum creation may cause availability loss — MongoDB Server 6.5 Medium2026-04-29
CVE-2026-40356 MIT Kerberos 数字错误漏洞 — Kerberos 5 5.9 Medium2026-04-28
CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser — swupdate 6.8 Medium2026-04-23
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling — Red Hat Enterprise Linux 10 7.8 High2026-04-23
CVE-2026-34064 nimiq-account: Vesting insufficient funds error can panic — nimiq-account 5.3 Medium2026-04-22
CVE-2026-5720 miniupnpd Integer Underflow SOAPAction Header Parsing — miniupnpd 9.1AICriticalAI2026-04-17
CVE-2026-27297 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191) — Adobe Framemaker 7.8 High2026-04-14
CVE-2026-27296 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191) — Adobe Framemaker 7.8 High2026-04-14
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability — Windows 11 version 22H3 7.8 High2026-04-14
CVE-2026-40386 Libexif 数字错误漏洞 — libexif 4.0 Medium2026-04-12
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL — wolfSSL 6.5 -2026-04-10
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path. — wolfSSL 7.5AIHighAI2026-04-09
CVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported` — cups 4.0 Medium2026-04-07
CVE-2026-33184 nimiq/core-rs-albatross: Discovery handshake limit could underflow and later provoke a deterministic overflow panic — core-rs-albatross 7.5 High2026-04-03
CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption — go-git 5.0 Medium2026-03-31
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow — strongSwan 7.5 High2026-03-23
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path — wolfSSL 7.5 -2026-03-19
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources — Red Hat Enterprise Linux 10 6.5 Medium2026-03-19
CVE-2026-32775 Libexif 数字错误漏洞 — libexif 7.4 High2026-03-16
CVE-2026-3084 GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability — GStreamer 8.4 -2026-03-13
CVE-2026-31883 FreeRDP has a `size_t` underflow in ADPCM decoder leads to heap-buffer-overflow write — FreeRDP 6.5 Medium2026-03-13
CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder — lexbor 8.8 -2026-03-13
CVE-2026-23748 Golioth Firmware SDK < 0.22.0 LightDB State Out-of-Bounds Read — Firmware SDK 3.7 Low2026-02-26
CVE-2026-27710 NanaZip .NET Single-File Parser Integer Underflow Leads to Unbounded Allocation (DoS) — NanaZip 7.5AIHighAI2026-02-25
CVE-2026-3172 pgvector buffer overflow in parallel HNSW index build — pgvector 8.1 High2026-02-25
CVE-2025-14055 Integer underflow in Secure NCP host — Simplicity SDK, Gecko SDK 7.5AIHighAI2026-02-20

Vulnerabilities classified as CWE-191 (整数下溢(超界折返)) represent 212 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.