Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-191 (整数下溢(超界折返)) — Vulnerability Class 212

212 vulnerabilities classified as CWE-191 (整数下溢(超界折返)). AI Chinese analysis included.

CWE-191, Integer Underflow, is a software weakness occurring when a subtraction operation yields a result smaller than the minimum representable integer value, causing an unintended wraparound. This flaw typically arises in both signed and unsigned integer contexts, leading to incorrect calculations that can compromise program logic. Attackers often exploit this vulnerability to manipulate memory allocation sizes or loop counters, potentially triggering buffer overflows or denial-of-service conditions by forcing the system to allocate insufficient resources or enter infinite loops. To mitigate this risk, developers must implement rigorous input validation to ensure operands remain within safe bounds before arithmetic operations. Additionally, using language features that provide automatic bounds checking or employing larger integer types for intermediate calculations can prevent underflow. Regular static analysis and thorough testing are essential to identify and rectify these subtle arithmetic errors before deployment.

MITRE CWE Description
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.
Common Consequences (3)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
IntegrityModify Memory
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
Confidentiality, Availability, Access ControlExecute Unauthorized Code or Commands, Bypass Protection Mechanism
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
Examples (2)
The following example subtracts from a 32 bit signed integer.
#include <stdio.h> #include <stdbool.h> main (void) { int i; i = -2147483648; i = i - 1; return 0; }
Bad · C
This code performs a stack allocation based on a length calculation.
int a = 5, b = 6; size_t len = a - b; char buf[len];    // Just blows up the stack }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-2869 LibTIFF 数字错误漏洞 — libtiff 5.5 -2022-08-17
CVE-2021-25121 Rating by BestWebSoft < 1.6 - Rating Denial of Service — Rating by BestWebSoft 6.5 -2022-06-20
CVE-2022-29204 Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2` — tensorflow 5.5 Medium2022-05-20
CVE-2022-1698 Allowing long password leads to denial of service in causefx/organizr — causefx/organizr 7.5 -2022-05-12
CVE-2022-0544 Blender 数字错误漏洞 — Blender 5.5 -2022-02-24
CVE-2022-24046 Sonos One Speaker 数字错误漏洞 — One Speaker 8.8 -2022-02-18
CVE-2022-23613 Privilege escalation on xrdp — xrdp 7.8 High2022-02-07
CVE-2022-21685 Integer underflow in Frontier — frontier 6.5 Medium2022-01-14
CVE-2021-37706 Potential integer underflow upon receiving STUN message in PJSIP — pjproject 7.3 High2021-12-22
CVE-2021-24894 Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS — Reviews Plus 6.5 -2021-11-23
CVE-2021-31889 Siemens Nucleus 数字错误漏洞 — Capital Embedded AR Classic 431-422 7.5 High2021-11-09
CVE-2021-41196 Crash in `max_pool3d` when size argument is 0 or negative — tensorflow 5.5 Medium2021-11-05
CVE-2021-3323 Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr — zephyr 8.3 High2021-10-12
CVE-2021-21897 Ribbonsoft dxflib 数字错误漏洞 — Ribbonsoft 8.8 -2021-09-08
CVE-2021-21811 AT&T Labs Xmill 数字错误漏洞 — AT&T 9.8 -2021-08-31
CVE-2021-33536 WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability — IE-WL(T)-BL-AP-CL-XX 7.5 High2021-06-25
CVE-2021-20240 gdk-pixbuf 数字错误漏洞 — gdk-pixbuf 8.8 -2021-05-28
CVE-2021-3472 X.Org X Server 数字错误漏洞 — xorg-x11-server 7.8 -2021-04-26
CVE-2021-27486 FATEK Automation WinProladder 数字错误漏洞 — FATEK Automation WinProladder 8.8 -2021-04-12
CVE-2020-14378 DPDK 数字错误漏洞 — dpdk 3.3 -2020-09-30
CVE-2020-14346 xorg-x11-server 数字错误漏洞 — xorg-x11-server 7.8 -2020-09-15
CVE-2020-14361 xorg-x11-server 数字错误漏洞 — xorg-x11-server 7.8 -2020-09-15
CVE-2020-14362 xorg-x11-server 数字错误漏洞 — xorg-x11-server 7.8 -2020-09-15
CVE-2020-17395 Corel Parallels Desktop 数字错误漏洞 — Desktop 8.2 -2020-08-25
CVE-2020-6098 freeDiameter 数字错误漏洞 — freeDiameter 7.5 -2020-07-28
CVE-2020-2031 PAN-OS: Integer underflow in the management interface — PAN-OS 4.9 Medium2020-07-08
CVE-2019-5144 Kakadu Software SDK 缓冲区错误漏洞 — Kakadu Software 8.1 High2019-12-12
CVE-2019-5099 LEAD Technologies LEADTOOLS 数字错误漏洞 — LEADTOOLS 7.8 -2019-11-06
CVE-2019-12678 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 7.5 -2019-10-02
CVE-2019-5459 Videolan VideoLAN VLC media player 数字错误漏洞 — VLC 5.5 -2019-07-30

Vulnerabilities classified as CWE-191 (整数下溢(超界折返)) represent 212 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.