Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-680 (整数溢出导致缓冲区溢出) — Vulnerability Class 85

85 vulnerabilities classified as CWE-680 (整数溢出导致缓冲区溢出). AI Chinese analysis included.

CWE-680 is a critical logic flaw where an arithmetic calculation intended to determine buffer size results in an integer overflow, causing the system to allocate insufficient memory. Attackers typically exploit this vulnerability by manipulating input values to trigger the overflow, resulting in a smaller allocation than required for the actual data size. When the application subsequently copies the full-sized data into this undersized buffer, it overwrites adjacent memory, potentially allowing arbitrary code execution or system compromise. To prevent this, developers must implement robust input validation to ensure values remain within safe bounds before performing arithmetic operations. Additionally, using safe libraries that detect overflow conditions, employing larger data types for intermediate calculations, and utilizing static analysis tools can effectively identify and mitigate these dangerous logic errors during the development lifecycle.

MITRE CWE Description
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
Common Consequences (1)
Integrity, Availability, ConfidentialityModify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
Examples (1)
The following image processing code allocates a table for images.
img_t table_ptr; /*struct containing img data, 10kB each*/ int num_imgs; ... num_imgs = get_num_imgs(); table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-24928 Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.8 Medium2026-02-06
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve — bytes 9.4AICriticalAI2026-02-04
CVE-2025-46407 SAIL 安全漏洞 — SAIL Image Decoding Library 8.8 High2025-08-25
CVE-2025-32468 SAIL 安全漏洞 — SAIL Image Decoding Library 8.8 High2025-08-25
CVE-2025-53510 SAIL 安全漏洞 — SAIL Image Decoding Library 8.8 High2025-08-25
CVE-2025-52930 SAIL 安全漏洞 — SAIL Image Decoding Library 8.8 High2025-08-25
CVE-2025-52456 SAIL 安全漏洞 — SAIL Image Decoding Library 8.8 High2025-08-25
CVE-2025-20263 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2025-08-14
CVE-2025-23326 NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server 7.5 High2025-08-06
CVE-2025-54623 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.3 Medium2025-08-06
CVE-2025-32023 Redis allows out of bounds writes in hyperloglog commands leading to RCE — redis 7.0 High2025-07-07
CVE-2024-48877 Catdoc 安全漏洞 — xls2csv 8.4 High2025-06-02
CVE-2025-21442 Integer Overflow to Buffer Overflow in Automotive Vehicle Networks — Snapdragon 7.8 High2025-04-07
CVE-2024-58107 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5 High2025-04-07
CVE-2024-57956 Huawei HarmonyOS 安全漏洞 — HarmonyOS 2.8 Low2025-02-06
CVE-2024-56451 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.3 High2025-01-08
CVE-2024-55626 Suricata oversized bpf file can lead to buffer overflow — suricata 3.3 Low2025-01-06
CVE-2024-38422 Integer Overflow to Buffer Overflow in Audio — Snapdragon 7.8 High2024-11-04
CVE-2024-6381 MongoDB C Driver bson_strfreev may be susceptible to integer overflow — libbson 4.0 Medium2024-07-02
CVE-2024-21470 Integer Overflow to Buffer Overflow in Graphics Windows — Snapdragon 8.4 High2024-04-01
CVE-2024-21454 Integer Overflow to Buffer Overflow in Automotive Telematics — Snapdragon 7.5 High2024-04-01
CVE-2022-36765 Integer Overflow in CreateHob — edk2 7.0 High2024-01-09
CVE-2023-33022 Integer Overflow to Buffer Overflow in HLOS — Snapdragon 8.4 High2023-12-05
CVE-2023-33018 Integer Overflow to Buffer Overflow in User Identity Module — Snapdragon 7.8 High2023-12-05
CVE-2023-28585 Integer Overflow to Buffer Overflow in TZ Secure OS — Snapdragon 8.2 High2023-12-05
CVE-2023-21644 Integer Overflow to Buffer Overflow in RIL — Snapdragon 6.7 Medium2023-09-05
CVE-2023-21648 Integer Overflow to Buffer Overflow in RIL — Snapdragon 6.7 Medium2023-08-08
CVE-2022-33296 Integer overflow to buffer overflow in Modem — Snapdragon 5.9 Medium2023-04-04
CVE-2022-33282 Integer overflow to buffer overflow in Automotive Multimedia — Snapdragon 8.4 High2023-04-04
CVE-2022-40530 Integer overflow to buffer overflow in WLAN — Snapdragon 8.4 High2023-03-07

Vulnerabilities classified as CWE-680 (整数溢出导致缓冲区溢出) represent 85 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.