CVEbaza.plSłownik CWECWE-128
Common Weakness Enumeration

CWE-128

Wrap-around Error

Kategoria: BaseCVE: 3
Opis

Błędy zawijania występują, gdy wartość zostaje zwiększona ponad maksymalną wartość dla jej typu i w rezultacie "zawija się" do bardzo małej, ujemnej lub niezdefiniowanej wartości. Taka sytuacja prowadzi do niezamierzonych i niebezpiecznych zachowań programu.

Description (EN)

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

Podatności CVE z CWE-128 (3)
9.3
CVSS
CRITICAL
CVE-2024-23981

Podatność typu wrap-around error w sterowniku trybu jądra Linux dla kontrolerów Intel Ethernet umożliwia uwierzytelnionemu użytkownikowi lokalnemu eskalację uprawnień. Ocena CVSS 9.3 (Critical) wskazuje na poważne ryzyko dla systemów Linux z podatnym sterownikiem.

pub. 2024-08-14
7.5
CVSS
HIGH
CVE-2022-35258

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

pub. 2022-12-05
2.0
CVSS
LOW
CVE-2026-54905

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITE_LOCK_HELD. After 32,768 reentrant read acquisitions, the local read count crosses into the write-lock bit. try_write_lock then treats the thread as already holding a write lock and returns true without setting the global RUNNING_WRITER bit. This breaks the core mutual-exclusion guarantee: the caller is told it has a write lock, but other threads can still hold or acquire read locks at the same time. This vulnerability is fixed in 1.3.7.

pub. 2026-06-24
Informacje
ID: CWE-128
Typ: Base
Podatności: 3
MITRE CWE ↗
← Słownik CWE