CVEbaza.plSłownik CWECWE-197
Common Weakness Enumeration

CWE-197

Numeric Truncation Error

Kategoria: BaseCVE: 49
Opis

Błędy obcięcia pojawiają się, gdy typ pierwotny jest rzutowany na typ pierwotny o mniejszym rozmiarze i dane są tracone podczas konwersji. Taka operacja może prowadzić do utraty informacji i nieprawidłowych wyników obliczeń.

Description (EN)

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

Podatności CVE z CWE-197 (49)
9.8
CVSS
CRITICAL
CVE-2024-43639

Krytyczna podatność w komponencie Windows KDC Proxy umożliwia zdalne wykonanie kodu (RCE) bez uwierzytelnienia. Oceniona na CVSS 9.8, stanowi poważne zagrożenie dla serwerów Windows Server wystawionych na dostęp sieciowy.

pub. 2024-11-12
9.8
CVSS
CRITICAL
CVE-2022-42475

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

pub. 2023-01-02🚩 CISA KEV⚡ EXPLOIT
9.0
CVSS
CRITICAL
CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

pub. 2020-09-25
8.8
CVSS
HIGH
CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release.

pub. 2026-06-25
8.8
CVSS
HIGH
CVE-2024-49018

SQL Server Native Client Remote Code Execution Vulnerability

pub. 2024-11-12
8.8
CVSS
HIGH
CVE-2024-43519

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

pub. 2024-10-08
8.8
CVSS
HIGH
CVE-2024-30009

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

pub. 2024-05-14
8.8
CVSS
HIGH
CVE-2023-32143

D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18423.

pub. 2024-05-03
8.8
CVSS
HIGH
CVE-2024-28944

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

pub. 2024-04-09
8.8
CVSS
HIGH
CVE-2024-21440

Microsoft ODBC Driver Remote Code Execution Vulnerability

pub. 2024-03-12
8.8
CVSS
HIGH
CVE-2024-21451

Microsoft ODBC Driver Remote Code Execution Vulnerability

pub. 2024-03-12
8.8
CVSS
HIGH
CVE-2024-21352

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

pub. 2024-02-13
8.8
CVSS
HIGH
CVE-2024-21391

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

pub. 2024-02-13
8.7
CVSS
HIGH
CVE-2026-42944

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation.

pub. 2026-05-20
8.4
CVSS
HIGH
CVE-2024-29050

Windows Cryptographic Services Remote Code Execution Vulnerability

pub. 2024-04-09
7.8
CVSS
HIGH
CVE-2026-40404

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

pub. 2026-06-09
7.8
CVSS
HIGH
CVE-2026-40409

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

pub. 2026-06-09
7.8
CVSS
HIGH
CVE-2026-44823

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

pub. 2026-06-09
7.8
CVSS
HIGH
CVE-2025-53723

Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

pub. 2025-08-12
7.8
CVSS
HIGH
CVE-2025-49679

Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.

pub. 2025-07-08
Pokazano 20 z 49 podatności
Informacje
ID: CWE-197
Typ: Base
Podatności: 49
MITRE CWE ↗
← Słownik CWE