CVEbaza.plSłownik CWECWE-681
Common Weakness Enumeration

CWE-681

Incorrect Conversion between Numeric Types

Kategoria: BaseCVE: 138
Opis

Podczas konwersji z jednego typu danych na inny, np. z long na integer, dane mogą zostać pominięte lub przetłumaczone w sposób produkujący nieoczekiwane wartości. Jeśli powstałe wartości są używane w kontekście wrażliwym na bezpieczeństwo, mogą wystąpić niebezpieczne zachowania.

Description (EN)

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Podatności CVE z CWE-681 (138)
9.8
CVSS
CRITICAL
CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

pub. 2022-10-11
9.8
CVSS
CRITICAL
CVE-2021-36357

An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.

pub. 2021-10-22
9.8
CVSS
CRITICAL
CVE-2021-38187

An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64.

pub. 2021-08-08
9.8
CVSS
CRITICAL
CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.

pub. 2020-12-31
9.8
CVSS
CRITICAL
CVE-2019-19317

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

pub. 2019-12-05
9.8
CVSS
CRITICAL
CVE-2019-14842

Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is written to memory before the read buffer supplied by the client. If the read buffer is located on the stack then this allows the stack return address from nbd_pread() to be trivially modified, allowing arbitrary code execution under the control of the server. If the buffer is located on the heap then other memory objects before the buffer can be overwritten, which again would usually lead to arbitrary code execution.

pub. 2019-11-26
9.8
CVSS
CRITICAL
CVE-2018-8786

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

pub. 2018-11-29
9.8
CVSS
CRITICAL
CVE-2016-3074

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

pub. 2016-04-26
9.1
CVSS
CRITICAL
CVE-2022-36025

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution.

pub. 2022-09-24
8.8
CVSS
HIGH
CVE-2026-26178

Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.

pub. 2026-04-14
8.8
CVSS
HIGH
CVE-2026-21688

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `SIccCalcOp::ArgsPushed()` at `IccProfLib/IccMpeCalc.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

pub. 2026-01-07
8.8
CVSS
HIGH
CVE-2026-21693

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccSegmentedCurveXml::ToXml()` at `IccXML/IccLibXML/IccMpeXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

pub. 2026-01-07
8.8
CVSS
HIGH
CVE-2024-49093

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

pub. 2024-12-12
8.8
CVSS
HIGH
CVE-2024-26162

Microsoft ODBC Driver Remote Code Execution Vulnerability

pub. 2024-03-12
8.8
CVSS
HIGH
CVE-2023-24884

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

pub. 2023-04-11
8.8
CVSS
HIGH
CVE-2023-23388

Windows Bluetooth Driver Elevation of Privilege Vulnerability

pub. 2023-03-14
8.8
CVSS
HIGH
CVE-2021-21860

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability.

pub. 2021-08-16
8.8
CVSS
HIGH
CVE-2021-21861

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

pub. 2021-08-16
8.8
CVSS
HIGH
CVE-2021-23997

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.

pub. 2021-06-24
8.8
CVSS
HIGH
CVE-2020-12417

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

pub. 2020-07-09
Pokazano 20 z 138 podatności
Informacje
ID: CWE-681
Typ: Base
Podatności: 138
MITRE CWE ↗
← Słownik CWE
CWE-681 — Nieprawidłowa konwersja między typami numerycznymi | Słownik CWE | CVEbaza.pl