CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...

CVE-2025-68799 caif: fix integer underflow in cffrml_receive()

In the Linux kernel, the following vulnerability has been resolved: caif: fix integer underflow in cffrmlreceive The cffrmlreceive function extracts a length field from the packet header and, when FCS is disabled, subtracts 2 from this length without validating that len = 2. If an attacker sends ...

kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reservesfasize function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write...

CLSA-2022-1669388927 grub2: Fix of 7 CVEs

CVE-2021-3981: Fix default privileges of grub.cfg file - CVE-2022-28736: Fix use-after-free bug when grubcmdchainloader is executed more than once before a boot attempt is performed. - CVE-2021-3695: Drop greyscale support to fix heap out-of-bounds write - CVE-2021-3696: Fix out of range...

kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reservesfasize function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write...

Integer overflow

GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service excessive memory allocation because of an integer underflow in ReadPICTImage in coders/pict.c...

CVE-2016-1925

Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the 1 level0 or 2 level1 header in a lha archive, which triggers a buffer overflow...