CVE-2026-23456

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...

OSV-2026-2 Heap-buffer-overflow in cmt_mpack_consume_uint_tag

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472785094 Crash type: Heap-buffer-overflow WRITE 8 Crash state: cmtmpackconsumeuinttag cmtmpackunpackarray cmtmpackunpackmap...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2024-42131)

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGESIZE units fit into 32-bit so that various multiplications fit into 64-bits. If limits end up bein...

CVE-2023-31921

Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the ecmabiguintdivmod at jerry-core/ecma/operations/ecma-big-uint.c...

Cross-Chain Token Cap Disparity

Lines of code Vulnerability details Impact Potential loss of token value when minted values exceed the uint capacity of target chains, leading to incorrect token representation and financial discrepancies. Proof of Concept This function mints tokens or at least a representation of other chain...

JerryScript 安全漏洞

JerryScript is a lightweight JavaScript engine Jerryscript project . A denial of service vulnerability exists in the JerryScript ecmabiguintdivmod function, which can be exploited by an attacker to cause a denial of service...

Upgraded Q -> 3 from #222 [1683017474019]

Judge has assessed an item in Issue 222 as 3 risk. The relevant finding follows: L-02 Downcasting uint or int may result in overflow Consider using OpenZeppelin's SafeCast library to prevent unexpected overflows. Instances: 2 File: src/PrivatePool.sol 231: virtualNftReserves -= uint128weightSum;...

Uint underflow issue

Lines of code Vulnerability details Impact Potential underflow if shares is greater than totalSupply Proof of Concept Tools Used Manual review Recommended Mitigation Steps Before the following line, check if totalSupply is greater or equal to shares --- The text was updated successfully, but thes...

Type Error

Lines of code Vulnerability details Impact Type Error Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Foundry - Forge Recommended Mitigation Steps Consider changing uint to int and ...

StakerVault.unstake(), StakerVault.unstakeFor() would revert with a uint underflow error of StakerVault.strategiesTotalStaked, StakerVault._poolTotalStaked.

Lines of code Vulnerability details Impact StakerVault.unstake, StakerVault.unstakeFor would revert with a uint underflow error of StakerVault.strategiesTotalStaked, StakerVault.poolTotalStaked. Proof of Concept Currently it saves totalStaked for strategies and non-strategies separately. uint...

CVE-2021-43083

Affected software : Apache PLC4X – PLC4C (C language implementation). Issue : unsigned integer underflow vulnerability in the TCP transport. Root cause : underflow within the C implementation when handling crafted responses from a malicious device. Impact and scope : requires an attacker to activ...

Swftools 代码问题漏洞

SWFTools is a suite of open source software tools for creating and manipulating SWF files. a null pointer dereference vulnerability exists in the poollookupuint function in SWFTools pool.c. An attacker could exploit this vulnerability to cause a denial of service...

uint(-1) index for not found

Handle paulius.eth Vulnerability details Impact functions getTokenConfigBySymbolHash, getTokenConfigByCToken and getTokenConfigByUnderlying check returned index against max uint: index != uint-1 -1 should indicate that the index is not found, however, a default value for an uninitialized uint is ...

RUSTSEC-2020-0025 bigint is unmaintained, use uint instead

The bigint crate is not maintained any more and contains several known bugs including a soundness bug; use uint instead...

bigint is unmaintained, use uint instead

The bigint crate is not maintained any more and contains several known bugs including a soundness bug; use uint instead...

SUSE-SU-2019:0019-1 Security update for polkit

This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAXUINT bsc1118277...

Significant Flash exploit mitigations are live in v18.0.0.209

Posted by Mark Brand and Chris Evans, isolators of heaps Whilst Project Zero has gained a reputation for vulnerability and exploitation research, that's not all that we do. One of the main reasons we perform this research is to provide data to defenders; and one of the things that defenders can d...

Taming the wild copy: Parallel Thread Corruption

Posted by Chris Evans, Winner of the occasional race Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy call with a negative length with the destination on the stack. Of...

cve-2 0 1 4-0 5 6 9 exploit analysis-exploit warning-the black bar safety net

0×0 0 Description From the CVE vulnerability description: ! enter image description here Test environment: Win7 SP1 + Flash ActiveX 15.0.0.167 0×0 1 exploit analysis Description about the vulnerabilities of the key code, first look at the heap spray memory layout: ! enter image description here...

win32/xp sp3 - Full ROP calc shellcode

/ Shellcode: Windows XP PRO SP3 - Full ROP calc shellcode Author: b33f http://www.fuzzysecurity.com/ Notes: This is probably not the most efficient way but I gave the dll's a run for their money ; Greets: Donato, Jahmel OS-DLL's used: Base | Top | Size | Version Important! ||| 0x7c800000 |...