CWE-680(Integer Overflow to Buffer Overflow)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Memory-Unsafe | Undetermined | — |
| language | C | — | Often | — |
| language | C++ | — | Often | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-8376 | 2026-05-26 | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the… |
| CVE-2026-24928 | 2026-02-06 | Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2026-25541 | 2026-02-04 | Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, i… |
| CVE-2025-53510 | 2025-08-25 | A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made … |
| CVE-2025-52930 | 2025-08-25 | A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap… |
| CVE-2025-52456 | 2025-08-25 | A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be… |
| CVE-2025-46407 | 2025-08-25 | A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be m… |
| CVE-2025-32468 | 2025-08-25 | A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be mad… |
| CVE-2025-20263 | 2025-08-14 | A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated… |
| CVE-2025-54952 | 2025-08-08 | An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effec… |
| CVE-2025-23326 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerab… |
| CVE-2025-54623 | 2025-08-06 | Out-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-53630 | 2025-07-10 | llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability i… |
| CVE-2025-32023 | 2025-07-07 | Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap… |
| CVE-2024-48877 | 2025-06-02 | A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow.… |
| CVE-2025-21442 | 2025-04-07 | Memory corruption while transmitting packet mapping information with invalid header payload size. |
| CVE-2024-58107 | 2025-04-07 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-57956 | 2025-02-06 | Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-56451 | 2025-01-08 | Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-55626 | 2025-01-06 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead t… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Related_Attack_Patterns |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2017-01-19 | CWE Content Team | 2.10 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Observed_Examples, Relationships, Relevant_Properties, Taxonomy_Mappings |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes, Relationships |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Demonstrative_Examples, Observed_Examples |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Affected_Resources, Functional_Areas |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Detection_Factors, References, Time_of_Introduction, Weakness_Ordinalities |