CWE-680 105 個 CVE MITRE 定義 ↗

CWE-680:Integer Overflow to Buffer Overflow

概覽

CWE-680(Integer Overflow to Buffer Overflow)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

適用平台

類型 名稱 普遍性 OS / CPE
language Memory-Unsafe Undetermined
language C Often
language C++ Often

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-55200 2026-06-17 libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can s…
CVE-2026-8376 2026-05-25 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the…
CVE-2026-24928 2026-02-06 Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-25541 2026-02-04 Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, i…
CVE-2025-53510 2025-08-25 A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made …
CVE-2025-52930 2025-08-25 A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap…
CVE-2025-52456 2025-08-25 A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be…
CVE-2025-46407 2025-08-25 A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be m…
CVE-2025-32468 2025-08-25 A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be mad…
CVE-2025-20263 2025-08-14 A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated…
CVE-2025-54952 2025-08-07 An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effec…
CVE-2025-23326 2025-08-06 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerab…
CVE-2025-54623 2025-08-05 Out-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-53630 2025-07-10 llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability i…
CVE-2025-32023 2025-07-07 Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap…
CVE-2024-48877 2025-06-02 A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow.…
CVE-2025-21442 2025-04-07 Memory corruption while transmitting packet mapping information with invalid header payload size.
CVE-2024-58107 2025-04-07 Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-57956 2025-02-06 Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-56451 2025-01-07 Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2008-04-11
版本
Draft 9

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships
2009-03-10 CWE Content Team 1.3 updated Related_Attack_Patterns
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Observed_Examples, Relationships, Relevant_Properties, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Relationships
2024-02-29 CWE Content Team 4.14 updated Demonstrative_Examples, Observed_Examples
2025-09-09 CWE Content Team 4.18 updated Affected_Resources, Functional_Areas
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Detection_Factors, References, Time_of_Introduction, Weakness_Ordinalities
cvelogic Threat Intelligence