How severe is CVE-2024-26828?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2024-26828?

This is classified as CWE-191, which is a common weakness in software security.

CVE-2024-26828 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.

Related Vulnerabilities

CVE-2022-30787

MEDIUM

CVSS:6.7(Medium)

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

CWE-1912022

CVE-2024-6285

MEDIUM

CVSS:6.7(Medium)

Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of...

CWE-1912024

CVE-2022-20073

MEDIUM

CVSS:6.6(Medium)

In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no...

CWE-1912022

CVE-2017-14997

MEDIUM

CVSS:6.5(Medium)

GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

CWE-1912017

CVE-2018-4011

MEDIUM

CVSS:6.5(Medium)

An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorr...

CWE-1912018

CVE-2021-24894

MEDIUM

CVSS:6.5(Medium)

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated use...

CWE-1912021