integer overflow

A newly disclosed vulnerability in the Windows Distributed Transaction Coordinator (MSDTC) — tracked as CVE-2025-50166 — stems from an integer overflow or wraparound in the MSDTC code path and can allow an authorized attacker to disclose memory-resident information over a network connection...

Chromium’s evolution has been marked by its robust security model, open-source transparency, and its integration into numerous modern browsers—including Google Chrome and Microsoft Edge. With each major update, security professionals and the wider community scrutinize the codebase, searching for...

In recent years, vulnerabilities affecting virtualization technology have posed increasingly significant risks for both enterprises and everyday users. Among the latest of these threats is CVE-2025-49683, a critical remote code execution vulnerability targeting Microsoft’s Virtual Hard Disk...

Here’s a summary of CVE-2025-48002 based on the information you provided: CVE ID: CVE-2025-48002 Component: Windows Hyper-V Type: Information Disclosure Vulnerability Technical Cause: Integer overflow or wraparound Attack Vector: Allows an authorized attacker to disclose information over an...

When looking at the latest wave of security disclosures, CVE-2025-32718 stands out due to its impact on the Windows SMB client—a service backbone critical for file and printer sharing in countless enterprise and consumer settings. This newly revealed elevation of privilege vulnerability, rooted...

The Windows USB Print Driver vulnerability, designated CVE-2025-26639, has captured the attention of security professionals across the community. This integer overflow—or more precisely, a wraparound vulnerability—in the USB print driver can be leveraged by an authorized attacker to elevate...

In a recent advisory, a critical vulnerability (CVE-2025-24985) has been identified in the Windows Fast FAT File System Driver. The flaw, triggered by an integer overflow or wraparound condition, could enable an attacker to execute code by exploiting the vulnerable driver. Although the...

Original release date: August 17, 2021 Summary On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a Link Removed vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting...

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of...

Revision Note: V2.0 (July 13, 2010): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue...

Revision Note: V2.0 (July 13, 2010): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue, including...

Revision Note: V2.0 (July 13, 2010): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue, including...

Revision Note: V1.0 (May 18, 2010): Advisory published. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue, including download links for an available security...