{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/integer-underflow/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7736"}],"_cs_exploited":false,"_cs_products":["GoBGP (\u003c= 4.3.0)"],"_cs_severities":["medium"],"_cs_tags":["cve","vulnerability","integer underflow","bgp"],"_cs_type":"advisory","_cs_vendors":["osrg"],"content_html":"\u003cp\u003eA vulnerability exists in osrg GoBGP, specifically in versions up to 4.3.0. The flaw is located within the \u003ccode\u003eparseRibEntry\u003c/code\u003e function of the \u003ccode\u003epkg/packet/mrt/mrt.go\u003c/code\u003e file. This integer underflow vulnerability, identified as CVE-2026-7736, can be triggered remotely by an attacker who sends malicious or unexpected data to the affected function. Successful exploitation could lead to a denial-of-service condition or other unspecified consequences. Users are advised to upgrade to version 4.4.0, which contains the patch identified as 76d911046344a3923cbe573364197aa081944592, to mitigate the risk. The vulnerability poses a risk to network infrastructure relying on the BGP protocol, potentially impacting routing stability and availability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable GoBGP instance running a version prior to 4.4.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious MRT (Multi-Threaded Routing Toolkit) message.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted MRT message to the vulnerable GoBGP instance. This is typically done over a TCP connection to the BGP port (179).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eparseRibEntry\u003c/code\u003e function processes the malicious MRT message.\u003c/li\u003e\n\u003cli\u003eDue to the integer underflow vulnerability, the \u003ccode\u003eparseRibEntry\u003c/code\u003e function calculates an incorrect value.\u003c/li\u003e\n\u003cli\u003eThis incorrect value leads to unexpected behavior such as a crash or resource exhaustion.\u003c/li\u003e\n\u003cli\u003eThe GoBGP process becomes unstable or terminates.\u003c/li\u003e\n\u003cli\u003eThis disrupts BGP routing, potentially leading to a denial-of-service condition for network services that rely on BGP.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow a remote attacker to disrupt BGP routing, leading to a denial-of-service condition. The precise impact will depend on the specific network configuration and the role of the affected GoBGP instance. Systems relying on the BGP protocol for routing information could experience connectivity issues or routing instability. While the number of affected deployments is unknown, any organization utilizing GoBGP in their network infrastructure is potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to GoBGP version 4.4.0 or later to remediate the integer underflow vulnerability described in CVE-2026-7736.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unexpected MRT messages being sent to GoBGP instances using the Sigma rule provided below.\u003c/li\u003e\n\u003cli\u003eReview and harden BGP configurations to limit exposure and potential attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T07:16:01Z","date_published":"2026-05-04T07:16:01Z","id":"/briefs/2026-05-gobgp-integer-underflow/","summary":"osrg GoBGP up to version 4.3.0 is vulnerable to an integer underflow in the parseRibEntry function, potentially allowing a remote attacker to cause a denial of service or other unspecified impacts; version 4.4.0 addresses this issue.","title":"osrg GoBGP Integer Underflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-gobgp-integer-underflow/"},{"_cs_actors":[],"_cs_cves":[{"cvss":6.5,"id":"CVE-2026-5778"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["integer-underflow","memory-corruption","cve"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-5778 is a critical security vulnerability affecting an unspecified Microsoft product. This vulnerability stems from an integer underflow within the ChaCha decryption process. While the specific product affected is not detailed in the initial advisory, the vulnerability\u0026rsquo;s nature suggests a potential impact on any Microsoft software utilizing ChaCha for encryption or decryption purposes. Successful exploitation of this vulnerability could lead to out-of-bounds memory access, potentially allowing attackers to execute arbitrary code or cause a denial-of-service condition. This vulnerability highlights the importance of secure coding practices and rigorous testing in cryptographic implementations. Defenders should monitor for updates and apply patches as soon as they become available.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious input designed to trigger the ChaCha decryption routine within the vulnerable Microsoft product.\u003c/li\u003e\n\u003cli\u003eThe malicious input exploits a weakness in the bounds checking logic related to the ChaCha algorithm.\u003c/li\u003e\n\u003cli\u003eDuring the decryption process, a specially crafted integer value underflows.\u003c/li\u003e\n\u003cli\u003eThis integer underflow results in an incorrect memory address calculation.\u003c/li\u003e\n\u003cli\u003eThe incorrect memory address calculation leads to an out-of-bounds memory access.\u003c/li\u003e\n\u003cli\u003eThe out-of-bounds access allows the attacker to read sensitive data or overwrite memory locations.\u003c/li\u003e\n\u003cli\u003eBy overwriting critical memory locations, the attacker can potentially inject and execute arbitrary code.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5778 can have severe consequences, including arbitrary code execution and denial of service. The impact will vary depending on the affected product and the specific context of the vulnerability. If exploited, this vulnerability could allow an attacker to gain complete control of a system or disrupt its availability, leading to significant data loss, system compromise, and reputational damage. The lack of specific victim and sector information makes assessing the scope difficult, but all organizations using Microsoft products should consider this a high-priority vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor Microsoft\u0026rsquo;s security update guide for specific product advisories related to CVE-2026-5778 and apply patches immediately upon release.\u003c/li\u003e\n\u003cli\u003eImplement runtime memory protection mechanisms to detect and prevent out-of-bounds memory access attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule below to detect suspicious processes that may be exploiting this vulnerability via memory access patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T08:43:55Z","date_published":"2026-04-30T08:43:55Z","id":"/briefs/2024-01-chacha-integer-underflow/","summary":"CVE-2026-5778 is an integer underflow vulnerability in the ChaCha decrypt path of an unspecified Microsoft product, leading to an out-of-bounds access issue.","title":"CVE-2026-5778 Integer Underflow in ChaCha Decryption Leads to Out-of-Bounds Access","url":"https://feed.craftedsignal.io/briefs/2024-01-chacha-integer-underflow/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["denial-of-service","integer-underflow","strongSwan","CVE-2026-25075"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe strongSwan VPN suite is susceptible to an integer underflow vulnerability (CVE-2026-25075) affecting versions 4.5.0 up to 6.0.4. This flaw resides within the EAP-TTLS AVP (Attribute Value Pair) parser. A remote, unauthenticated attacker can exploit this vulnerability by sending specifically crafted AVP data during the IKEv2 (Internet Key Exchange version 2) authentication process. Successful exploitation leads to a denial-of-service condition due to excessive memory allocation or a NULL…\u003c/p\u003e\n","date_modified":"2026-03-24T12:00:00Z","date_published":"2026-03-24T12:00:00Z","id":"/briefs/2026-03-strongswan-dos/","summary":"An integer underflow vulnerability in strongSwan's EAP-TTLS AVP parser allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication, leading to excessive memory allocation or a NULL pointer dereference.","title":"strongSwan EAP-TTLS AVP Integer Underflow Vulnerability (CVE-2026-25075)","url":"https://feed.craftedsignal.io/briefs/2026-03-strongswan-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Integer Underflow","version":"https://jsonfeed.org/version/1.1"}