https://feed.craftedsignal.io/tags/integer-underflow/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 04 May 2026 07:16:01 +0000https://feed.craftedsignal.io/briefs/2026-05-gobgp-integer-underflow/Mon, 04 May 2026 07:16:01 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-gobgp-integer-underflow/osrg GoBGP up to version 4.3.0 is vulnerable to an integer underflow in the parseRibEntry function, potentially allowing a remote attacker to cause a denial of service or other unspecified impacts; version 4.4.0 addresses this issue.A vulnerability exists in osrg GoBGP, specifically in versions up to 4.3.0. The flaw is located within the parseRibEntry function of the pkg/packet/mrt/mrt.go file. This integer underflow vulnerability, identified as CVE-2026-7736, can be triggered remotely by an attacker who sends malicious or unexpected data to the affected function. Successful exploitation could lead to a denial-of-service condition or other unspecified consequences. Users are advised to upgrade to version 4.4.0, which contains the patch identified as 76d911046344a3923cbe573364197aa081944592, to mitigate the risk. The vulnerability poses a risk to network infrastructure relying on the BGP protocol, potentially impacting routing stability and availability.

Attack Chain

1. An attacker identifies a vulnerable GoBGP instance running a version prior to 4.4.0.
2. The attacker crafts a malicious MRT (Multi-Threaded Routing Toolkit) message.
3. The attacker sends the crafted MRT message to the vulnerable GoBGP instance. This is typically done over a TCP connection to the BGP port (179).
4. The parseRibEntry function processes the malicious MRT message.
5. Due to the integer underflow vulnerability, the parseRibEntry function calculates an incorrect value.
6. This incorrect value leads to unexpected behavior such as a crash or resource exhaustion.
7. The GoBGP process becomes unstable or terminates.
8. This disrupts BGP routing, potentially leading to a denial-of-service condition for network services that rely on BGP.

Impact

Successful exploitation of this vulnerability could allow a remote attacker to disrupt BGP routing, leading to a denial-of-service condition. The precise impact will depend on the specific network configuration and the role of the affected GoBGP instance. Systems relying on the BGP protocol for routing information could experience connectivity issues or routing instability. While the number of affected deployments is unknown, any organization utilizing GoBGP in their network infrastructure is potentially at risk.

Recommendation

• Upgrade to GoBGP version 4.4.0 or later to remediate the integer underflow vulnerability described in CVE-2026-7736.
• Monitor network traffic for unexpected MRT messages being sent to GoBGP instances using the Sigma rule provided below.
• Review and harden BGP configurations to limit exposure and potential attack surface.

]]>mediumadvisorycvevulnerabilityinteger underflowbgphttps://feed.craftedsignal.io/briefs/2024-01-chacha-integer-underflow/Thu, 30 Apr 2026 08:43:55 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-chacha-integer-underflow/CVE-2026-5778 is an integer underflow vulnerability in the ChaCha decrypt path of an unspecified Microsoft product, leading to an out-of-bounds access issue.CVE-2026-5778 is a critical security vulnerability affecting an unspecified Microsoft product. This vulnerability stems from an integer underflow within the ChaCha decryption process. While the specific product affected is not detailed in the initial advisory, the vulnerability’s nature suggests a potential impact on any Microsoft software utilizing ChaCha for encryption or decryption purposes. Successful exploitation of this vulnerability could lead to out-of-bounds memory access, potentially allowing attackers to execute arbitrary code or cause a denial-of-service condition. This vulnerability highlights the importance of secure coding practices and rigorous testing in cryptographic implementations. Defenders should monitor for updates and apply patches as soon as they become available.

Attack Chain

1. An attacker crafts a malicious input designed to trigger the ChaCha decryption routine within the vulnerable Microsoft product.
2. The malicious input exploits a weakness in the bounds checking logic related to the ChaCha algorithm.
3. During the decryption process, a specially crafted integer value underflows.
4. This integer underflow results in an incorrect memory address calculation.
5. The incorrect memory address calculation leads to an out-of-bounds memory access.
6. The out-of-bounds access allows the attacker to read sensitive data or overwrite memory locations.
7. By overwriting critical memory locations, the attacker can potentially inject and execute arbitrary code.

Impact

Successful exploitation of CVE-2026-5778 can have severe consequences, including arbitrary code execution and denial of service. The impact will vary depending on the affected product and the specific context of the vulnerability. If exploited, this vulnerability could allow an attacker to gain complete control of a system or disrupt its availability, leading to significant data loss, system compromise, and reputational damage. The lack of specific victim and sector information makes assessing the scope difficult, but all organizations using Microsoft products should consider this a high-priority vulnerability.

Recommendation

• Monitor Microsoft’s security update guide for specific product advisories related to CVE-2026-5778 and apply patches immediately upon release.
• Implement runtime memory protection mechanisms to detect and prevent out-of-bounds memory access attempts.
• Deploy the Sigma rule below to detect suspicious processes that may be exploiting this vulnerability via memory access patterns.

]]>highadvisoryinteger-underflowmemory-corruptioncvehttps://feed.craftedsignal.io/briefs/2026-03-strongswan-dos/Tue, 24 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-strongswan-dos/An integer underflow vulnerability in strongSwan's EAP-TTLS AVP parser allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication, leading to excessive memory allocation or a NULL pointer dereference.<p>The strongSwan VPN suite is susceptible to an integer underflow vulnerability (CVE-2026-25075) affecting versions 4.5.0 up to 6.0.4. This flaw resides within the EAP-TTLS AVP (Attribute Value Pair) parser. A remote, unauthenticated attacker can exploit this vulnerability by sending specifically crafted AVP data during the IKEv2 (Internet Key Exchange version 2) authentication process. Successful exploitation leads to a denial-of-service condition due to excessive memory allocation or a NULL…</p> highadvisorydenial-of-serviceinteger-underflowstrongSwanCVE-2026-25075