CWE · MITRE source
CWE-191Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
This can happen in signed and unsigned cases.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2014-0497 KEV | 9.5 | 9.8 | 0.9316 | 2014-02-05 |
CVE-2021-31956 KEV | 9.0 | 7.8 | 0.9072 | 2021-06-08 |
CVE-2024-38063 | 7.4 | 9.8 | 0.8988 | 2024-08-13 |
CVE-2020-36228 | 5.9 | 7.5 | 0.7349 | 2021-01-26 |
CVE-2020-36221 | 4.9 | 7.5 | 0.5747 | 2021-01-26 |
CVE-2024-11477 | 4.2 | 7.8 | 0.4364 | 2024-11-22 |
CVE-2004-0184 | 3.9 | 0.0 | 0.6531 | 2004-05-04 |
CVE-2023-31102 | 3.9 | 7.8 | 0.3838 | 2023-11-03 |
CVE-2022-0185 KEV | 3.8 | 8.4 | 0.0227 | 2022-02-11 |
CVE-2020-1239 | 3.7 | 8.8 | 0.3298 | 2020-06-09 |
CVE-2021-31178 | 3.6 | 5.5 | 0.4185 | 2021-05-11 |
CVE-2005-0199 | 3.2 | 9.8 | 0.2015 | 2005-05-02 |
CVE-2020-1400 | 3.2 | 7.8 | 0.2666 | 2020-07-14 |
CVE-2023-21527 | 3.2 | 7.5 | 0.2821 | 2023-01-10 |
CVE-2015-5212 | 3.0 | 0.0 | 0.4958 | 2015-11-10 |
CVE-2025-29909 | 2.9 | 9.8 | 0.1595 | 2025-03-17 |
CVE-2023-21684 | 2.7 | 8.8 | 0.1506 | 2023-02-14 |
CVE-2023-21708 | 2.7 | 9.8 | 0.1165 | 2023-03-14 |
CVE-2025-29912 | 2.7 | 9.8 | 0.1298 | 2025-03-17 |
CVE-2009-3301 | 2.6 | 0.0 | 0.4276 | 2010-02-16 |
CVE-2018-20180 | 2.6 | 9.8 | 0.0990 | 2019-03-15 |
CVE-2018-20181 | 2.6 | 9.8 | 0.0990 | 2019-03-15 |
CVE-2020-15900 | 2.6 | 9.8 | 0.1099 | 2020-07-28 |
CVE-2016-10166 | 2.5 | 9.8 | 0.0833 | 2017-03-15 |
CVE-2017-14496 | 2.5 | 7.5 | 0.1688 | 2017-10-03 |