CVE-2023-29146
8.2 HIGHThe utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed dat...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 8.2 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-190
Description
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2025-66280 — An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-34711 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability (7.5 HIGH)
- CVE-2026-47925 — Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could... (5.5 MEDIUM)
- CVE-2026-47291 — Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network (9.8 CRITICAL)
- CVE-2026-47288 — Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network (7.1 HIGH)