CWE-680: Integer Overflow to Buffer Overflow
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
Last updated
Overview
CWE-680 (Integer Overflow to Buffer Overflow) is a compound-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
100 recorded CVEs are caused by CWE-680 (Integer Overflow to Buffer Overflow). The highest-severity and most recent are shown first. 4 new CWE-680 CVEs have been recorded so far in 2026 (16 in 2025).
- CVE-2026-8376
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Critical · CVSS 9.8 · EPSS 32th2026-05-25 - CVE-2025-54952Critical · CVSS 9.8 · EPSS 44th2025-08-07
- CVE-2024-33078Critical · CVSS 9.8 · EPSS 61th2024-05-01