CVE-2025-13654: Buffer Bounds Check Integer Underflow
A bounds check uses a subtraction which can lead to integer underflow. If `$SIZE` is greater than `$LEN`, `$LEN - $SIZE` will wrap around to a large positive value (if unsigned), bypassing the length validation and causing an out-of-bounds read or write. Use addition instead (`$PTR + $SIZE <= $LEN`) or check the size against the remaining offset explicitly (
greprules fetch cve-2025-13654-buffer-bounds-check-integer-underflow --engine opengrepDescription
A bounds check uses a subtraction which can lead to integer underflow. If `$SIZE` is greater than `$LEN`, `$LEN - $SIZE` will wrap around to a large positive value (if unsigned), bypassing the length validation and causing an out-of-bounds read or write. Use addition instead (`$PTR + $SIZE <= $LEN`) or check the size against the remaining offset explicitly (
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.