Description
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.
Modes of Introduction:
– Implementation
Likelihood of Exploit: Medium
Related Weaknesses
CWE-682
CWE-682
CWE-20
CWE-119
Consequences
Availability: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
Integrity: Modify Memory
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
Confidentiality, Availability, Access Control: Execute Unauthorized Code or Commands, Bypass Protection Mechanism
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program’s implicit security policy.
Potential Mitigations
Phase: Requirements
Description:
Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.
Phase: Requirements
Description:
Phase: Architecture and Design
Description:
Phase: Implementation
Description:
Phase: Implementation
Description:
Phase: Architecture and Design
Description:
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Phase: Implementation
Description:
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CVE References
- CVE-2018-10887
- Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)
- CVE-2019-1010006
- Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).
- CVE-2010-2753
- Chain: integer overflow leads to use-after-free
- CVE-2005-1513
- Chain: integer overflow in securely-coded mail program leads to buffer overflow. In 2005, this was regarded as unrealistic to exploit, but in 2020, it was rediscovered to be easier to exploit due to evolutions of the technology.
- CVE-2002-0391
- Integer overflow via a large number of arguments.
- CVE-2002-0639
- Integer overflow in OpenSSH as listed in the demonstrative examples.
- CVE-2005-1141
- Image with large width and height leads to integer overflow.
- CVE-2005-0102
- Length value of -1 leads to allocation of 0 bytes and resultant heap overflow.
- CVE-2004-2013
- Length value of -1 leads to allocation of 0 bytes and resultant heap overflow.
- CVE-2017-1000121
- chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).
- CVE-2013-1591
- Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.
More Stories
The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them
Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...
ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows
Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...