CWE-195 – Signed to Unsigned Conversion Error

Read Time:33 Second

Description

The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-681
CWE-681
CWE-681
CWE-119

 

Consequences

Integrity: Unexpected State

Conversion between signed and unsigned values can lead to a variety of errors, but from a security standpoint is most commonly associated with integer overflow and buffer overflow vulnerabilities.

 

Potential Mitigations

CVE References

  • CVE-2007-4268
    • Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)