Description

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Modes of Introduction:

– Implementation

Likelihood of Exploit: High

Related Weaknesses

CWE-704
CWE-704
CWE-682

Consequences

Other, Integrity: Unexpected State, Quality Degradation

The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability.

Potential Mitigations

Phase: Implementation

Description: 

Avoid making conversion between numeric types. Always check for the allowed ranges.

CVE References

• CVE-2007-4268
  • Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)

• CVE-2007-4988
  • Chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.

• CVE-2009-0231
  • Integer truncation of length value leads to heap-based buffer overflow.

• CVE-2008-3282
  • Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.