CWE-681 – Incorrect Conversion between Numeric Types

Read Time:1 Minute, 2 Second

Description

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-704
CWE-704
CWE-682

 

Consequences

Other, Integrity: Unexpected State, Quality Degradation

The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability.

 

Potential Mitigations

Phase: Implementation

Description: 

Avoid making conversion between numeric types. Always check for the allowed ranges.

CVE References

  • CVE-2007-4268
    • Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)
  • CVE-2007-4988
    • Chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.
  • CVE-2009-0231
    • Integer truncation of length value leads to heap-based buffer overflow.
  • CVE-2008-3282
    • Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.