Read Time:1 Minute, 2 Second
Description
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Modes of Introduction:
– Implementation
Likelihood of Exploit: High
Related Weaknesses
Consequences
Other, Integrity: Unexpected State, Quality Degradation
The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability.
Potential Mitigations
Phase: Implementation
Description:
Avoid making conversion between numeric types. Always check for the allowed ranges.
CVE References
- CVE-2007-4268
- Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)
- CVE-2007-4988
- Chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.
- CVE-2009-0231
- Integer truncation of length value leads to heap-based buffer overflow.
- CVE-2008-3282
- Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.