Tag Archives: CWE- 197

CWE-197 – Numeric Truncation Error

Read Time:1 Minute, 11 Second

Description

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Low

 

Related Weaknesses

CWE-681
CWE-681
CWE-681
CWE-195
CWE-196
CWE-192
CWE-194

 

Consequences

Integrity: Modify Memory

The true value of the data is lost and corrupted data is used.

 

Potential Mitigations

Phase: Implementation

Description: 

Ensure that no casts, implicit or explicit, take place that move from a larger size primitive or a smaller size primitive.

CVE References

  • CVE-2009-0231
    • Integer truncation of length value leads to heap-based buffer overflow.
  • CVE-2008-3282
    • Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.