Tag Archives: Incorrect Bitwise Shift of Integer

CWE-1335 – Incorrect Bitwise Shift of Integer

Read Time:1 Minute, 6 Second

Description

An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-682

 

Consequences

Integrity: DoS: Crash, Exit, or Restart

 

Potential Mitigations

Phase: Implementation

Description: 

Implicitly or explicitly add checks and mitigation for negative or over-shift values.

CVE References

  • CVE-2009-4307
    • An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero.
  • CVE-2012-2100
    • An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero – fix of CVE-2009-4307.
  • CVE-2020-8835
    • An overshift in a kernel a allowed out of bounds reads and writes resulting in a root takeover.
  • CVE-2015-1607
    • Program is not properly handling signed bitwise left-shifts causing an overlapping memcpy memory range error.
  • CVE-2016-9842
    • Compression function improperly executes a signed left shift of a negative integer.
  • CVE-2018-18445
    • Some kernels improperly handle right shifts of 32 bit numbers in a 64 bit register.
  • CVE-2013-4206
    • Putty has an incorrectly sized shift value resulting in an overshift.
  • CVE-2018-20788
    • LED driver overshifts under certain conditions resulting in a DoS.