Modes Of Introduction
Implementation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)
Common Consequences
Scope |
Impact |
Likelihood |
Other Integrity | Unexpected State, Quality Degradation
Note: The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability. | |
Observed Examples
Reference |
Description |
CVE-2022-2639 | Chain: integer coercion error (CWE-192) prevents a return value from indicating an error, leading to out-of-bounds write (CWE-787) |
CVE-2021-43537 | Chain: in a web browser, an unsigned 64-bit integer is forcibly cast to a 32-bit integer (CWE-681) and potentially leading to an integer overflow (CWE-190). If an integer overflow occurs, this can cause heap memory corruption (CWE-122) |
CVE-2007-4268 | Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122) |
CVE-2007-4988 | Chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow. |
CVE-2009-0231 | Integer truncation of length value leads to heap-based buffer overflow. |
CVE-2008-3282 | Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated. |
Potential Mitigations
Phases : Implementation
Avoid making conversion between numeric types. Always check for the allowed ranges.
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
References
REF-962
Automated Source Code Security Measure (ASCSM)
Object Management Group (OMG).
http://www.omg.org/spec/ASCSM/1.0/
Submission
Name |
Organization |
Date |
Date Release |
Version |
CWE Community |
|
2008-04-11 +00:00 |
2008-04-11 +00:00 |
Draft 9 |
Modifications
Name |
Organization |
Date |
Comment |
Sean Eidemiller |
Cigital |
2008-07-01 +00:00 |
added/updated demonstrative examples |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Potential_Mitigations, Time_of_Introduction |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2008-11-24 +00:00 |
updated Description, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2009-12-28 +00:00 |
updated Applicable_Platforms, Likelihood_of_Exploit, Potential_Mitigations |
CWE Content Team |
MITRE |
2010-02-16 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2011-03-29 +00:00 |
updated Demonstrative_Examples |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2011-06-27 +00:00 |
updated Common_Consequences, Observed_Examples, Relationships |
CWE Content Team |
MITRE |
2011-09-13 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2014-07-30 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Likelihood_of_Exploit, Observed_Examples, Taxonomy_Mappings, Type |
CWE Content Team |
MITRE |
2019-01-03 +00:00 |
updated References, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2019-06-20 +00:00 |
updated Relationships, Type |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2020-08-20 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2020-12-10 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2021-03-15 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |
CWE Content Team |
MITRE |
2023-10-26 +00:00 |
updated Observed_Examples |
CWE Content Team |
MITRE |
2024-02-29 +00:00 |
updated Observed_Examples |