Conditions préalables
The target application must have an integer variable for which only some of the possible integer values are expected by the application and where there are no checks on the value of the variable before use.
The attacker must be able to manipulate the targeted integer variable such that normal operations result in non-standard values due to the storage structure of integers.
Ressources nécessaires
None: No specialized resources are required to execute this type of attack.
Faiblesses connexes
CWE-ID |
Nom de la faiblesse |
|
Incorrect Calculation The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. |
Soumission
Nom |
Organisation |
Date |
Date de publication |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Nom |
Organisation |
Date |
Commentaire |
CAPEC Content Team |
The MITRE Corporation |
2017-01-09 +00:00 |
Updated Related_Attack_Patterns |
CAPEC Content Team |
The MITRE Corporation |
2017-08-04 +00:00 |
Updated Resources_Required |